Values for content-security-policy: upgrade-insecure-requests 21,097 frame-ancestors 'self' 10,742 upgrade-insecure-requests; 7,218 frame-ancestors 'self'; 5,332 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 5,193 block-all-mixed-content 2,147 frame-ancestors 'none' 1,521 block-all-mixed-content; 1,417 frame-ancestors 'none'; 912 object-src 'none' 659 default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 552 frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 442 frame-ancestors 'self' mitiendanube.com *.mitiendanube.com lojavirtualnuvem.com.br *.lojavirtualnuvem.com.br mitiendanube.com.ar *.mitiendanube.com.ar mitiendanube.com.mx *.mitiendanube.com.mx mitiendanube.com.co *.mitiendanube.com.co mitiendanube.cl *.mitiendanube.cl; upgrade-insecure-requests 435 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 414 412 frame-ancestors 'self' godaddy.com *.godaddy.com 336 report-uri /report-csp-violation 321 default-src https: data: 'unsafe-inline' 'unsafe-eval' 300 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 271 upgrade-insecure-requests;frame-ancestors 'none';object-src 'none' 261 upgrade-insecure-requests; block-all-mixed-content 247 frame-ancestors * 236 require-trusted-types-for 'script' 198 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 184 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; 184 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 183 frame-ancestors 'self' ; 176 default-src 'self'; style-src 'unsafe-inline'; object-src 'none' 175 frame-ancestors 'self' http://webvisor.com 173 default-src * data: 'unsafe-eval' 'unsafe-inline' 167 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 167 upgrade-insecure-requests;object-src 'none' 166 script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 161 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 144 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.360playvid.info *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.adfor.io *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnow.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adpushup.com *.ads7-adnow.com *.adsafescan.com *.adsby.io *.adsmx.online *.adsturk.com *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.adtrafficquality.google *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.anura.io *.api-sports.io *.app.adjust.com *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cdn.jsdelivr.net *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dable.io *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.ep2.adtrafficquality.google *.ercdn.net *.erstream.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.flowplayer.com *.foremedia.net *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gtranslate.net *.gumgum.com *.hhkld.com *.ibillboard.com *.id5-sync.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jewelbetting.co *.jewelbetting.net *.jquery.com *.jsdelivr.net *.jwpcdn.com *.karakasbezcanta.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.nnowa.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.paytr.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.player.viads.com *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.radyotelekomtv.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twimg.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unpkg.com *.unrulymedia.com *.us.com *.vdo.ai *.viads.com *.viads.net *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.visitchange.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com *.zencdn.net 360playvid.info ad-plus.com.tr adfor.io ads.vidoomy.com adsby.io adsmx.online adsturk.com analytics.ahrefs.com anura.io api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.adhouse.pro cdn.adpushup.com cdn.adsafescan.com cdn.ampproject.org cdn.doubleverify.com cdn.flowplayer.com cdn.id5-sync.com cdn.jsdelivr.net cdn.proadscdn.com cdn.ravenjs.com cdn2.bildirt.com dable.io dsp-media.eskimi.com ep2.adtrafficquality.google erpm-js.erstream.com euw2-a.amxrtb.com gdetr.hit.gemius.pl google.com googlesyndication.com gtranslate.net hhkld.com id5-sync.com instagram.com invstatic101.creativecdn.com js.globalsun.io jsc.idealmedia.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr mc.yandex.com myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com paytr.com pcode.yads.tech pghub.io platform-api.sharethis.com platform.foremedia.net player.im player.viads.com pool-eu.creative-serving.com preply.com proadscdn.com protagcdn.com radyotelekom.com.tr radyotelekomtv.com run.admost.com say.ac script.4dex.io securepubads.g.doubleclick.net sp.ad-plus.com.tr st-n.nnowa.com static-maps.yandex.ru static.cdn.pixad.com.tr static.cloudflareinsights.com tags.crwdcntrl.net testerparfum.com trgde.adocean.pl tv5-live.ercdn.net twimg.com unpkg.com vdo.ai viads.net videojs.com visitchange.com vjs.zencdn.net yandex.ru yastatic.net; 143 upgrade-insecure-requests; frame-ancestors 'self' 141 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 138 frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 136 report-uri /report-csp-violation; upgrade-insecure-requests 133 frame-ancestors self 129 frame-ancestors 'self' https://app.grovecms.org/ 124 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.seals.dlagglobal.com *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 122 self 121 frame-ancestors 'self' https://*.substack.com https://substack.com 115 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 114 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content; 109 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 106 frame-ancestors 'self' ; upgrade-insecure-requests; 105 default-src 'none' 101 frame-ancestors 'self' https://app.contentful.com 98 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 98 frame-ancestors 'self' www.wirtgen-group.com forms.wirtgen-group.com; 97 frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 96 upgrade-insecure-requests;connect-src * 88 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 85 ; report-uri https://admin.blog.fc2.com/csp-reports; report-to blog-front-csp-endpoint 84 frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 83 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 81 default-src 'self' http: https: data: blob: 'unsafe-inline' 77 frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp *.dev-lsapps.oracle.com https://oraclesso.sharepoint.com https://oracle.sharepoint.com https://partners.oracle.com https://partners-stage.oracle.com https://partners-test.oracle.com https://partners-sit.oracle.com https://partners-dev.oracle.com 74 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 70 upgrade-insecure-requests; frame-ancestors 'self'; 69 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 67 frame-ancestors 'self'; upgrade-insecure-requests 65 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 63 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 63 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 60 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 60 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 60 frame-ancestors *; 59 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 59 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 56 frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 54 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 53 frame-ancestors 'self' https://cms.scrippsdigital.com 51 frame-ancestors 'self' https://*.akifast.com akifast.com 51 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com 51 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 50 default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 50 img-src https: data:; upgrade-insecure-requests 50 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to 50 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 48 base-uri 'self' 48 default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 47 frame-ancestors https://web.telegram.org 47 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 47 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 47 default-src 'self' 46 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 46 script-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' * https://cdn.us.heap-api.com https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; style-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://heapanalytics.com; font-src 'self' * https://c.us.heap-api.com https://heapanalytics.com data:; 46 upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 45 block-all-mixed-content; upgrade-insecure-requests; 44 default-src 'self'; 43 default-src 'self' 'unsafe-inline' 43 frame-ancestors 'self' *; 43 frame-ancestors 'self'; report-uri /report-csp-violation 41 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 41 default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src 'none'; 41 frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce 41 base-uri 'self';default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 40 frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 40 upgrade-insecure-requests; block-all-mixed-content; 39 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 39 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri https://csp.yahoo.com/beacon/csp?src=redirect 38 frame-ancestors 'self'; upgrade-insecure-requests; 38 default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; 38 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 38 base-uri 'self'; 38 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 38 frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news®ion=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 37 default-src 'self' *.smartsites.parentsquare.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.smartsites.parentsquare.com; style-src 'self' https: 'unsafe-inline' *.smartsites.parentsquare.com; img-src 'self' data: https:; font-src 'self' https:; frame-src https:; connect-src 'self' https: wss://localhost:*; worker-src 'self' blob:; object-src 'self' *.smartsites.parentsquare.com; base-uri 'self'; form-action 'self' https:; report-uri /csp-reports.php; report-to csp-endpoint; 37 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 37 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 37 frame-ancestors 'self' https://app.storyblok.com 36 object-src 'none'; 36 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 35 frame-ancestors 'self' https://www.fortinet.com 35 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 35 child-src * blob: 35 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 34 default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 34 object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; 34 default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 33 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 32 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 32 default-src 'self';style-src 'self' 'unsafe-inline' *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com fonts.googleapis.com *.googleapis.com cdnjs.cloudflare.com;img-src 'self' data: *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk consent.trustarc.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com immage.monks.tools *.googleapis.com *.google.com *.googleusercontent.com www.digitalassets.starbucks.eu *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com;media-src 'self' *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk;font-src 'self' fonts.gstatic.com *.gstatic.com *.trustarc.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com aswpsdkus.com aswpsdkeu.com try.access.worldpay.com maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com;frame-src 'self' www.youtube-nocookie.com *.youtube.com starbucksjobs.de *.accdab.net consent-pref.trustarc.com *.google.com *.googletagmanager.com try.access.worldpay.com secure-test.worldpay.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onecupbigchange.com *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk gateway.switch.tj *.worldpay.com *.trustarc.com youtu.be;frame-ancestors 'self' *.onecupbigchange.com *.starbucks.com cms.starbucks.qa cms.starbucks.com.bh cms.starbucks.pl cms.starbucks.bg cms.starbucks.hu cms.starbucks.mt cms.starbucksslovakia.sk cms.starbucks.nl cms.starbucks.be cms.starbucks.sa cms.starbucks.com.kw cms.starbucks.no cms.starbucks.de cms.starbucks.fr cms.starbucks.ro cms.starbucks.co.uk cms.starbucks.ae cms.starbucks.ie cms.starbucks.rs cms.starbucks.at cms.starbucks.ch cms.starbucks.com.om cms.starbucks.co.ma cms.starbucks.cz cms.starbucks.co.za;connect-src 'self' i.ytimg.com js-agent.newrelic.com *.trustarc.com aswpsdkus.com aswpsdkeu.com *.cdn-net.com *.accdab.net six.cdn-net.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net google.com *.google.com aswpapius.com aswpapieu.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.worldpay.com bam.nr-data.net report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com maps.googleapis.com *.youtube.com;object-src 'none';base-uri 'none'; 32 frame-ancestors 32 frame-ancestors 'self' devcue.diks.fi cue.media.fi cue.test.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:*; 32 frame-ancestors 'self'; object-src 'self' 32 frame-ancestors 'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.nl:* https://*.espn.com:* https://*.espnqa.nl:* *.espnqa.com:* 31 object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 31 frame-ancestors 'self' https://*.hygraph.com 31 default-src https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob:; worker-src 'self' https: blob:; frame-ancestors 'self' *.sitewrench.com *.speakcreative.com 31 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 30 frame-ancestors 'self' www.bookends.info *.bookends.info 30 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 30 default-src 'self'; script-src 'self' 'unsafe-inline' 30 default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es *.optickssecurity.com *.opticksstatic.com *.opticksprotection.com opticksprotection.com assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com *.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net *.bookingkit.com *.paypalobjects.com *.trackingplan.com *.leadinfo.net *.moin.ai *.talkjs.com *.accdab.net staging.cdn-net.com six.cdn-net.com www.cdn-net.com demo.fareharbor.com fareharbor.com *.piwik.pro *.instagram.com *.equalweb.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 30 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 30 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com events.staging.webnode.com events.testing.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com bat.bing.net analytics.ahrefs.com/analytics.js connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp ct.pinterest.com cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net https://eu.acsbapp.com/apps/app/dist/js/app.js https://eu.acsbapp.com/apps/app/dist/js/ https://accesswidget-log-receiver.acsbapp.com/ https://eu-cdn.acsbapp.com/config/;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com bat.bing.net q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 29 frame-ancestors 'self' http://webvisor.org http://*.webvisor.org http://webvisor.com http://*.webvisor.com 29 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 29 frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce; 29 block-all-mixed-content; frame-ancestors 'self' 29 frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camjunky.com *.camjunky.com camrub.com *.camrub.com camutik.com *.camutik.com chatass.com *.chatass.com chatfree24.com *.chatfree24.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com jerkmate.com *.jerkmate.com kinkyspa.com *.kinkyspa.com kwikylive.com *.kwikylive.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx nyloncams.com *.nyloncams.com onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 29 default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.awin1.com web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com *.redditstatic.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.taboola.com *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com *.adsrvr.org zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon api-app-backend-pda-t.azurewebsites.net api-app-backend-pda-q.azurewebsites.net api-app-backend-pda-r.azurewebsites.net web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net *.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net data: *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.phrase.com *.phraseapp.com *.pinterest.com *.qualtrics.com *.reddit.com *.redditstatic.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.taboola.com *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud *.blob.core.windows.net s.yimg.com *.youtube-nocookie.com wss://*.iadvize.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.1rx.io *.360yield.com *.3lift.com *.addthis.com *.adform.net *.adingo.jp *.admixer.co.kr *.adnxs.com *.adscale.de *.adsrvr.org *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.amazon-adsystem.com *.ants.vn *.appcelerate.ai *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bing.net *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.foxbase.de *.fullstory.com *.fwnm.net *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.iadvize.com *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.reddit.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com trk.beintoo.net *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.iadvize.com *.onetrust.com *.trbo.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com *.iadvize.com assets.oney.io cdn.parcellab.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.fullstory.com *.google.com *.googletagmanager.com *.guuru.com *.iadvize.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com static.stihl.com *.stihl.at *.stihl.be *.stihl.bg *.stihl.ca *.stihl.ch *.dam.stihl.cloud *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.de *.stihl.dk *.stihl.es *.stihl.fi *.stihl.fr *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.lu *.stihl.nc *.stihl.nl *.stihl.no *.stihl.pe *.stihl.pl *.stihl.pt *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-dns.net *.stihl-importer.ie *.stihl-timbersports.com *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com login.microsoftonline.com support-dev.microsoftcrmportals.com graph.microsoft.com; child-src 'self' blob: *.guuru.com 29 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 29 base-uri 'self'; frame-ancestors 'self' 28 frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 28 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 28 frame-ancestors 'self' *.google.com *.googleusercontent.com 27 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 27 script-src * 'unsafe-inline' 'unsafe-eval' 27 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 27 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 27 default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 27 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 27 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 27 default-src 'self' *.gov.bd *.portal.gov.bd *.googleapis.com fonts.googleapis.com *.jquery.com *.bootstrapcdn.com *.googletagmanager.com *.google.com *.gstatic.com *.youtube.com *.facebook.com cdnjs.cloudflare.com;script-src 'self' *.gov.bd *.portal.gov.bd *.googleapis.com fonts.googleapis.com *.jquery.com *.bootstrapcdn.com *.googletagmanager.com *.google.com *.facebook.com cdn.datatables.net *.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *.gov.bd *.portal.gov.bd *.google.com *.googleapis.com cdn.datatables.net *.facebook.com cdnjs.cloudflare.com getbootstrap.com https://getbootstrap.com http://getbootstrap.com netdna.bootstrapcdn.com;img-src 'self' *.gov.bd *.google.com *.portal.gov.bd *.facebook.com *.youtube.com data:;font-src 'self' *.gov.bd *.portal.gov.bd *.google.com netdna.bootstrapcdn.com *.gstatic.com cdnjs.cloudflare.com;connect-src 'self' *.gov.bd *.portal.gov.bd smartjob.portal.gov.bd *.google.com *.facebook.com;frame-src 'self' *.gov.bd *.google.com *.youtube.com *.portal.gov.bd *.facebook.com;object-src 'none'; 26 frame-ancestors 'self' https://testbaba.virtualcms.it 26 default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 26 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 26 frame-ancestors none 25 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 25 * 25 img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 25 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 25 frame-ancestors 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 25 frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud; 24 frame-ancestors 'none'; upgrade-insecure-requests 24 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 24 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 24 frame-ancestors 'self'; object-src 'none' 24 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 24 upgrade-insecure-requests; base-uri 'none'; 24 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 24 default-src 'self' blob: cdn.moengage.com app-cdn.moengage.com sdk-01.moengage.com sdk-02.moengage.com sdk-03.moengage.com sdk-04.moengage.com wss://umd.userlike.com/ www.connectcdk.com ct.pinterest.com s.pinimg.com *.drivecentric.io *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 gubagoo.io *.gubagoo.io *.analytics.google.com/ *.autouncle.de *.aws.porsche-preview.cloud/ *.aws.porsche.cloud/ *.clarity.ms *.cloudfront.net *.doubleclick.net *.facebook.com *.fls.doubleclick.net *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googletagmanager.com *.hcaptcha.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.qualtrics.com tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com *.storystream.ai *.usercentrics.eu *.userlike.com ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv ftm.fluencyinc.co/ftm-ddc.js googleads.g.doubleclick.net https://js-agent.newrelic.com/ http://cdn.ui.porsche.com/ https://app.carnow.com/ https://cdn.gubagoo.io https://config.eu.usercentrics.eu https://hcaptcha.com https://maps.googleapis.com https://pixall.esm1.net https://porsche.com https://static.app.carnow.com https://themes.static.app.carnow.com https://sync.graph.bluecava.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com sc-static.net script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com tracking.crazyegg.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net bam.nr-data.net my.tealiumiq.com evt.autouncle.com bat.bing.net wss://node.gubagoo.io cdn.carfilmapp.com *.adform.net; img-src 'self' blob: moe-email-campaigns.s3.amazonaws.com image.moengage.com images-porsche.imgix.net bat.bing.net fra1.qualtrics.com siteintercept.qualtrics.com i.ytimg.com https://userlike-cdn-operators.userlike.com/ gubagoo.io *.gubagoo.io *.aws.porsche.cloud/ *.aws.porsche-preview.cloud/ *.autouncle.de *.clarity.ms *.cloudfront.net *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.ggpht.com *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com/ *.googletagmanager.com *.gstatic.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net http://cdn.ui.porsche.com/ idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com s1755874914.t.eloqua.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com static.app.carnow.com data:; style-src 'self' cdn.moengage.com app-cdn.moengage.com fonts.bunny.net assets.autouncle.com *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com api.drivecentric.com *.googletagmanager.com tags.srv.stackadapt.com themes.static.app.carnow.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: assets.autouncle.com fonts.bunny.net https://userlike-cdn-umm.b-cdn.net/ *.porsche.cn *.porsche.com *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; frame-src 'self' blob: www.connectcdk.com privacyportal.onetrust.com porsche-emails-v2.s3.eu-west-2.amazonaws.com *.accelerate.dealer.com *.autouncle.de *.clarity.ms *.creditbureauconnection.com *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.google.com *.google.de *.googleadservices.com *.googletagmanager.com *.hcaptcha.com/ *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu/ ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net cs.esm1.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net https://app.carnow.com/ https://consumer.xtime.com/ https://creditbureauconnection.com https://pauc.syndication.kbb.com/ https://porsche.com https://static.app.carnow.com https://sync.graph.bluecava.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com *.youtube.com app-prod.flipacar.com e.issuu.com fca1.wpengine.com conscheduling.tekioncloud.com player.vimeo.com consumer.xtime.net.au www.cognitoforms.com api.connectcdk.com gain-vi.ca www.youtube-nocookie.com porsche-production.discover.chargetrip.com suite.dtdrs.dealertrack.com porsche-shared.vercel.app gaudinmotorcompany.bamboohr.com ct.pinterest.com cdn.moengage.com m.xtime.com *.adform.net; 24 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com info.xvideos.net www.tjk-njk.com age.yoti.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.trackingtraffo.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com *.trackingtraffo.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 23 frame-ancestors 'self' xerox.com *.xerox.com carear.app 23 script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; object-src 'none'; worker-src blob:; img-src 'self' blob: data: https:; frame-src 'self' blob: data: https:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 23 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' https://food.grab.com https://food.stg-myteksi.com 23 frame-ancestors 'self' https://*.kindredtech.net https://*.kindredgroup.com;default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 23 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 23 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 23 block-all-mixed-content; upgrade-insecure-requests 23 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag 'sha256-jrgkEqFIwhymCeRxfh3RHm2ssvwC2lNerrrYfQZiAMA=' # Script for WizGov 'sha256-E6VSHz7prXjxYy3IswjAT2XLomQQ+UmhLBThJZm+dGs=' # Script for WizGov https://script-staging.wiz.gov.sg/customs-script.js https://script.wiz.gov.sg/customs-script.js blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ https://*.onemap.gov.sg/ https://maps.hack2025.gov.sg https://maps.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; 23 upgrade-insecure-requests; frame-ancestors 'none' 22 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 22 frame-src * 22 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 22 frame-ancestors 'self' *.youtube.com 22 frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 22 frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 22 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com https://smb.apple.com https://nova.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 21 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 21 object-src 'none'; frame-ancestors 'self' 21 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob:;frame-ancestors 'self'; 21 object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://mc.yandex.com/ https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 21 frame-ancestors 'self' *.hexia.io *.zigtools.nl *.zig365.nl 21 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 21 frame-src 'self' https://www.sonicwall.com/ https://securitynews.sonicwall.com/sonicwall-news/ https://blog.sonicwall.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss:; 21 default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 21 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 20 require-trusted-types-for 'script';report-uri /cspreport 20 worker-src 'self' blob: 20 default-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh challenges.cloudflare.com; style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com use.typekit.net; img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org; font-src 'self' data: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org use.typekit.net; media-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com; frame-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com calendar.google.com drive.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com challenges.cloudflare.com; connect-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com games.roblox.com economy.roblox.com; 20 frame-ancestors 'self' https://app.stg.boxoffice.com https://app.boxoffice.com 20 report-uri https://csp-report.opl-prd.mgnlsw.com/reports; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: ws: bat.bing.net alb.reddit.com allegra-pitstop-game-0046fd43d9e4.herokuapp.com nasacort.jebbit.com crescendoc.wufoo.com r3.dotdigital-email.com r3.dotdigital-pages.com engage.telfast.com.au askyourliver.s3.eu-central-1.amazonaws.com ws.hotjar.com beacon.deepintent.com *.crazyegg.com www.enterogermina.com a.clarity.ms ad.doubleclick.net ade.googlesyndication.com ads-engagement.presage.io adservice.google.com allegra.mycheckstatus.com allegra.pmcprograms.com an.yandex.ru analytics-static.ugc.bazaarvoice.com analytics.google.com analytics.tiktok.com analytics.twitter.com api-data-connector.abtasty.com api-js.mixpanel.com api.abtasty.com api.amcreativemedia.com api.bazaarvoice.com api.global-data-lab.com api.highdataanalytics.com api.lapis-analytics.com api.mapbox.com api.mkmediaworks.com api.permutive.com api.retargetly.com api.solaranalyticscorp.com api.tiles.mapbox.com api.typeform.com api2.abtasty.com apis.google.com app.abtasty.com apps.bazaarvoice.com ara.paa-reporting-advertising.amazon ariane.abtasty.com assets-tracking.crazyegg.com auth.iws-hybrid.trendmicro.com b.clarity.ms bat.bing.com c.bing.com c.clarity.ms c1.ugc.bazaarvoice.com cdn-eidpp.nitrocdn.com cdn-uicons.flaticon.com cdn.cookielaw.org cdn.flowcode.com cdn.jsdelivr.net cdn.krxd.net cdn.mouseflow.com cdn.pricespider.com cdn.tailwindcss.com cdn.trustpilot.net cdnjs.cloudflare.com cds.taboola.com ch-trc-events.taboola.com clientstream.launchdarkly.com cloudjs.netlify.com code.jquery.com common-fonts.abtasty.com connect.facebook.net content.hotjar.io contentorigin.bazaarvoice.com cookieless-campaign.prd-00.retargetly.com cr-input.mxpnl.net crtrgt.bumlam.com cs.frontend.weborama.fr ct.pinterest.com d.clarity.ms data1.calicluo.com datenschutz.sanofi.de dcinfos-cache.abtasty.com deo.shopeemobile.com dev.visualwebsiteoptimizer.com diffuser-cdn.app-us1.com display.ugc.bazaarvoice.com dulcolax-prod-server-side-tagging-ox3fbruzaa-od.a.run.app e.clarity.ms edge.fullstory.com editor-assets.abtasty.com embed.2b.uy embed.typeform.com embeddedcloud.pricespider.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com euw-omni.pricespider.com euw-wtbng.pricespider.com events.mapbox.com f.clarity.ms fonts.cdnfonts.com fonts.googleapis.com fonts.gstatic.com form.typeform.com gdehu.hit.gemius.pl geolocation.onetrust.com goldbond.mycheckstatus.com goldbond.pmcprograms.com googleads.g.doubleclick.net grmtech.net h.clarity.ms hu-gmtdmp.mookie1.com hugde.adocean.pl i.clarity.ms i.ytimg.com ib.adnxs.com images.simplycodes.com images.typeform.com insight.adsrvr.org irxcm.com j.clarity.ms js.adsrvr.org k.clarity.ms kraken.rambler.ru l.clarity.ms l.facebook.com lett.2buycdn.com lh3.google.com lh3.googleusercontent.com locate.pricespider.com log-papago.naver.com log.pinterest.com login.microsoftonline.com m.clarity.ms m.youtube.com maps.googleapis.com maps.gstatic.com mc.yandex.com mc.yandex.ru metrics.hotjar.io mon16-normal-useast5.tiktokv.us n.clarity.ms nasacort.pmcprograms.com network-a.bazaarvoice.com network.bazaarvoice.com o.clarity.ms o132438.ingest.sentry.io omni.pricespider.com p.clarity.ms p.typekit.net pagead2.googlesyndication.com pagestates-tracking.crazyegg.com pdp-service-v2.prd-00.retargetly.com pdp-service.retargetly.com photos-eu.bazaarvoice.com photos-us.bazaarvoice.com pips.taboola.com pixel.rubiconproject.com pollen.services.myilume.de pollenapps.com privacy-cs.mail.ru privacyportal-de.onetrust.com privacyportal-eu.onetrust.com psb.taboola.com px.adhigh.net px.ads.linkedin.com q.clarity.ms qa-assistant.abtasty.com r.clarity.ms r3.mail.ru rbtds.net readaloud.googleapis.com region1.analytics.google.com region1.google-analytics.com retcode-us-west-1.arms.aliyuncs.com rs.mail.ru rules.quantcount.com s.adroll.com s.amazon-adsystem.com s.clarity.ms s.pinimg.com s.yimg.com s3.amazonaws.com sanofi-privacy.my.onetrust.com sanofi-uat-privacy.my.onetrust.com sanofi.solution.weborama.fr sc-static.net script.hotjar.com secure.adnxs.com secure.quantserve.com securepubads.g.doubleclick.net security-us.mimecast.com selsunblue.pmcprograms.com service.gstatic-cache.com services.global.commerce-connector.com shop.pricespider.com shoppable-assets.global.commerce-connector.com shoppable-configs.global.commerce-connector.com shoppable.commerce-connector.com snap.licdn.com sp.analytics.yahoo.com spoppe-b.azureedge.net ssl.google-analytics.com ssl.gstatic.com st.top100.ru static.ads-twitter.com static.bumlam.com static.hotjar.com static.terratraf.io static2.sharepointonline.com stats.g.doubleclick.net storage.googleapis.com sync.bumlam.com sync.crwdcntrl.net sync.dmp.otm-r.com sync.upravel.com t-azmaps.azurelbs.com t.clarity.ms t.co td.doubleclick.net teddytor.abtasty.com testyourliver.abi.ai top-fwz1.mail.ru tr.snapchat.com tracking.adsafety.net tracking.crazyegg.com translate-pa.googleapis.com translate.google.com translate.googleapis.com trc-events.taboola.com try.abtasty.com u.clarity.ms unisom.mycheckstatus.com unisom.pmcprograms.com unpkg.com use.fontawesome.com use.typekit.net usw-omni.pricespider.com usw-wtbng.pricespider.com v.clarity.ms vc.hotjar.io vk.com w.clarity.ms widgets.abtasty.com ws.miqcommerce.com wtbevents.pricespider.com wtbng.pricespider.com www.algopyrin.hu www.allegra.com www.bing.com www.buscapina.com www.clarity.ms www.crazyegg.com www.dulcolax.ca www.essentiale.hk www.facebook.com www.gammedulco.fr www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.icyhot.com www.instagram.com www.mucosolvan.com www.rappi.com.co www.researchsolutions.com www.sanofi.us www.terracycle.com www.youtube-nocookie.com www.youtube.com script.crazyegg.com wwwassets.pricespider.com xyzal.mycheckstatus.com xyzal.pmcprograms.com y.clarity.ms yandex.ru tr6.snapchat.com apiv2.popupsmart.com cdn.taboola.com yt3.ggpht.com z.clarity.ms zantac360.pmcprograms.com wtbstream.pricespider.com vimeo.com 9509754.fls.doubleclick.net fls.doubleclick.net *.fls.doubleclick.net edge.curalate.com opella-privacy.my.onetrust.com www.telfastcashback.com.au telfast-widget.ambeedata.com selsunblue.mycheckstatus.com telfast-movie-ticket.kostaging.com.au telfast-movie-ticket.kopromos.com.au player.vimeo.com xyzalus.jebbit.com icyhotus.jebbit.com; 20 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 20 frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 19 frame-ancestors 'self'; frame-src 'self' https://*.google.com https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.google.com https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://logging.dropcatch.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com 19 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 19 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' 19 frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com *.goepson.com 19 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 19 frame-ancestors 'self' https://omnidoctor.ru/ 19 frame-ancestors 'self' https://metrika.yandex.ru/ 18 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; 18 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 18 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 18 frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 18 frame-ancestors none; 18 script-src 'self' 18 default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 18 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 18 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net https://pixel.byspotify.com https://pixels.spotify.com https://api.recova.ai https://*.zbozi.cz blob:; 18 frame-ancestors 'self' https://temaquevende.com.br https://vitrinedetemas.hostgator.com.br *.clearsale.com.br 18 block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 17 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 17 frame-ancestors 'self' https://guides.opentext.com https://assets.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src https:; connect-src https:; object-src https:; child-src https:; 17 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 17 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 17 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 17 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 17 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 17 frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 17 frame-ancestors 'self'; object-src 'none'; 17 default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.hubapi.com *.optimizely.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsadspixel.net *.doubleclick.net *.optimizely.com blob: 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net *.googletagmanager.com; object-src 'none' 17 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 17 default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self'; form-action 'self'; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://strapi.inbox.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 17 frame-ancestors 'self' azeu.marketing.adobe.com 17 script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com webpay3g.transbank.cl webpay3gint.transbank.cl *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.grupoaxo.com *.kipling.cl blog.andesgear.cl *.usercentrics.eu 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com *.ingest-lr.com *.lr-intake.com *.intake-lr.com *.logr-ingest.com *.lrkt-in.com *.lgrckt-in.com *.usercentrics.eu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu 'self' 'unsafe-inline'; 17 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 17 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 17 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;connect-src 'self' https:;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;font-src 'self' data: https:;worker-src 'self' blob: data:;media-src 'self' https:;frame-src 'self' https: 17 default-src 'self' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' *;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' *;frame-src 'self' * 17 script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-exp.spotifycdn.com open-review.spotifycdn.com open-exp-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js https://get.microsoft.com/badge/ms-store-badge.bundled.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/* https://app.smartly.io/*; 16 frame-ancestors 'self' https://medium.com 16 frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 16 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 16 frame-ancestors 'self' https://app.storyblok.com; 16 frame-ancestors 'self' * 16 script-src 'unsafe-inline' 'unsafe-eval' http: https: 16 default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob: 16 frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 16 default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 16 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 16 default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 16 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 16 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net *.archieven.nl storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 16 frame-ancestors 'self' https://shop.kaspersky.co.uk https://shop.kaspersky.ca https://cart.kaspersky.com.br https://loja.kaspersky.pt https://shop.africa.kaspersky.com https://shop.afrique.kaspersky.com https://shop.baltics.kaspersky.com https://shop.bg.kaspersky.com https://shop.hu.kaspersky.com https://shop.il.kaspersky.com https://shop.kaspersky.be https://shop.kaspersky.co.in https://shop.kaspersky.co.jp https://shop.kaspersky.co.kr https://shop.kaspersky.co.th https://shop.kaspersky.com https://shop.kaspersky.com.au https://shop.kaspersky.com.hk https://shop.kaspersky.com.tr https://shop.kaspersky.com.tw https://shop.kaspersky.com.vn https://shop.kaspersky.cz https://shop.kaspersky.de https://shop.kaspersky.dk https://shop.kaspersky.es https://shop.kaspersky.fi https://shop.kaspersky.fr https://shop.kaspersky.gr https://shop.kaspersky.it https://shop.kaspersky.kz https://shop.kaspersky.ma https://shop.kaspersky.nl https://shop.kaspersky.ro https://shop.kaspersky.rs https://shop.kaspersky.ru https://shop.kaspersky.se https://shop.me.kaspersky.com https://shop.no.kaspersky.com https://shop.sea.kaspersky.com https://shop.stan.kaspersky.com https://shop.usa.kaspersky.com https://shop-lt.latam.kaspersky.com https://shop-mx.latam.kaspersky.com; 15 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com info.xnxx.com www.tjk-njk.com age.yoti.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.trackingtraffo.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com *.trackingtraffo.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 15 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 15 script-src 'self' 'unsafe-eval' 'unsafe-inline' app.storyblok.com connect.facebook.net analytics.tiktok.com cdn.brcdn.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com fsi.thomann.de www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google; frame-src 'self' *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google sundice.thomann.de greatesthits.thomann.de greatesthits.thomann.pl greatesthits.thomann.fr greatesthits.thomann.nl greatesthits.thomann.co.uk greatesthits.thomannmusic.com greatesthits.thomannmusic.ch greatesthits.thomannmusic.no greatesthits.thomann.se greatesthits.thomann.pt greatesthits.thomann.dk greatesthits.thomann.ae greatesthits.thomann.es greatesthits.thomann.it greatesthits.thomann.at; frame-ancestors 'self' app.storyblok.com; object-src 'none' 15 frame-ancestors 'self' *.google.com; 15 frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com; 15 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 15 frame-ancestors 'self' https://es.chevrolet.com 15 report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 15 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com comeandsee.my.site.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com comeandsee.my.site.com; 15 frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 15 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 15 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 15 default-src 'none';base-uri 'self';script-src 'self' 'unsafe-inline' blob: https://api.search.gov.sg https://www.search.gov.sg https://*.wogaa.sg https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://graph.facebook.com https://*.licdn.com https://www.youtube.com https://webchat.vica.gov.sg https://webchat.mol-vica.com https://*.clarity.ms https://*.wiz.gov.sg https://*.ask.gov.sg ;style-src 'self' 'unsafe-inline' https://assets.wogaa.sg https://www.search.gov.sg https://webchat.vica.gov.sg https://webchat.mol-vica.com ;object-src 'none' ;connect-src 'self' https://isomer-user-content.by.gov.sg https://browser-intake-datadoghq.com https://api.search.gov.sg https://*.wogaa.sg https://api-chat-fe-flag.vica.gov.sg https://chat.vica.gov.sg wss://chat.vica.gov.sg https://api-chat-fe-flag.mol-vica.com https://chat.mol-vica.com wss://chat.mol-vica.com https://www.google-analytics.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://*.clarity.ms https://c.bing.com https://ask.gov.sg https://*.ask.gov.sg ;font-src 'self' data: https://fonts.gstatic.com https://www.search.gov.sg https://assets.wogaa.sg ;frame-src 'self' https://www.search.gov.sg https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net https://www.onemap.gov.sg https://www.youtube-nocookie.com https://player.vimeo.com https://m.facebook.com https://www.facebook.com https://docs.google.com https://form.gov.sg ;img-src 'self' https: ;manifest-src 'self' ;media-src 'self' ;worker-src 'none' ;frame-ancestors 'self' ; 15 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 15 form-action 'self' 15 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 15 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 15 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 15 default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com; script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 15 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://cloud.roistat.com https://cllctr.roistat.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com sentry.timeweb.net:4443 data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 14 upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'unsafe-eval' 'self' 'nonce-DhcnhD3khTMePgXw' 'strict-dynamic' 'unsafe-hashes' 'sha256-RjileO61mmx5C3Z0ub77ckR3sl153RlKqUC+EcKaVQc=' ; 14 object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 14 frame-ancestors https://app.contentful.com 14 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 14 upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com 14 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru api-maps.yandex.ru enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru www.tbank.ru api-statist.tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru business.tbank.ru cobrowsing.tbank.ru www.cdn-tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru delivery.tinkoff.ru broker-api.tinkoffinsurance.ru api-osago.tbank.ru imgproxy.cdn-tinkoff.ru collection-phoenix.t-tech.team tmsg.tbank.ru tmsg.phoenix-ca.ru api.rosbank.ru webevent.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com *.maps.yandex.net api-maps.yandex.ru enterprise.api-maps.yandex.ru yandex.ru http://static.tinkoffinsurance.ru https://i.ytimg.com *.rosbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://newatom.spaaace.io https://order.atom.auto rutube.ru t-j.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pwaplatform/log/csp-error?appName=pwaplatform&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru; frame-ancestors 'self' https://tinkoff-insurance.com tbank.ru www.tbank.ru *.tbank.ru *.tcsbank.ru tinkoff.ru *.tinkoff.ru *.tbank-online.com https://auto.ru https://t-insurance.avito.com mc.yandex.ru t-j.ru www.rosbank.ru *.bankline.ru 14 frame-ancestors 'self' https://app.eu.contentful.com; 14 upgrade-insecure-requests; frame-ancestors 'self' https://*.cookiebot.com 14 default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com *.google.com *.trymax.ai;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.strpst.com *.google.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 14 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 14 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 14 font-src 'none' 14 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 14 frame-ancestors 'self' https://preview.plaece.nl 14 frame-ancestors 'self' https://webcake.io https://builder.webcake.io 14 default-src 'self' 'unsafe-inline' https://* data: wss://*.hotjar.com; frame-ancestors 'none' 14 frame-ancestors 'self' https://test-screwfixspares.bloomreach.io/ https://screwfixspares.bloomreach.io/ 14 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 14 frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 14 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 13 default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 13 require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 13 frame-ancestors 'self' *.funke.cue.cloud 13 worker-src 'self'; 13 require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 13 default-src 'self'atlassian-companion:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net https://tracking.risk.lexisnexis.com https://code.jquery.com https://www.gstatic.com https://player.vimeo.com https://cdn.cookielaw.org https://tags.clickagy.com https://js.adsrvr.org https://www.buzzsprout.com blob: https://*.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://s.vttmg.com https://platform.twitter.com https://connect.facebook.net https://img.en25.com https://assets.adobedtm.com https://js.zi-scripts.com https://schedule.zoominfo.com https://ws-assets.zoominfo.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://*.lexisnexis.com https://*.lexisnexis.co.uk https://*.lexisnexis.es https://*.lexisnexis.com.br https://*.lexisnexis.com.jp d-code.liadm.com https://js.qualified.com/ https://googleads.g.doubleclick.net https://bat.bing.com/ https://snap.licdn.com https://cdn.microad.jp; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net https://cdnjs.cloudflare.com; img-src 'self' data: blob: https://img.en25.com https://bat.bing.com https://*.ytimg.com https://i.ytimg.com https://pbs.twimg.com https://*.lexisnexis.com https://*.lexisnexis.co.uk https://pixel.wp.com https://*.lexisnexis.es https://*.lexisnexis.com.br https://*.lexisnexis.co.jp https://*.lexisnexis.es https://*.lexisnexis.com.br https://analytics.lexisnexisrisk.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org https://*.lexisnexis.com https://*.lexisnexis.co.uk https://tracking.risk.lexisnexis.com https://aorta.clickagy.com https://*.openx.net https://*.liadm.com https://cm.q.doubleclick.net https://idsync.rlcdn.com https://aa.agkn.com https://*.visualwebsiteoptimizer.com https://universe.send.microad.jp pixel-sync.sitescout.com https://px.ads.linkedin.com https://www.google.com https://google.com https://cm.g.doubleclick.net https://d.agkn.com https://www.facebook.com https://*.adsrvr.org https://pixel.rubiconproject.com; font-src 'self' https://fonts.gstatic.com https://d.agkn.com/ https://d.agkn.com https://wordpress.com https://dataviz1.tmxcyber.com https://*.adnxs.com; connect-src 'self' https://cdn.microad.jp https://browser-intake-datadoghq.com https://*.visualwebsiteoptimizer.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://analytics.lexisnexisrisk.com https://js.zi-scripts.com https://dpm.demdex.net https://cm.eversttech.net https://www.recaptcha.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.lexisnexis.com https://*.lexisnexis.co.uk https://*.lexisnexis.es https://*.lexisnexis.com.br https://*.lexisnexis.co.jp https://*.clickagy.com https://insight.adsrvr.org https://idx.liadm.com https://rp.liadm.com https://app.qualified.com wss://ws5.qualified.com https://www.google.com https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com https://google.com https://privacyportal.onetrust.com; frame-src 'self' atlassian-companion: https://www.youtube.com https://www.comparably.com https://*.blueflamingo.solutions https://dataviz1.tmxcyber.com https://app.teamwalnut.com https://*.tmxcyber.com https://td.doubleclick.net https://www.buzzsprout.com https://lexisnexis.turtl.co https://www.youtube-nocookie.com https://platform.twitter.com https://player.vimeo.com https://lexisnexisrisksolutions.demdex.net https://gateway.on24.com https://www.recaptcha.net https://*.adsrvr.org i.liadm.com https://www.googletagmanager.com/ https://app.qualified.com https://cache.send.microad.jp https://www.kitchco.com; media-src 'self' https://*.cloudfront.net; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /cdn-cgi/script_monitor/report 13 default-src * 'unsafe-inline' 'unsafe-eval' 13 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 13 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 13 object-src 'self'; 13 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org 13 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 13 default-src 'self'; img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp; media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp; style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net *.tixpo.jp; style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw='; script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp *.tixpo.jp *.emtg.co.jp; font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net *.tixpo.jp; form-action 'self' *.mul-pay.jp *.emtg.co.jp; connect-src 'self' www.google-analytics.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com; frame-ancestors 'self'; 13 font-src *;img-src * data:; 13 default-src * data: 'unsafe-inline' 'unsafe-eval' 13 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 13 frame-ancestors 'self' *.mydukaan.io; 13 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 12 frame-ancestors *.shein.com https://www.shein.com.hk https://s1.shein.com https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 12 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 12 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js *.mutinycdn.com https://www.clarity.ms https://j.6sc.co/j/81ad4853-7699-4145-be50-4c0e963c8034.js *.roundprinceweb.com https://www.redditstatic.com/ads/pixel.js https://go.proofpoint.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.buzzsprout.com/2445401/episodes/*.js https://www.buzzsprout.com https://extend.vimeocdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com; report-uri /report-csp-violation 12 default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu *.iubenda.com *.redditstatic.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com cdn.plyr.io bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com *.google.com google.com; style-src 'self' 'report-sample' 'unsafe-inline' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se cdn.iubenda.com cdn.plyr.io; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 websupport.cz *.websupport.cz websupport.hu *.websupport.hu websupport.sk *.websupport.sk websupport.se *.websupport.se *.iubenda.com *.redditstatic.com *.reddit.com googleapis.com *.googleapis.com *.google.com google.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.acsbapp.com *.motu-teamblue.services *.teamblue.services h.seznam.cz noembed.com cdn.plyr.io; font-src 'self' 'report-sample' 'unsafe-inline' data: websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu gstatic.com *.gstatic.com; frame-ancestors 'self' *.websupport.sk; frame-src 'self' 'report-sample' *.websupport.sk websupport.sk *.websupport.cz websupport.cz *.websupport.hu websupport.hu *.websupport.se websupport.se blob: ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com www.youtube-nocookie.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com *.reddit.com tracker.metricool.com gravatar.com *.gravatar.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.facebook.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.google-analytics.com px.ads.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.ytimg.com *.motu-teamblue.services *.teamblue.services brxcdn.com websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu; manifest-src 'self'; media-src 'self'; worker-src 'self'; 12 object-src 'none'; form-action 'self'; frame-ancestors 'self'; 12 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://*.genesys.com https://*.genesyscsdt.com https://*.genesyscsdteng.com https://resources.genesys.com https://*.seismic.com https://genesys.seismic.com https://know.genesys.com https://help.genesys.com https://*.contentsquare.net app.contentsquare.com genesys.lightning.force.com genesys.file.force.com; 12 default-src 'self' *.idrive.com *.idrivesync.com https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://alcdn.msauth.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; frame-src https://chatbot.idriveonlinebackup.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 12 frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com https://cdn.jsdelivr.net/npm/keycloak-js@15.1.1/dist/keycloak.min.js js-agent.newrelic.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com us-assets.i.posthog.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net static.hsappstatic.net *.tiktok.com *.ttwstatic.com https://boards.greenhouse.io/embed/job_board/js organizer.bizzabo.com https://js.usemessages.com/conversations-embed.js https://unpkg.com/@splinetool/viewer/build/spline-viewer.js https://cdn.jsdelivr.net/npm/hls.js@latest mv.icu *.revenuehero.io www.zerobounce.net; object-src 'none' 12 frame-ancestors 'self' *.purpledshub.com 12 frame-ancestors 'self' *.laccd.edu *.elac.edu *.wlac.edu *.lapc.edu *.lamission.edu *.lavc.edu *.lasc.edu *.lahc.edu *.lacc.edu *.lattc.edu 12 upgrade-insecure-requests; object-src 'none' 12 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 12 frame-ancestors 'self' https://virtual-tours.msccruises.com; 12 none 12 default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 12 frame-ancestors https://cms-prod.brxm.grandvision.io 12 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 12 frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 12 frame-ancestors 'self' *.affino.com; 12 script-src 'self' 'unsafe-inline' 'unsafe-eval' p.teads.tv analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none'; child-src 'self' www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com checkoutshopper-live.adyen.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 12 default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 12 frame-ancesters 'self' 12 unsafe-inline 12 default-src data: * 'unsafe-inline' 'self' 12 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; font-src 'self' https: http: data:; img-src 'self' data: https: http:; frame-src 'self' https: http:; connect-src 'self' https: http:; 12 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://player.vimeo.com https://embed.vidbeo.com/ https://*.azure.com https://*.microsoft.com https://*.visualstudio.com blob: https://dc.mymdnow.com/ https://dc.carenow.com/ https://dc.stdavids.com/ https://dpx-xsf-func-maps-eastus2-dev-bbasc5hha3dfexh6.eastus2-01.azurewebsites.net https://solutions.invocacdn.com/ https://pnapi.invoca.net/ https://*.podium.com https://*.analyticspodium.com https://dpx-xsf-func-maps-eastus2-prod-bnf2g4e0a8fvhahy.eastus2-01.azurewebsites.net; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://i.vimeocdn.com/ https://*.podium.com; style-src 'self' 'unsafe-inline' https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://*.podium.com; font-src 'self' 'unsafe-inline' data: https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://atlas.microsoft.com https://*.podium.com; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com https://player.vimeo.com https://embed.vidbeo.com/ *.crazyegg.com https://*.medcity.net *.doubleclick.net https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://mycarenowbiltmoreparkbot.azurewebsites.net; upgrade-insecure-requests; block-all-mixed-content ; 12 connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 12 default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://cdn.jsdelivr.net https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://statistikk.fnsp.no https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog; font-src 'self' data: https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com https://web-sdk-eu.aptrinsic.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://tryggprat.fnsp.nhn.no https://www.unn.no https://www.vestreviken.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://tryggprat.fnsp.nhn.no https://www.unn.no https://www.vestreviken.no; connect-src 'self' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://fellesinnhold.fnsp.nhn.no https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://*.fnsp.nhn.no https://acast.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://app.powerbi.com https://apps.skde.no https://dashboard.find.episerver.net/ https://data.stolav.no/ https://ekstranett.helse-midt.no/ https://fellesinnhold.fnsp.nhn.no https://film.oslo-universitetssykehus.no/ https://fnsp.fnsp.nhn.no https://login.microsoftonline.com https://medfilm.se/ https://navikt.github.io https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://player.vimeo.com https://players.brightcove.net/ https://podcasts.apple.com https://prat.fnsp.no https://prod-tabellverk.skde.org/ https://skde.org https://sketchfab.com https://test.skde.no https://uib.cloud.panopto.eu/ https://vimeo.com/ https://www.acast.com/ https://www.fnsp.no https://www.youtube-nocookie.com https://www.youtube.com https://use.mazemap.com https://rise.articulate.com/ https://forms.office.com/ https://csb10033fff971bc7e5.z6.web.core.windows.net/ https://youtu.be/; frame-ancestors 'self'; 12 default-src * ; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; object-src *; media-src *; frame-src *; connect-src *; worker-src * blob:; 12 base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io *.highcharts.com; object-src 'none'; 12 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com *.facebook.net wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com *.google.com *.dhru.com *.paypal.com *.paypalobjects.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 12 frame-ancestors 'self' ;upgrade-insecure-requests; 12 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 12 default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob: 12 frame-ancestors 'self' https://gtranslate.io; 12 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com www.google.com google.com adservice.google.com pagead2.googlesyndication.com td.doubleclick.net www.googletagmanager.com ad.doubleclick.net; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ pagead2.googlesyndication.com/pagead/ www.googletagmanager.com/gtag/destination www.google.com/recaptcha/enterprise.js www.gstatic.com/recaptcha/releases/ merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh *.fls.doubleclick.net www.googletagmanager.com td.doubleclick.net play.vidyard.com www.google.com/recaptcha/ li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 11 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 11 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com *.samsung-news.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 11 default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob: https://videos.porsche.com https://videos.porsche.cn; connect-src https: wss://umd.userlike.com data:; img-src https: data:; 11 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 11 frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 11 frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 11 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net dqm.crownpeak.com geolocation.onetrust.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com aemcs.unileversolutions.com 11 frame-ancestors https://app.storyblok.com 11 upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 11 frame-ancestors 'self' *.ci360.sas.com app.contentstack.com login.celebrations.com www.1800flowers.com www.1800baskets.com www.berries.com www.cheryls.com www.florists.com www.plants.com www.fruitbouquets.com www.harryanddavid.com www.simplychocolate.com www.thepopcornfactory.com www.vitalchoice.com www.wolfermans.com www.celebrations.com prod-celebrations-chained.18f.tech 11 “upgrade-insecure-requests†11 child-src 'self' blob:;connect-src * https://accounts.google.com/gsi/;default-src 'self' assets.travix.com *.cdn-net.com;img-src 'self' * data:;font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com cdn.userway.org;object-src 'self';media-src 'self' cdn.userway.org s1.travix.com;manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdnjs.cloudflare.com/polyfill assets.travix.com six.cdn-net.com tagmanager.google.com *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com securepubads.g.doubleclick.net kayak.com static.ads-twitter.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net *.creativecdn.com cars.cartrawler.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com/gsi/client *.cartrawler.com static.assets.uat.trip.travix.com static-assets.travix.com cdn.userway.org api.useberry.com;style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net https://accounts.google.com/gsi/style *.cartrawler.com cdn.userway.org;frame-ancestors *.useberry.com;frame-src 'self' *.doubleclick.net ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://claims.cloud.hopper.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.creativecdn.com https://accounts.google.com/gsi/ *.trip.com *.googletagmanager.com cdn.userway.org;base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests 11 default-src 'self'; connect-src 'self' *.yoast.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.authorize.net *.facebook.com stats.addtoany.com *.google.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com s3.eu-west-1.amazonaws.com *.marker.io stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.instagram.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.clickagy.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; frame-src 'self' app.marker.io *.zi-scripts.com *.zoominfo.com *.clickagy.com *.instagram.com *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; img-src 'self' *.vimeocdn.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.wpengine.com *.w.org secure.gravatar.com data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com; object-src 'self' *.oembed.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com; script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org *.marker.io *.zi-scripts.com *.zoominfo.com *.clickagy.com *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.zi-scripts.com *.zoominfo.com *.clickagy.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com *.instagram.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.clickagy.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.zi-scripts.com *.zoominfo.com *.clickagy.com https://www.googletagmanager.com go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com jsd-widget.atlassian.com google.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; 11 form-action 'self'; 11 frame-ancestors 'self'; base-uri 'self' 11 frame-ancestors 'self' https://*.fun.com 11 object-src 'self' 11 default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rambler.ru dsp-rambler.ru *.dsp-rambler.ru *.rambler-co.ru *.top100.ru *.s3.yandex.net *.market.yandex.ru *.yandex.ru *.maps.yandex.net yandex.ru yastatic.net *.webvisor.org smartcaptcha.yandexcloud.net www.google-analytics.com www.googletagmanager.com *.weborama.fr *.weborama-tech.ru weborama-tech.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru adriver.com adriver.ru *.adriver.com *.adriver.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com *.smi2.net *.smi2.ru smi2.ru *.24smi.net *.mail.ru *.mindbox.ru *.rnet.plus *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.reddigital.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.prom.app.sberdevices.ru *.2xclick.ru *.infox.sg *.otm-r.com stat.media *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.tns-counter.ru *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru telegram.org *.bazzoola.com bazzoola.com anketolog.ru blob:; report-to csp.rambler-co.ru 11 script-src 'self' https://*.statics.backmarket.com https://front-office.statics.backmarket.com/736ac6a49e9ee69eedd648426e0c611878621f5a/ https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://sc-static.net https://www.google.com/pagead/ https://www.googleadservices.com https://b98.yahoo.co.jp https://googleads.g.doubleclick.net https://d34r8q7sht0t9k.cloudfront.net https://websdk.appsflyer.com https://connect.facebook.net https://bat.bing.com https://bat.bing-int.com https://www.redditstatic.com https://analytics.tiktok.com https://www.dwin1.com https://js.adsrvr.org https://p.teads.tv https://pixel.byspotify.com https://cdn.attraqt.io https://*.tvsquared.com https://s.yimg.jp https://amplify.outbrain.com https://wave.outbrain.com https://js.cnnx.link https://cdn.taboola.com https://d.line-scdn.net https://lantern.roeyecdn.com https://tr.outbrain.com https://statics.a8.net https://static.ads-twitter.com https://b99.yahoo.co.jp https://the.sciencebehindecommerce.com https://embed.typeform.com https://widgets.trustedshops.com https://www.clarity.ms https://widget.trustpilot.com https://cdn.scalapay.com https://www.awin1.com https://tags.creativecdn.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://sdk.privacy-center.org https://api.privacy-center.org https://assets.oney.io https://cdn-scripts.signifyd.com https://cdn.scalapay.com https://cdn1.affirm.com https://imgs.signifyd.com https://*.klarna.com https://*.klarnacdn.net https://js.processout.com https://js.squarecdn.com https://pay.google.com https://www.paypal.com https://*.paylution.com https://backmarket.mydral.com blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubdc168fd6fb5f2bf245b09ff737b0112b&ddsource=csp-report&dd-evp-origin=content-security-policy&ddtags=environment%3Aprod%2Ccontinent%3Aeu%2Csource%3Anode%2Cservice%3Afront-office%2CserviceVersion%3A736ac6a49e9ee69eedd648426e0c611878621f5a%2Cpolicy-id%3Av1; 11 frame-ancestors 'none'; upgrade-insecure-requests; 11 script-src 'self' 'unsafe-inline' 'unsafe-eval' * 11 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 11 frame-ancestors 'self' https://platform.fynd.com 11 base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' *.cleverpush.com 11 frame-ancestors 'self' *.facebook.com 11 frame-ancestors 'self' https://*.ally.ac; 11 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 11 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 11 frame-ancestors 'self' http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 11 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 11 frame-ancestors 'self' *.plataformaneo.com.br 11 worker-src 'self' blob:; 11 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d 11 default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 11 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com https://*.disqus.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.disqus.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.disqus.com https://*.google.com https://vars.hotjar.com https://www.facebook.com 11 font-src *.trustedshops.com *.trustindex.io *.cookiebot.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.io *.hotjar.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.trustedshops.com *.trustindex.io *.cookiebot.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com https://www.magezon.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.google.nl *.usercentrics.eu *.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.trustedshops.com *.trustindex.io *.cookiebot.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com https://*.dpdconnect.nl *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com googletagmanager.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.clarity.ms *.hotjar.io *.hotjar.com *.usercentrics.eu *.cloudwaysapps.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.trustedshops.com *.trustindex.io *.cookiebot.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.trustedshops.com *.trustindex.io *.cookiebot.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.twitter.com *.clarity.ms *.usercentrics.eu *.hotjar.io *.hotjar.com wss://*.hotjar.com *.cloudwaysapps.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 11 frame-ancestors 'self' https://secure.backblaze.xyz https://secure.backblaze.pet https://secure.backblaze.net https://secure.backblaze.com 10 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 10 frame-ancestors *.ivanti.com https://dash.cloudflare.com 10 frame-ancestors 'self' https://cxone.niceincontact.com https://cxone-gov.niceincontact.com 10 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10 frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ https://app.mutinyhq.com/ 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net *.en25.com https://js.zi-scripts.com https://epsilon.6sense.com/ https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com *.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 10 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 10 frame-ancestors 'self' https://app.contentful.com; 10 frame-ancestors 'self'; base-uri 'self'; 10 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 10 frame-ancestors 'self' https://oas.esf.edu.hk/ https://oasweb-stg.esf.edu.hk/ https://oasweb-uat.esf.edu.hk/ https://oasweb-dev.esf.edu.hk/ https://oasweb-dev2.esf.edu.hk/ https://srs-uat.esf.edu.hk https://www.1823.gov.hk https://api.data.gov.hk; 10 upgrade-insecure-requests; frame-ancestors 'none'; 10 frame-ancestors 'self' https://dato-plugin-3zrf.vercel.app https://factorial-next.admin.datocms.com *.factorial.be *.factorial.ch *.factorial.co *.factorial.es *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.ar *.factorialhr.com.br *.factorialhr.com.de *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.fatorial.pt *.factorialhr.com 10 ; frame-ancestors 'self' 10 frame-ancestors 'self'; object-src 'self'; 10 upgrade-insecure-requests; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 10 frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 10 frame-ancestors 'self' *.contentstack.com 10 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; prefetch-src 'self' ; img-src https: data: ; 10 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 10 frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 10 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 10 default-src * blob: data: https:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 10 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 10 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 10 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 10 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 10 report-to default 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com iongroupdev.wpenginepowered.com data.iongroup.com; 10 frame-ancestors 'self' https://*.bdo.global 10 frame-ancestors https://app.storyblok.com/ 10 frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://analytics.tiktok.com https://*.azurewebsites.net https://*.onetrust.com; object-src 'none'; base-uri 'none'; 10 default-src https: 'unsafe-inline' 'unsafe-eval' 10 frame-ancestors https://app.contentful.com https://dash.cloudflare.com 10 frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 10 frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 10 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 10 default-src https: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' ;img-src https: blob: data:;font-src https: data:;connect-src https: wss:;worker-src https: blob:; 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.net *.cubepile.com *.dailymotion.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.freewheel.tv *.gamoshi.io *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pubmatic.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.tradingview.com *.tribalfusion.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.vidyome.com *.vimeo.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yieldmo.com *.youtu.be *.youtube.com bs.yandex.ru cdn.ampproject.org google.com googlesyndication.com onesignal.com pagead2.googlesyndication.com s1.adform.net track.adform.net trgde.adocean.pl; 10 default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://62.210.201.98 http://195.154.187.179 http://195.154.173.242 http://195.154.225.146 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' www.mexc.com bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 10 frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data: blob:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 10 frame-ancestors 'self' https://secure.safecharge.com; 10 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src 'self'; frame-ancestors 'self'; 10 default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' wss://vault.altocloud.asia https://api.pwnedpasswords.com https://api.2fa.directory; object-src 'self' blob:; 10 frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 10 default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 10 default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 10 frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 10 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 10 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 9 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://*.smassets.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; connect-src https: wss: https://*.smassets.net https://rum-ingest.us1.signalfx.com/ 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft 9 default-src 'self' http: https: ws: wss: yoti: * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com accounts.google.com *.google.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com cdn.delight-vr.com www.yoti.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 9 frame-ancestors 'self' *.kameleoon.com 9 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 9 frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 9 frame-ancestors self https://*.wayfair.com https://*.wayfair.ca https://*.wayfair.co.uk https://*.wayfair.de https://*.wayfair.ie https://*.jossandmain.com https://*.allmodern.com https://*.birchlane.com https://*.perigold.com 9 object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 9 frame-ancestors 'self' *.nokia.com *.ceros.com 9 upgrade-insecure-requests; frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com; 9 frame-ancestors *; upgrade-insecure-requests; object-src 'none' 9 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9 object-src 'none'; base-uri 'self' 9 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com tags.tiqcdn.com www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com *.ps.five9.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com; connect-src 'self' *.scene7.com target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com *.ps.five9.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 9 frame-src *; 9 default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 9 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 9 frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 9 reflected-xss block 9 default-src=self; 9 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 9 default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 9 frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com *.visualwebsiteoptimizer.com app.vwo.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: useruploads.vwo.io *.visualwebsiteoptimizer.com app.vwo.com; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com 'self' blob:; style-src * 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https: 9 frame-ancestors *; report-uri /_/commcsp?disposition=enforce 9 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 9 frame-ancestors 'self' letmedate.com www.letmedate.com 9 default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 9 img-src 'self' data: https:; 9 frame-ancestors 'self' https://gov.aitu.io; 9 frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 9 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 9 img-src 'self' data:; default-src 'self' 'unsafe-inline' 9 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 9 default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 9 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; script-src-attr 'none'; upgrade-insecure-requests; 9 object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 9 img-src * 9 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.sharethis.com *.botmd.io *.google-analytics.com cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.simsys.sg *.sharethis.com *.cdninstagram.com *.botmd.io *.s3.amazonaws.com *.google-analytics.com *.google.com *.google.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.sharethis.com player.vimeo.com *.facebook.com *.youtube.com *.botmd.io *.google.com https://form.gov.sg td.doubleclick.net youtu.be www.googletagmanager.com my.matterport.com *.spotify.com https://gccchat.nuhs.edu.sg https://vimeo.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com bcp.crwdcntrl.net *.ent.ap-southeast-1.aws.found.io *.google-analytics.com https://stats.g.doubleclick.net *.amazonaws.com https://data.stbuttons.click/data c.ltmsphrcl.net https://gccchat.nuhs.edu.sg/connector/api/chat/connect; media-src 'self' data: blob: *.cdninstagram.com *.botmd.io *.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: data:; object-src 'none' 9 frame-ancestors 'self' http://*.tp.com https://*.tp.com http://insights.tp.com https://insights.tp.com 9 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 9 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; font-src 'self' * http://* data: https://*; object-src 'self' blob: 9 block-all-mixed-content; frame-ancestors 'none'; 9 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 9 frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; 9 default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 9 frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 9 default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 9 frame-ancestors 'self' https://*.batchgeo.com 9 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 9 upgrade-insecure-requests; frame-ancestors 'self' http://localhost https://localhost https://assaconnect.azurewebsites.net https://assaconnect-qa.azurewebsites.net https://assaconnect-staging.azurewebsites.net https://connect.assaabloy.com https://edc.adamsrite.com https://egress-calculator-qa.azurewebsites.net https://egresscalc.assaabloy.com; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 9 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 9 frame-ancestors 'self' https://customer.educations.com 9 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://payment.preprod.payone.com https://payment.payone.com; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: http://localhost:8080; upgrade-insecure-requests; 9 style-src 'self' blob: 'unsafe-inline' *.maze.co *.google.com *.gstatic.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.gcp.pgcloud.com *.rudderlabs.com *.pinterest.com s.pinimg.com static.affilae.com de-grafana-agent-prod.pg.com de-grafana-agent-dev.pg.com unpkg.com *.maze.co *.abtasty.com *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.impactcdn.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io ; font-src 'self' *.maze.co *.gstatic.com *.googleapis.com *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io ; img-src * 'self' data: https: blob: *.maze.co *.google.com *.abtasty.com *.amazonaws.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: api.gcp.pgcloud.com *.rudderstack.com *.pinterest.com www.jeu-ete-braun.com lb.affilae.com *.maze.co *.twitch.tv *.sjv.io *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io 9 upgrade-insecure-requests;frame-ancestors 'self' ; 9 frame-ancestors 'self' http://admin.bonami.cz 9 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de *.festool.com 9 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9 default-src * data: 'unsafe-inline' 'unsafe-eval' 'self' blob:; media-src * blob:; img-src * data: 'unsafe-inline' blob: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.heapanalytics.com https://*.qualtrics.com; font-src * data: 'unsafe-inline'; frame-ancestors *.amway.it; connect-src 'self' api-js.datadome.co *.amway.eu https://siteintercept.qualtrics.com https://maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com https://*.clarity.ms https://c.bing.com *.auryc.com https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; frame-src https://*.elf.site https://players.brightcove.net geo.captcha-delivery.com https://coreplus.amwayglobal.com https://coreplus-qa.amwayglobal.com https://coreplus-regional.gmb-preprod.corp.amway.net https://coreplus-stage.amwayglobal.com *.qualtrics.com https://bonus.amway-services.com https://online.flippingbook.com https://amway-achievers.web.app app.vwo.com *.visualwebsiteoptimizer.com https://www.youtube.com https://*.ada.support https://*.qualtrics.com https://export-file-storage-prod.s3.us-east-1.amazonaws.com; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com tags.tiqcdn.com js.datadome.co *.googleapis.com *.heapanalytics.com *.qualtrics.com *.clarity.ms https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.googleapis.com *.gstatic.com 9 block-all-mixed-content;upgrade-insecure-requests; 9 default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai;script-src-attr 'unsafe-inline';connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai;img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com;frame-src *;object-src 'none';media-src 'self' *.iesnare.com data:;frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self';form-action 'self';upgrade-insecure-requests 9 frame-ancestors 'self' *.hotmart.com hotmart.com *.hotmart.host *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 9 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 9 frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/ https://x.adroll.com/ https://www.googletagmanager.com/ https://ep2.adtrafficquality.google/ https://winnipegfootballclub.jotform.com/ https://embed.radio.co/ https://open.spotify.com/ https://pop0-ccs-webchat-api.serverdata.net/; 9 script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 9 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 9 default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 9 frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 9 base-uri 'self';frame-ancestors 'self' 9 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' unsafe-inline; script-src 'self' * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: unsafe-inline 'unsafe-inline'; img-src * data: blob: unsafe-inline 'unsafe-inline'; media-src * data: blob: unsafe-inline 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: unsafe-inline 'unsafe-inline'; font-src * data: blob: unsafe-inline 'unsafe-inline'; frame-ancestors 'none' 9 frame-src 'self' https://www.googletagmanager.com https://*.youtube.com http://*.youtube.com https://*.google.com https://www.facebook.com https://*.gov.bd https://*.*.gov.bd; 9 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com https://cdnjs.cloudflare.com https://static.redhat.com https://use.fontawesome.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 8 default-src * 'unsafe-eval' data: 'unsafe-inline'; frame-ancestors 'none'; worker-src * 'self' blob:; 8 frame-ancestors 'self' https://metrica.yandex.com 8 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 8 frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 8 upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 8 default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' https://s-bahn-hh.specials-bahn.de/ *.google.com https://cms.static-bahn.de https://secure.pay1.de https://dbpayment.dbv.service.deutschebahn.com https://payment.dbv.service.deutschebahn.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 8 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com http://*.cvent.cloud https://*.cvent.cloud; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com http://*.cvent.cloud https://*.cvent.cloud; report-uri /report-csp-violation 8 frame-ancestors https://*.marketo.com 8 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 8 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 8 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; 8 default-src https: 'unsafe-eval' 'unsafe-inline' 'self' ws: data:; worker-src blob:; object-src 'none'; frame-ancestors 'none' 8 frame-ancestors 'self' app.storyblok.com 8 frame-ancestors 'self' *.mebis.info 8 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 8 frame-ancestors 'self' *.maxon.net 8 base-uri 'none'; font-src 'self' data: https://tchibo.omq.de https://fonts.gstatic.com https://heapanalytics.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cdn.cookielaw.org https://*.uimserv.net https://*.creativecdn.com https://www.google.de https://*.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://*.quantserve.com https://www.google.com https://*.adnxs.com https://c.seznam.cz https://www.glami.cz https://www.glami.hu https://www.glami.com.tr https://ctgdm.tchibo.de https://px.ads.linkedin.com https://ssl.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://*.contentsquare.net https://*.teads.tv https://heapanalytics.com https://tchibo.omq.de https://www.tchibo.de https://*.tchibo.de https://www.eduscho.at https://*.eduscho.at https://www.tchibo.ch https://*.tchibo.ch https://www.fr.tchibo.ch https://*.fr.tchibo.ch https://www.tchibo.pl https://*.tchibo.pl https://www.tchibo.hu https://*.tchibo.hu https://www.tchibo.cz https://*.tchibo.cz https://www.tchibo.sk https://*.tchibo.sk https://www.tchibo.com.tr https://*.tchibo.com.tr https://shop-de.dev.int.tools.hunter.gcp.tchibo.systems https://shop-de.staging.int.tools.hunter.gcp.tchibo.systems https://shop-at.dev.int.tools.hunter.gcp.tchibo.systems https://shop-at.staging.int.tools.hunter.gcp.tchibo.systems https://shop-ch.dev.int.tools.hunter.gcp.tchibo.systems https://shop-ch.staging.int.tools.hunter.gcp.tchibo.systems https://shop-chfr.dev.int.tools.hunter.gcp.tchibo.systems https://shop-chfr.staging.int.tools.hunter.gcp.tchibo.systems https://shop-pl.dev.int.tools.hunter.gcp.tchibo.systems https://shop-pl.staging.int.tools.hunter.gcp.tchibo.systems https://shop-hu.dev.int.tools.hunter.gcp.tchibo.systems https://shop-hu.staging.int.tools.hunter.gcp.tchibo.systems https://shop-cz.dev.int.tools.hunter.gcp.tchibo.systems https://shop-cz.staging.int.tools.hunter.gcp.tchibo.systems https://shop-sk.dev.int.tools.hunter.gcp.tchibo.systems https://shop-sk.staging.int.tools.hunter.gcp.tchibo.systems https://shop-tr.dev.int.tools.hunter.gcp.tchibo.systems https://shop-tr.staging.int.tools.hunter.gcp.tchibo.systems; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' https://heapanalytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.taboola.com https://analytics.tiktok.com https://bat.bing.com https://*.criteo.com https://js.adsrvr.org https://js.cnnx.link https://pixel.byspotify.com https://px.ads.linkedin.com https://s.pinimg.com https://*.creativecdn.com https://www.googleadservices.com https://www.googletagmanager.com https://*.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://*.clarity.ms https://rules.quantcount.com https://*.quantserve.com https://snap.licdn.com https://*.adform.net https://ups.xplosion.de https://*.adnxs.com https://*.getback.ch https://gtm.adt313.net https://*.scarabresearch.com https://*.teads.tv https://s.uicdn.com https://d.c.cdnsrv.de https://a.twiago.com https://static.lamoda.pl https://pixel.wp.pl https://www.glami.eco https://postback.affiliateport.eu https://c.seznam.cz https://*.dognet.sk https://img2-digitouch.mncdn.com https://ctgdm.tchibo.de https://pixel.rubiconproject.com https://www.google-analytics.com https://tchibo.omq.de https://cdns.cdp.gigya.com https://*.contentsquare.net https://app.contentsquare.com https://cdn.heapanalytics.com https://heapanalytics.com https://tagm.tchibo.de https://tagm.tchibo.ch https://tagm.tchibo.pl https://tagm.tchibo.cz https://tagm.tchibo.hu https://tagm.tchibo.sk https://tagm.tchibo.com.tr https://tagm.tchibo.at https://ctagm.tchibo.de https://ctagm.tchibo.ch https://ctagm.tchibo.pl https://ctagm.tchibo.cz https://ctagm.tchibo.hu https://ctagm.tchibo.sk https://ctagm.tchibo.com.tr https://ctagm.eduscho.at https://*.emarsys.net https://api.bounce-commerce.de; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://*.onetrust.com https://*.api.cdp.gigya.com https://*.taboola.com https://bat.bing.com https://*.criteo.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.analytics.google.com https://*.contentsquare.net https://*.contentsquare.com https://www.facebook.com https://ct.pinterest.com https://pixels.spotify.com https://*.clarity.ms https://s.seedtag.com https://www.google.com https://*.adnxs.com https://*.scarabresearch.com https://*.teads.tv https://pixel.wp.pl https://rum.browser-intake-datadoghq.eu https://region1.analytics.google.com https://region1.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tchibo.omq.de https://analytics.tiktok.com https://*.creativecdn.com https://customerfrontenddata.int.dev.hunter.gcp.tchibo.systems https://customerfrontenddata.int.staging.hunter.gcp.tchibo.systems https://heapanalytics.com https://sst.tchibo.ch https://sst.tchibo.de https://sst.tchibo.pl https://sst.tchibo.cz https://sst.tchibo.hu https://sst.tchibo.sk https://sst.tchibo.com.tr https://sst.eduscho.at https://*.emarsys.net https://api.bounce-commerce.de; frame-src https://*.criteo.com https://*.creativecdn.com https://www.googletagmanager.com https://*.doubleclick.net https://d.c.cdnsrv.de https://*.adsrvr.org https://ct.pinterest.com https://csxd.tchibo.de https://csxd.hunter.nexinto.com https://tchibo.omq.de https://tagm.tchibo.de https://tagm.tchibo.ch https://tagm.tchibo.pl https://tagm.tchibo.cz https://tagm.tchibo.hu https://tagm.tchibo.sk https://tagm.tchibo.com.tr https://tagm.tchibo.at https://ctagm.tchibo.de https://ctagm.tchibo.ch https://ctagm.tchibo.pl https://ctagm.tchibo.cz https://ctagm.tchibo.hu https://ctagm.tchibo.sk https://ctagm.tchibo.com.tr https://ctagm.eduscho.at https://sst.tchibo.ch https://sst.tchibo.de https://sst.tchibo.pl https://sst.tchibo.cz https://sst.tchibo.hu https://sst.tchibo.sk https://sst.tchibo.com.tr https://sst.eduscho.at; child-src blob:; worker-src blob:; 8 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 8 frame-ancestors 'self' *.tournamentsoftware.com *.toernooi.nl 8 'self' 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za fpt.absa.com.gh fpt.absabank.co.ke fpt.absabank.mu fpt.absa.co.mz fpt.absa.sc fpt.absa.co.tz fpt.absa.co.ug fpt.absa.co.zm fpt.absa.co.bw p.teads.tv absa2--a2sadcdev.sandbox.my.site.com absa2--a2sadcdev.sandbox.my.salesforce-scrt.com absa2--a2uat.sandbox.my.site.com absa2--a2uat.sandbox.my.salesforce-scrt.com absa2.my.site.com absa2.my.salesforce-scrt.com 8 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://p2-chat-use1.starcenter.star2star.com/ https://privacy-proxy.usercentrics.eu/ https://app.usercentrics.eu/ https://info.sangomaus.local/ https://info.staging.sangoma.com/ https://info.sangoma.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://cdn.howuku.com/ https://api.howuku.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hubspot.com/ https://js.hsforms.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://play.google.com/ https://www.googleadservices.com/ https://s3.tradingview.com/ https://www.workable.com/ https://dcvxs6ggqztsa.cloudfront.net/ https://apply.workable.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' blob: data: https://secure.gravatar.com/ https://staging.sangoma.com/ https://app.usercentrics.eu/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://perf-na1.hsforms.com/ https://track.hubspot.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://www.linkedin.com/ https://www.x.com/ https://uct.service.usercentrics.eu/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ ; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' wss://ws.hotjar.com/ https://api.usercentrics.eu/ https://px.ads.linkedin.com/ https://api.howuku.com/ https://cta-service-cms2.hubspot.com/ https://content.hotjar.io/ https://p2-chat-use1.starcenter.star2star.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.linkedin.com/ https://www.google.com/ https://www.workable.com/assets/embed.jshttps://www.x.com/ https://metrics.hotjar.io/ https://api.howuku.com/ https://api.howuku.com/ https://vc.hotjar.io/ https://consent-api.service.consent.usercentrics.eu/ https://google.com/ https://www.googleadservices.com/ ;worker-src 'self' blob: https://www.google.com/ ;frame-src 'self' https://p2-chat-use1.starcenter.star2star.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/ https://www.tradingview-widget.com/ ;frame-ancestors 'self' https://www.google.com/ ; 8 default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 8 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://*.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 8 frame-ancestors 'self' https://cms.hanleywood.com 8 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 8 frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 8 frame-ancestors *.lotvue.com *.insearch-ds.net resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 8 default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 8 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 8 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 8 frame-ancestors 'self' https://*.etracker.com 8 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8 default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 8 frame-ancestors 'self' https://*.akifast.com akifast.com https://*.akinoncloud.com akinoncloud.com 8 frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 8 frame-ancestors https://*.realitykings.com 8 connect-src 'self' at-cdn14.streamdiver.com https://eu-api.friendlycaptcha.eu tools.investis.com https://*.verbund.com https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/ https://region1.google-analytics.com/ https://www.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://ad.doubleclick.net; default-src 'self'; font-src 'self' https://consent.verbund.com/; frame-src 'self' base.streamdiver.com my.walls.io irs.tools.investis.com https://www.googletagmanager.com/ https://td.doubleclick.net/ https://14640621.fls.doubleclick.net/; img-src 'self' https://www.foto-webcam.eu https://kaprun.it-wms.com tile.geofabrik.de https://trck.spoteffects.net data: https://jobdata.prescreen.io https://content.prescreen.io https://chcloudverbundprod.blob.core.windows.net https://*.verbund.com https://a.storyblok.com https://consent.verbund.com/ https://www.google.at/ https://www.google.com https://www.googletagmanager.com/ https://px.ads.linkedin.com/ https://ad.doubleclick.net/ https://px4.ads.linkedin.com/ https://adservice.google.com; media-src 'self' data: blob: *;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.walls.io/ https://*.verbund.com/ https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://snap.licdn.com/ https://trck.spoteffects.net/; style-src 'self' 'unsafe-inline' https://verbund.matomo.cloud https://cdn.matomo.cloud/ https://consent.verbund.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/; worker-src blob: 8 default-src 'self'; script-src 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://chat.stream-io-api.com wss://chat.stream-io-api.com wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@6.7.0/ https://unpkg.com/theoplayer@7.6.1/ https://cdn.jsdelivr.net/npm/@mux/mux-data-theoplayer@5.1.7/ https://unpkg.com/theoplayer@8.12.1/THEOplayer.transmux.js https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://*.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net https://*.doubleverify.com https://*.clarity.ms https://sporza-api.stag.a51.be https://api.sporza.be https://resources.vudrm.tech https://*.litix.io https://cdnjs.cloudflare.com/polyfill/v3/ https://growthbook-api.datascience.a51.be https://*.streamabc.net; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net https://files.qualifio.com/library/vrt/fonts/; frame-src 'self' https://vrt.be https://*.vrt.be https://*.ketnet.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/ https://interactief.radio2.be https://interactief.radio1.be https://interactief.mnm.be https://interactief.stubru.be https://interactief.een.be; img-src 'self' data: https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com https://*.cloud.ovh.net https://dublin.stream-io-cdn.com/; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net https://resources.vudrm.tech https://vrt.simplecastaudio.com https://*.stream-io-cdn.com; worker-src 'self' blob:; 8 frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 8 frame-ancestors 'self' *.bambuser.com 8 'self' ; 8 default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 8 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 8 default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org https://maps.googleapis.com https://places.googleapis.com wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://identity.notion.so 8 default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 8 manifest-src 'self'; 8 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://s7.addthis.com https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' https:; frame-src 'self' https: https://www.google.com; object-src 'none'; frame-ancestors 'self';connect-src 'self' https://www.google-analytics.com https://analytics.google.com https:; 8 frame-ancestors https://auto-emotion.cupra.de https://showcase.cupra.de.showcase.dev.cupra.de 'self' 8 script-src https: 'unsafe-inline' 'unsafe-eval' 8 default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro securepubads.g.doubleclick.net *.gvt1.com accounts.google.com www.google.com *.googleadservices.com *.calendly.com *.drimify.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.adtrafficquality.google *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.youtu.be youtu.be *.youtube-nocookie.com youtube-nocookie.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com securepubads.g.doubleclick.net *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com securepubads.g.doubleclick.net *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * securepubads.g.doubleclick.net data: 'self'; base-uri 'self' ; frame-ancestors *.via-mobilis.com ; worker-src * data: blob: 8 frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 8 default-src 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; form-action 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.datadoghq-browser-agent.com browser-intake-datadoghq.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com static.lightning.force.com data:; upgrade-insecure-requests 8 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com https://*.rudderlabs.com/ blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline' https://*.rudderstack.com/; font-src * data: https:; frame-src *; 8 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src * 'self' blob: data:; connect-src *; font-src *; frame-src *; object-src 'none'; base-uri 'self' https://static-2v.gitbook.com; form-action 'self' https://static-2v.gitbook.com *; frame-ancestors https: ; 8 script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 8 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 8 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 8 frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.jsdelivr.net; font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com blob:; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' blob: 8 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 8 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 8 policy 8 default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 8 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 8 frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com *.salesforce-sites.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' *.salesforce-sites.com 7 frame-ancestors https://www.connectwise.com/ https://marketplace.connectwise.com/ https://prod2.marketplace.connectwise.com/ https://www.screenconnect.com/ https://prod2.screenconnect.com/ https://prod2.screenconnect.connectwise.com/ https://inte2.screenconnect.com/ https://prep2.screenconnect.com/ https://screenconnect.connectwise.com/ https://prod2.theitnation.com/ https://itnation.connectwise.com/ university.connectwise.com 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.brighttalk.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com *.zi-scripts.com assets.barracuda.com *.pixeltracker.co 7 default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn ai.azure.com *.ai.azure.com learn-video.azurefd.net docs.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 7 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 7 frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com 7 upgrade-insecure-requests; upgrade-insecure-requests; frame-ancestors *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.urbia.de *.vorname.com; frame-src *; 7 frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 7 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://gravatar.com https://www.gravatar.com; frame-src 'self' https://play.libsyn.com; base-uri 'none'; form-action 'self' https://duckduckgo.com; frame-ancestors 'none'; 7 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; connect-src https: wss: 'self'; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.canto.global *.cdn.office.net *.cdninstagram.com *.chatcaptain.com *.chathero.ai *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.fbcdn.net *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk-berlin.org *.ihk.de *.ihk24.de *.ihk24.ihk.de *.jobcluster.de *.kununu.com *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.stage.bio *.staticflickr.com *.stream24.net *.sweap.io *.sylphen.com *.thinglink.com *.thinglink.me *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com *.zynd.de api.flockler.app api.mapbox.com app.powerbi.com app.powr.io app.sli.do ausbildung.berlin auskunft.nvv.de baustellennavi.de berufsausbildung-aachen-ihk.de branchenpuls.odis-berlin.de bruecken.projekt.link bxb-festival.app cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.knightlab.com cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de client.inecos.de code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com cta.ihk.i40.de datawrapper.dwcdn.net detmold.ihk-beitragsrechner.de dihk.imageplant.de dms.licdn.com doo.net e.video-cdn.net easy-feedback.com easy-feedback.de embed.nexx.cloud embed.podcasts.apple.com eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com events.ihk-berlin.de expertenpool.automatisierungsregion.de fahrinfo.vbb.de fl-1.cdn.flockler.com fonts.gstatic.com geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.wvd-portfolio.de ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-essen.jobs.personio.de ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-wahl.info ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.prototype.berlin ihk.selbstdenker.com ihk24.epccm19.com ihk24.omq.de ihk24.omq.io ihkakademie.de ihknw.pi-asp.de imagemarker.com isi.hdb-hamburg.de jobs.guidecom.de jobs.ihk-niederrhein.de jsfiddle.net kasskada.de konjunkturboard-bw.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media-api.flockler.com media.graphassets.com media.graphcms.com media.licdn.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myihk.com myjobboard.de n873043.websitebuilder.online news.ihk-sh.de online.fliphtml5.com organigramm.cloud-ihk-cottbus.de p668079.webspaceconfig.de pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com pruefungen-cottbus-ihk.de publish.flyeralarm.digital rh1.chatmodul.de roundme.com s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de sihk-zu-hagen.jobs.personio.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.arttacsolutions.com static.dvinci-easy.com stats-api.flockler.app stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com vimeo.com w.soundcloud.com walls.io web.inxmail.com weltmetropole.app widget.taggbox.com widgets.lineupr-dev.com widgets.lineupr.com widgets.thh.tours wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.architekt-krieger.de www.ardmediathek.de www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.chatbase.co www.cybersicher-check.de www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-lehrstellenboerse.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-rlp.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.stadtradeln.de www.terminland.de www.total-lokal.de www.tvo.de www.vvs.de www.webstream.eu www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de zukunftsforum.app zvlms.fraunhofer.de zynd.de ; report-uri /blueprint/servlet/csplogging/logViolation ; 7 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 7 frame-ancestors *.npo.nl *.bijnpo.nl *.npotest.nl *.npoacc.nl 7 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 7 frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com quantserv.com adnxs.com impactradius-event.com dgm-au.com everestjs.net everesttech.net yahoo.com xg4ken.com *.online-metrix.net *.uplift.com *.quantummetric.com api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com *.nagich.com cloudfront.net bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com *.youtube-nocookie.com *.mypurecloud.com *.mypurecloud.com.au; 7 frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 7 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 7 default-src * 'unsafe-inline' 'unsafe-eval' data:; 7 frame-ancestors 'self' https://crm.test.doublefs.com https://crm.prod.doublefs.com; 7 frame-ancestors https://app.storyblok.com; 7 default-src 'self' atos.net *.atos.net eviden.com *.atos-consulting.net cdn.jsdelivr.net *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: code.jquery.com *.gravatar.com ps.w.org ams.wpml.org *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com *.linkedin.com *.google.com *.accountinsight.cloud *.licdn.com w.soundcloud.com *.aio-events.com *.appspot.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com smartslider3.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atos365.sharepoint.com; 7 frame-ancestors 'self' https://builder.io 7 frame-ancestors 'self' https://*.hotjar.com 7 ; 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.fakeshop-finder.de warnung.fakeshop-finder.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net *.verbraucherzentrale.de; 7 object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://a.optnmstr.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://bot.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tag.simpli.fi https://bat.bing.com https://www.bing.com https://i.simpli.fi https://consent.trustarc.com https://ad.doubleclick.net https://js.adsrvr.org js.zi-scripts.com ws.zoominfo.com tags.clickagy.com cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 7 frame-ancestors 'self' https://www.johnsoncontrols.com 7 worker-src 'self' https:; 7 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 7 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7 connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms www.google.com google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com googletagmanager.com https://maps.googleapis.com;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn https://maps.gstatic.com www.czechia.com;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms https://maps.googleapis.com/ https://mujtest.eu https://cdn.amcharts.com https://cdn.datatables.net 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk admin.regzone.cz *.csob.cz *.tatrabanka.sk www.googletagmanager.com www.facebook.com;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net https://docs.google.com mailing.zoner.eu www.googletagmanager.com https://mujtest.eu;report-uri /csp-report-endpoint; 7 block-all-mixed-content; default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://sc.lfeeder.com https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://app.readpeak.com/js/rpa.js https://sdworx.stackbase.nl/ https://tags.inzynk.io/6ol4roju/iztag.js https://*.inzynk.io https://vercel.live/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com https://secure.intelligent-business-7.com https://vercel.live https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://plugin.skedify.io https://*.sleeknote.com px.ads.linkedin.com/ *.convertexperiments.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://cdn.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://d-code.liadm.com/ https://*.vector.co https://*.usbrowserspeed.com https://*.ip-api.com; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://*.sleeknote.com https://fonts.googleapis.com https://cdn.jotfor.ms; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tr-rc.lfeeder.com https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://c.clarity.ms https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://vercel.com https://development-q5nzhaa-srgqxffdos4hk.eu-5.platformsh.site https://acceptance-yfiuy3a-srgqxffdos4hk.eu-5.platformsh.site https://sdworx-lms-cms.prd.reference.be https://strgeuwaccsdworxlearning.blob.core.windows.net https://static.landbot.io https://www.sdworx.com https://strgeuwprdsdworxlearning.blob.core.windows.net https://cdne-euw-acc-ext-sdworxlearning.azureedge.net https://cdne-euw-dev-ext-sdworxlearning.azureedge.net https://cdne-euw-prd-ext-sdworxlearning.azureedge.net blob: sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com https://lms-cms.prd.sdworx.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://www.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://*.sdworx.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.convertexperiments.com; font-src 'self' data: fonts.googleapis.com use.typekit.net https://use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com https://vercel.live https://assets.vercel.com https://cdn.jotfor.ms; connect-src 'self' *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com/wa/ https://sdworx.stackbase.nl/ px.ads.linkedin.com/ https://ldynamicspublicapi.leadforensics.com https://vercel.live wss://ws-us3.pusher.com https://*.ingest.sentry.io https://*.sleeknote.com *.convertexperiments.com https://*.inzynk.io https://bat.bing.net https://sdworx-payhr.co.uk/ https://*.leadinfo.net https://eu-api.jotform.com https://pro.ip-api.com/ https://api.vector.co/; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ https://eu-submit.jotform.com; frame-src https://player.springcast.app/ *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/ https://td.doubleclick.net/ https://vercel.live/ https://www.googletagmanager.com/ https://sdworx-payhr.co.uk/ https://forms.office.com/ https://widgets-cache.jotform.io https://www.jotform.com https://*.sdworx.com; worker-src 'self' blob:; media-src 'self' https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://lms-cms.prd.sdworx.com; frame-ancestors 'none'; object-src 'none' 7 upgrade-insecure-requests; frame-ancestors 'self' https://*.hihaho.com 7 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 7 frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com; 7 frame-ancestors https://*.com 7 script-src 'self'; 7 frame-ancestors self; 7 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self' 7 default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://the.sciencebehindecommerce.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://lh3.google.com https://lh3.googleusercontent.com https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com https://lantern.roeye.com https://lantern.roeyecdn.com https://www.wepowerconnections.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://the.sciencebehindecommerce.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 7 default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 7 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 7 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: 'self' https://*.typekit.net https://fonts.gstatic.com https://c1.sfdcstatic.com; media-src 'self' https://*.cloudfront.net https://*.vo.msecnd.net; worker-src 'self' blob: *; form-action 'self' https://www.facebook.com/tr/ https://*.cdn-net.com https://www.pages01.net https://*.sandbox.my.salesforce.com https://*.sandbox.my.site.com https://*.acco1.my.salesforce.com https://*.acco1.my.site.com; frame-ancestors 'self'; 7 frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 7 frame-ancestors 'none'; object-src 'none'; 7 default-src https: data: wss://*.qualified.com wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 7 default-src https: 7 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src blob:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 7 frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 7 frame-src 'self' https://js.stripe.com https://app.aiden.cx https://api.dpdconnect.nl https://www.youtube.com https://www.obelink.be https://vars.hotjar.com https://www.facebook.com https://surfly.com https://www.google.com https://docs.google.com https://api.growthbook.io https://tcp.googlesyndication.com; 7 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 7 nosniff 7 object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com;; frame-ancestors 'self'; 7 default-src http: data: 'unsafe-inline' 'unsafe-eval' 7 frame-ancestors https://faucetpay.io https://coinpayu.com https://cointiply.com https://faucetcrypto.com https://adbtc.top https://viefaucet.com https://firefaucet.win https://autofaucet.dutchycorp.space https://claimfreecoins.io; 7 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 7 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 7 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 7 font-src fonts.gstatic.com use.typekit.net *.cdnfonts.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.google.com/ https://www.youtube.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://www.magezon.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://www.facebook.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ https://cdn.cookielaw.org/ https://vibra.work/ https://lavenderblush-shrew-391234.hostingersite.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com www.googletagmanager.com *.fontawesome.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.cdnfonts.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://www.mcprod.courts.com *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com thm.visa.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.criteo.com *.criteo.net https://ib.adnxs.com https://sync-t1.taboola.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://criteo-sync.teads.tv/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://sync.1rx.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 7 frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 7 default-src * 'unsafe-inline' 'unsafe-eval' data: 7 default-src 'self' data: blob: *.conac.cn *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 7 default-src https: 'unsafe-inline' 'unsafe-eval' data: 7 default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 7 frame-ancestors 'self'; report-to csp-reports; 7 default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 7 object-src 'self' data: 7 img-src data: 'self' https: blob: https://www.facebook.com https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://www.paypal.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://assets.calendly.com/assets/external/widget.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline'; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; default-src 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://www.googletagmanager.com/; 7 default-src 'self';frame-src 'self' *.youtube.com youtu.be *.smartertools.com docs.google.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 7 object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 7 upgrade-insecure-requests; base-uri 'self'; 7 frame-ancestors https://*.myshopify.com https://admin.shopify.com 7 default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-src https: data: intent:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 7 frame-ancestors 'self' yousign.app; 7 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 7 manifest-src 'self' 7 font-src https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: *.typekit.net *.moprestamo.com *.connectif.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.weltpixel.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.paynet.com.mx *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com *.google.com https://www.google.com.ar https://www.google.cl https://www.google.com.pe https://www.google.co.ve https://coliseumstorehelp.zendesk.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.postimg.cc *.openpay.mx 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com *.scene7.com p.typekit.net *.gstatic.com *.googleapis.com *.google.cl *.hotjar.com *.google.com.co *.mercadopago.cl *.mercadopago.com.pe *.bing.com *.clarity.ms *.notifications-icommkt.com *.track-icommkt.com *.connectif.cloud *.converse.cl *.converse.com.pe *.newbalance.com.pe *.merrell.com.pe *.stevemadden.com.pe *.catlifestyle.pe coliseumstore.cl *.coliseumstore.cl *.coliseum.com.pe www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com https://coliseumstorehelp.zendesk.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://api.smooch.io https://api.smooch.io/faye *.woowup.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.magento-ds.com amcglobal.sc.omtrdc.net use.typekit.net *.online-metrix.net *.converse.cl *.google.cl *.hotjar.com *.getblue.io *.connectif.cloud *.tiktok.com *.bing.com *.emarsys.net *.clarity.ms *.cloudfront.net *.crazyegg.com *.zdassets.com *.vnforapps.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.moprestamo.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.apurata.com https://coliseumstorehelp.zendesk.com *.openpay.mx *.openpay.co *.openpay.pe wss://api.smooch.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* *.snplow.net *.pingdom.net *.woorank.com *.adobe.io *.adobedc.net *.youtube.com *.googleapis.com *.magento-ds.com performance.typekit.net *.sentry.io *.converse.cl *.google.cl *.hotjar.com wss://ws.hotjar.com *.hotjar.io stats.g.doubleclick.net *.google.com.co *.tiktok.com *.connectif.cloud *.bing.com notifications-icommkt.com track-icommkt.com *.crazyegg.com *.clarity.ms *.zdassets.com *.powerpay.pe apurata.com *.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 script-src 'self'; object-src 'self' 7 default-src * 'unsafe-inline' 'unsafe-eval'; 7 default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net *.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://api.maptiler.com https://cdn.maptiler.com https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://kit.fontawesome.com/ https://api.mapbox.com/ https://*.hotjar.com https://*.hotjar.io https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o4507096105549824.ingest.de.sentry.io https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.facebook.com https://api.stripe.com https://api.maptiler.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://ka-p.fontawesome.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://o4507096105549824.ingest.de.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://*.visualwebsiteoptimizer.com https://app.vwo.com https://unpkg.com/@rive-app/ https://cdn.jsdelivr.net/npm/@rive-app/; frame-src 'self' https://www.google.com https://td.doubleclick.net/ https://*.googletagmanager.com https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://*.hotjar.com https://*.hotjar.io https://*.surveymonkey.com/ https://app.vwo.com https://*.visualwebsiteoptimizer.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://*.hotjar.com https://*.hotjar.io https://app.vwo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self'; object-src 'none' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.maptiler.com; 7 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.erwinhymergroup.com https://*.laika.it 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://res.cloudinary.com https://images.unsplash.com https://*.discordapp.net https://cdn.t4b.top https://img.t4b.top https://lh3.googleusercontent.com; connect-src 'self' https://api.garenabd.com https://us.i.posthog.com; frame-src 'self' https://www.youtube.com https://youtube.com; 7 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 7 default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 7 frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net *.contentsquare.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.redditstatic.com *.serving-sys.com *.taboola.com *.xo-matic.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn-assets-prod.s3.amazonaws.com cdn.inis360.com cdn.oribi.io cloudrizon.formstack.com contactis.ua graph.facebook.com heizungonline.vaillant.de heyzine.com io.fusedeck.net mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.instalxpert.be www.recaptcha.net; connect-src 'self' ws: *.adform.net *.analytics.google.com *.bing.com *.bing.net *.clarity.ms *.contentsquare.net *.criteo.com *.delivery.consentmanager.net *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.reddit.com *.redditstatic.com *.serving-sys.com *.taboola.com *.xo-matic.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es capig.stape.cc heizungonline.vaillant.de ib.adnxs.com ice.360yield.com logx.optimizely.com mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it s.yimg.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.loyjoy.com *.zenloop.com app.optimizely.com cdn01l.vaillant-group.com cloudrizon.formstack.com contactis.ua fonts.googleapis.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it tagmanager.google.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.1rx.io *.adalyser.com *.adform.net *.adlmerge.com *.adroll.com *.agkn.com *.atemda.com *.bidswitch.net *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.contentsquare.net *.creativecdn.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.glp8.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hit.gemius.pl *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.reddit.com *.taboola.com *.xo-matic.com a.mgid.com a.twiago.com aax-eu.amazon-adsystem.com ad.360yield.com ad.as.amanad.adtdp.com ad.mail.ru ad.tpmn.co.kr ad.yieldlab.net ad.yieldlab.net adasta-pbs.relevant-digital.com adlmerge.com adn.caprofitx.com ads.betweendigital.com ads.betweendigital.com ads.enjoy4fun.com ads.stickyadstv.com ads.yieldmo.com an.yandex.ru an.yandex.ru analytics.ad.daum.net api.gov-img.site app.optimizely.com atemda.com bbnaut.ibillboard.com bbnaut.ibillboard.com bh.contextweb.com bh.contextweb.com c.seznam.cz c1.adform.net capturemedia-assets.com cdn.optimizely.com cdn.performax.cz cdn01l.vaillant-group.com ce.lijit.com clientes.saunierduval.es clientes.vaillant.es cm.adform.net cm.g.doubleclick.net cm.gammaplatform.com cm.gammaplatform.com cm.mgid.com cmeu.hit.gemius.pl cm-exchange.toast.com cmrtbhpl.hit.gemius.pl contactis.ua contextual.media.net cookiesync.axis-marketplace.com cookiesyncgotham.com criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp cs.gssprt.jp cs.gssprt.jp cs.mobfox.com cs.yellowblue.io cstb.adsinteractive.com csync.loopme.me csync.smilewanted.com delivery.swid.switchads.com delivery.swid.switchads.com dis.criteo.com dmx.districtm.io dot.wp.pl dpm.demdex.net dsum-sec.casalemedia.com dsum-sec.casalemedia.com e1.emxdgt.com e1.emxdgt.com eb2.3lift.com eb2.3lift.com eexsync.com elb.the-ozone-project.com exchange.mediavine.com fast.nexx360.io fusedeck.com goo.gamx.io gum.criteo.com hb.adtarget.com.tr hb.r2b2.cz hb.r2b2.io hb.yahoo.net hb.yahoo.net hbx.media.net heizungonline.vaillant.de ib.adnxs.com ib.adnxs.com ice.360yield.com ice.360yield.com id5-sync.com idsync.admixer.co.kr idsync.rlcdn.com ih.adscale.de ih.adscale.de inv-nets.admixer.net jadserve.postrelease.com localhost mapping.lacunads.com match.c8.net.ua match.c8.net.ua match.sharethrough.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mixer.mobon.net mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl ms-cookie-sync.presage.io mynet-pbs.theadx.com offer.vaillant.be offerte.bulex.be offre.bulex.be onetag-sys.com optimics-ads.aimatch.com pbjs.digitalmatter.services pbs.optidigital.com pbs.yahoo.com pixel.rubiconproject.com pixel.rubiconproject.com pixel.s3xified.com pixel.tapad.com prebid.admatic.de prebid.adocean.pl prebid.adtarget.com.tr prebid.jixie.io prebid.monetixads.com prebid.pixad.com.tr prebid.serve.admatic.com.tr prebid-s2s.media.net prebid-server.pbstck.com prebid-server.rtbhouse.net prebid-server.rubiconproject.com prebid-stag.setupad.net preventivi.vaillant.it profile.ssp.rambler.ru profile.ssp.rambler.ru public-prod-dspcookiematching.dmxleo.com r.casalemedia.com res.cloudinary.com rm.em.nscontext.eu rm.em.nscontext.eu router.infolinks.com rt.marphezis.com rt.udmserve.net rtb.adxpremium.services rtb-csync.smartadserver.com rtb-server.valuad.io s.ad.smaato.net s.amazon-adsystem.com s.seedtag.com s2s.yieldbird.com s-cs.rmp.rakuten.com s-cs.send.microad.jp s-cs.send.microad.jp server.seadform.net simage2.pubmatic.com simage2.pubmatic.com sofia.trustx.org sp.analytics.yahoo.com sp.gmossp-sp.jp ssc-cms.33across.com ssp.adriver.ru ssp.adriver.ru ssp.api.tappx.com ssp.wp.pl ssp-csync.smartadserver.com ssp-csync.smartadserver.com static.cleverpush.com sync.1rx.io sync.addlv.smt.docomo.ne.jp sync.adkernel.com sync.ad-stir.com sync.adtech.ink sync.adtelligent.com sync.aniview.com sync.bidence.net sync.bidmatic.io sync.cenarius.orangeclickmedia.com sync.connectad.io sync.console.adtarget.com.tr sync.cootlogix.com sync.dmp.otm-r.com sync.e-planning.net sync.go.sonobi.com sync.inmobi.com sync.kueezrtb.com sync.outbrain.com sync.pubrise.ai sync.taboola.com sync.teads.tv sync-criteo.ads.yieldmo.com sync-service.net t.adx.opera.com t.visx.net tg.socdm.com tg.socdm.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de toolbox-gb-glowworm.prod.cloud.heatingonline.de u.4dex.io ups.analytics.yahoo.com us.ck-ie.com us.ck-ie.com us.shb-sync.com us-east-pbs.automatad.com usersync.gumgum.com usersync-america.rtblab.net us-u.openx.net us-u.openx.net verkoopkansen.vaillant.nl vid.vidoomy.com visitor.omnitagjs.com visitor.omnitagjs.com x.bidswitch.net z.cdn.adtarget.market; font-src 'self' data: *.loyjoy.com cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it script.hotjar.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' *.columbusconnect.it *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant-group.com *.vaillant.es eshopspares.protherm.sk http://sso.wigam.com http://www.columbusconnect.it https://sso.wigam.com:8016 pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at sso.wigam.com; frame-src 'self' *.adform.net *.adroll.com *.captivate.fm *.cdn-pci.optimizely.com *.cdn.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.elf.site *.g.doubleclick.net *.google.com *.oplead.com *.pinterest.com *.protherm.cz *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.taboola.com *.xo-matic.com *.vaillant-systeme.de *.vaillant.es *.vaillant.ua *.vaillantkotle.cz *.vanmarcke.com 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com apps.vaillantgroup.org bayi.demirdokum.net cat.hermann-saunierduval.it cat.vaillant.it cloud.at.vgmarketingcloud.com contotermicohsd.vaillantgroup.it contotermicovaillant.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de heyzine.com identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at optimum.vaillant.pl pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.hermann-saunierduval.it powerfinder.vaillant.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch www.foerderdata.at www.foerdermittelauskunft.de www.googletagmanager.com www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com wwwvaillantbe.mycleverpush.com; 7 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googletagmanager.com https://www.google-analytics.com https://web.cmp.usercentrics.eu; style-src 'report-sample' 'self' 'unsafe-inline' https://web.cmp.usercentrics.eu; connect-src 'self' https://app.qweb.nl https://www.foxxl.hosting https://*.google-analytics.com https://*.pingdom.net https://v1.api.service.cmp.usercentrics.eu; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self' https://app.qweb.nl; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 7 upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 7 frame-ancestors 'self' http://*.elsevier.es/ 7 default-src 'self' data: blob: ; worker-src 'self' data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com *.blackhawknetwork.com *.bhn.cards assets.adobedtm.com; script-src-attr 'unsafe-inline' *.blackhawknetwork.com; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com adobedc.demdex.net metrics.mycardwallet.com *.bhn.cards; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com https://*.hotjar.com; frame-src *; object-src 'none'; media-src 'self' *.iesnare.com data:; frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self'; form-action 'self'; upgrade-insecure-requests 7 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com https://auth.services.adobe.com/ 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com https://js.klevu.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com https://s.pinimg.com/ct/core.js ct.pinterest.com s.pinimg.com/ct/ *.usablenet.com bam.nr-data.net js-agent.newrelic.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net https://download-video-ak.vimeocdn.com/v3-1/playback/9fd159ef-cfc8-425b-b81d-00002b57d3dd/9f99cd6f-bf6cd135 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com cdnjs.cloudflare.com polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com https://auth.services.adobe.com/ www.facebook.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com cdnjs.cloudflare.com https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com https://www.facebook.com/ *.truevaultcdn.com *.mapbox.com *.marketingcloudfx.com *.leadmanagerfx.com bam.nr-data.net *.tiktok.com recs.listrakbi.com *.mmapiws.com paypal.com *.googleapis.com maps.googleapis.com https://ct.pinterest.com/v3/ https://ct.pinterest.com/user/ ws://localhost:* https://prod-40.westus.logic.azure.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com www.gstatic.com *.tiktok.com recs.listrakbi.com wss://*.hotjar.com/ 'self' 'unsafe-inline'; 7 frame-ancestors 'self' weleda.sabio.de 7 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 7 frame-ancestors 'self' https://accept.authorize.net 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 7 default-src https: wss:;style-src https: data: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: blob: data: 'unsafe-inline';connect-src https: wss: feed: 7 frame-ancestors 'self' https://www.mtbiker.sk; 7 default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com https://ct.pinterest.com https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net https://*.bridgestoneresources.com data:; media-src 'self' https://assets.bridgestonetire.com 7 style-src * 'self' 'unsafe-inline'; 7 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 7 default-src 'none'; connect-src https://yastatic.net http://pagead2.googlesyndication.com *.yandex.ru https://csi.gstatic.com https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://pagead2.googlesyndication.com https://www.google-analytics.com yandex.ru https://ymetrica1.com *.google.com https://*.strm.yandex.net 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://mc.yandex.com https://rutube.ru https://player.vimeo.com https://nuum.ru https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://ad.mail.ru https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.hk https://adservice.google.com.lb https://adservice.google.com.mx https://adservice.google.com.ng https://adservice.google.com.pa https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; report-uri /csp-report.php 7 report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=_pH5SjQDVfKbITX-PQbrq&v=5; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/webapp-desktop/static/worker/ 6 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 6 frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 6 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru connect.ok.ru https://connect.ok.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 6 frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 6 default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru content.adriver.ru *.criteo.com *.criteo.net data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru embed.bsky.app *.exelator.com *.facebook.com vk.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com ssp.24smi.net static.smi2cdn.ru static.smi2.net static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com *.weborama.fm weborama.fm *.weborama.fr weborama.fr *.weborama.ru weborama.ru *.weborama-tech.ru weborama-tech.ru *.webturn.ru *.webvisor.org *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.adriver.ru ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com export-download.canva.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru sve.online.sberbank.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru *.webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.net *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: blob: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 6 frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com; 6 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments-prod-test-stable.corp.google.com https://payments.google.com/ https://www.youtube.com https://youtube.googleapis.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/Gstore/cspreport/allowlist;worker-src blob: 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.google.com *.gstatic.com *.sportradar.com https://bugcrowd.com/ https://connect.facebook.net https://www.google-analytics.com https://www.youtube.com https://pi.pardot.com https://snap.licdn.com https://googleads.g.doubleclick.net https://prod-origin.truendo.com https://analytics.tiktok.com https://tag.demandbase.com https://j.6sc.co https://cdn.priv.center *.containers.piwik.pro *.smartrecruiters.com *.googletagmanager.com *.hotjar.com https://nitroscripts.com/ *.nitrocdn.com; frame-src 'self' 'unsafe-inline' https://s.company-target.com/ https://bugcrowd.com/ https://a.sportradarserving.com https://td.doubleclick.net *.youtube.com *.youtu.be *.smartrecruiters.com *.priv.center https://sportradar.pathfactoryeu.com/ *.linkedin.com *.piwik.pro https://analytics.tiktok.com tag.demandbase.com *.atriumsports.com *.facebook.net https://xss.hex.run/ https://www.smartrecruiters.com/ https://static.smartrecruiters.com/ *.sportradar.com https://googletagmanager.com www.gstatic.com www.googletagmanager.com *.google.com *.recaptcha.net https://www.google-analytics.com www.google-analytics.com https://fonts.googleapis.com https://cdn.priv.center/ https://www.googleadservices.com https://static.hotjar.com https://snap.licdn.com https://pi.pardot.com https://prod-origin.truendo.com https://googleads.g.doubleclick.net *.onetrust.com/; img-src * data: 'self' blob:; media-src * 'self'; connect-src * https://www.google-analytics.com www.google-analytics.com; font-src * data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; style-src * 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; 6 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 6 frame-ancestors 'self' *.zdnet.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 6 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru error-hub.tbank.ru www.cdn-tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru www.tbank.ru business.tbank.ru cobrowsing.tbank.ru mddc.tinkoff.ru api-statist.tinkoff.ru geocode-maps.yandex.ru imgproxy.cdn-tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com https://*.1tv.ru/; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com https://*.1tv.ru/; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://*.1tv.ru/ https://download.srv-hub.org/; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pfphome/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru 6 frame-ancestors 'self' *.lycos.com 6 frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 6 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 6 default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'inline-speculation-rules' https://cdn.heapanalytics.com *.heapanalytics.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.youtube.com *.doubleclick.net cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;style-src 'self' 'unsafe-inline' vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;img-src 'self' blob: data: *.github.io avatars.githubusercontent.com user-images.githubusercontent.com vercel.com vercel.live *.vercel.sh assets.vercel.com cdn.raster.app https://images.ctfassets.net https://heapanalytics.com https://*.ads.linkedin.com https://www.google.com https://i.ytimg.com https://s3.amazonaws.com pbs.twimg.com https://www.gravatar.com;media-src 'self' blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;connect-src 'self' data: *.chilipiper.com *.ingest.sentry.io *.ingest.us.sentry.io wss://ws-us3.pusher.com sockjs-use3.pusher.com https://api.getkoala.com https://analytics.google.com https://www.google-analytics.com *.ads.linkedin.com *.doubleclick.net react-tweet.vercel.app vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;font-src 'self' vercel.com assets.vercel.com vercel.live fonts.gstatic.com *.vercel.sh;frame-ancestors 'self' https://vercel.com 6 frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 6 form-action https: 6 default-src 'self'; media-src https://static.zdassets.com https://res.cloudinary.com https://pmecdn.protonweb.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://telemetry.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me https://noembed.com https://boards-api.greenhouse.io https://proton.me https://*.paypal.com https://*.paypalobjects.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com https://pmecdn.protonweb.com https://www.youtube.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://pmecdn.protonweb.com https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://pmecdn.protonweb.com; img-src 'self' data: blob: https:; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; object-src 'self' data: blob:; child-src 'self' data: blob: https://*.paypal.com https://*.paypalobjects.com; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self' https://*.proton.me; 6 frame-ancestors 'self' https://dashboard.weglot.com https://*.translations.weglot.io; base-uri 'self'; upgrade-insecure-requests; 6 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com; frame-ancestors 'self' https://cms.hosting.com; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 6 worker-src * 6 base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://*.mindbox.ru https://events.nethouse.ru https://fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://vk.com https://*.vk.com https://*.mindbox.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://*.googlesyndication.com https://tr.lfeeder.com https://www.google.ru https://*.adtrafficquality.google https://tr-rc.lfeeder.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google.com https://fonts.googleapis.com https://*.mindbox.ru https://media2.giphy.com *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://*.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://analytics.google.com https://*.analytics.google.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://*.adtrafficquality.google https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yandex.com https://uaas.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru https://*.ahrefs.com/ wss://*.jivosite.com wss://*.jivo.ru *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru https://mc.yandex.com; frame-src 'self' *.jivo.ru *.jivosite.com https://*.youtube.com https://vk.com https://vkvideo.ru/ https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://*.facebook.com https://top-fwz1.mail.ru https://*.adtrafficquality.google https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 6 default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' nic.bradesco imprensa.bradesco vivaprime.bradesco assets.bradesco *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://canalconsorciado.bradesco.com.br *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br; img-src * 'self' data: https:; font-src * 'self' data:; media-src * 'self' data: 6 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src ct.pinterest.com s.pinimg.com app.link cdn.branch.io *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel bat.bing.com *.dwin1.com lhopa01.custhelp.com rum.hlx.page 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.lufthansa.com; 6 frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 6 frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 6 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.motorola.com;media-src https: blob: data; img-src https: data: blob:; 6 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 6 frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline' blob:;style-src * 'unsafe-inline';worker-src * blob: 6 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com https://siteblocks.com; 6 frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 6 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 6 default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 6 frame-ancestors 'self' 6 frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://dspart004-eu1-partners-ifwe.3dexperience.3ds.com https://dspart011-eu1-partners-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com; base-uri 'self' 6 frame-ancestors 'none'; base-uri 'self'; 6 frame-ancestors 'self' nielseniq.com *.nielseniq.com; 6 frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; object-src 'none'; form-action 'self'; 6 default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 6 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' js.driftt.com widget.drift.com ametekemip--dev.sandbox.my.site.com ametekemip.my.site.com enterprise-demo.tfaforms.net js.sentry-cdn.com affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' js.driftt.com widget.drift.com enterprise-demo.tfaforms.net service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.akamaihd.net manifest.prod.boltdns.net *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 6 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self' blob:; block-all-mixed-content 6 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com *.vercel.app cdnjs.cloudflare.com https://community.cisco.com/; 6 default-src 'none'; media-src 'self' *.scene7.com *.stryker.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scene7.com *.cookielaw.org *.cvent-assets.com *.cvent.com *.doubleclick.net *.facebook.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.hlx.page *.licdn.com *.marketo.com *.marketo.net *.mktoweb.com *.serving-sys.com *.smtrk.net *.stackadapt.com *.stryker.com *.tribalfusion.com *.zi-scripts.com *.zoominfo.com assets.adobedtm.com bh.contextweb.com magnetic.t.domdex.com maps.googleapis.com pixel.mathtag.com rules.quantcount.com s.ytimg.com secure.quantserve.com ssl.google-analytics.com stryker-h.assetsadobe.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com blob:; connect-src 'self' https://*; img-src 'self' data: https://*; style-src 'self' 'unsafe-inline' *.cvent-assets.com *.mktoweb.com *.scene7.com *.stackadapt.com *.stryker.com fast.fonts.net fonts.googleapis.com www.gstatic.com; font-src 'self' https://*; manifest-src 'self'; frame-src 'self' https://*; frame-ancestors 'self' *.adobecqms.net; block-all-mixed-content; upgrade-insecure-requests; 6 frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 6 default-src bf11981lkb.bf.dynatrace.com *.contentsquare.net *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.attribution.adswizz.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net stconsumercaseapiq01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com brp--qacopy.sandbox.my.salesforce-sites.com sp.analytics.yahoo.com *.ski-doo.com *.adsrvr.org alb.reddit.com *.googlesyndication.com data.adxcel-ec2.com s.pinimg.com yulvr.ca www.redditstatic.com ct.pinterest.com brp--digitaldev.sandbox.my.site.com brp--digitaldev.sandbox.my.salesforce-scrt.com *.axept.io *.axeptio.eu axeptio.imgix.net conversions-config.reddit.com pixel-config.reddit.com bat.bing.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; 6 default-src *; img-src 'self' 'unsafe-eval' data: https://ct.capterra.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.youtube.com/embed/ blob:; style-src * 'unsafe-inline'; font-src * data:; media-src *; frame-src * https://www.youtube.com https://www.youtube.com/embed/ data:; worker-src blob:; 6 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mm-uxrv.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; frame-src 'self' colocation-hosting.safenames.net/ https://interactive-img.com https://www.youtube.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://uatmytaj.tajhotels.com https://mytaj.tajhotels.com https://mytajsats.honohr.com https://mytajsats.hono.ai 6 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 6 img-src * data: 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://google.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://*.g2.com https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com https://*.goconsensus.com https://*.metadata.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com; style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com; 6 block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 6 frame-ancestors www.kaufland.de www.kaufland-pp.de media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com leaflets.kaufland.com 'self' 6 frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 6 frame-ancestors 'self' https://www.ringier-advertising.ch https://ringier-staging.hacepiby.cyon.site https://blumen.palantirfoundry.de; 6 worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com https://js.storylane.io https://peoplefluent.storylane.io;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.googleadservices.com https://bat.bing.net https://js.storylane.io https://peoplefluent.storylane.io https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://www.googleadservices.com https://bat.bing.net https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io 6 frame-ancestors 'self' https://cdn.adkaora.space; 6 upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 6 img-src 'self' data: https: 6 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 6 frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 6 default-src 'self' https:; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self' *.ahc.root.loc *.dirsvcs.org *.epichosted.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 6 frame-ancestors https://*.netinfo.bg/ 6 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self' https: 6 default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self' apac.marketing.adobe.com 6 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 6 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 6 frame-ancestors 'self' https://translate.google.com 6 upgrade-insecure-requests; base-uri 'none'; default-src 'self' https://*.crazyegg.com; connect-src 'self' https: ws: https://*.crazyegg.com; img-src 'self' https: data: blob: https://*.sovos.com https://cdn.bfldr.com https://*.crazyegg.com; media-src 'self' data: blob: https://*.sovos.com; object-src 'self' https://*.sovos.com https://cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; worker-src 'self' blob:; frame-src 'self' https://*.sovos.com https://*.youtube.com https://*.marketo.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://documentcloud.adobe.com https://*.flowpaper.com https://e.infogram.com https://td.doubleclick.net https://recruit.hirebridge.com https://maps.google.com https://app.getreprise.com https://cdn.bfldr.com https://*.crazyegg.com; frame-ancestors 'self' https://*.sovos.com; 6 frame-ancestors 'self' *.hivelocity.net 6 frame-ancestors 'self' https://eu-app.contentstack.com https://app.storyblok.com; report-uri /_/reports 6 base-uri 'self'; connect-src 'self' blob: data: https://*.applicationinsights.azure.com https://matomo.dekra.bawue.com https://*.clarity.ms https://c.bing.com https://*.g.doubleclick.net https://dekra-dev-search-api.e-spirit.cloud https://dekra-search-api.e-spirit.cloud https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://*.linkedin.com https://api.newsletter2go.com https://*.snapengage.com https://bat.bing.net https://bat.bing.com https://mapsresources-pa.googleapis.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com; default-src 'self'; manifest-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting; frame-src 'self' https://*.doubleclick.net https://vars.hotjar.com https://player.vimeo.com https://www.youtube.com https://v.qq.com https://hemsync.clickagy.com https://dekracloud.sharepoint.com; img-src 'self' data: https://*.baidu.com https://*.bing.com https://*.clarity.ms https://media.dekra.com https://media-test.dekra.com https://*.g.doubleclick.net https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hotjar.com https://px.ads.linkedin.com https://*.snapengage.com https://i.ytimg.com https://twin-iq.kickfire.com https://bat.bing.net https://bat.bing.com; media-src https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://dkrcamarasprt.cl:502 https://dkrcamarasprt.cl:503 https://dkrcamarasprt.cl:504 https://dkrcamarasprt.cl:505 https://dkrcamarasprt.cl:506 https://dkrcamarasprt.cl:507 https://dkrcamarasprt.cl:508 https://dkrcamarasprt.cl:509; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://hm.baidu.com https://matomo.dekra.bawue.com https://www.clarity.ms https://googleads.g.doubleclick.net https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapengage.com https://twin-iq.kickfire.com https://webforms-live.dekra.com/static/formcentric.js https://bat.bing.net https://bat.bing.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; worker-src blob:; upgrade-insecure-requests 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vlibras.gov.br https://www.vlibras.gov.br https://www.googletagmanager.com https://atlas.microsoft.com https://www.google-analytics.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.ba.gov.br https://ba.gov.br https://use.fontawesome.com https://www.chatbase.co https://www.instagram.com https://platform.twitter.com; script-src-elem 'self' 'unsafe-inline' blob: https://vlibras.gov.br https://www.vlibras.gov.br https://www.googletagmanager.com https://atlas.microsoft.com https://www.google-analytics.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://apis.google.com https://use.fontawesome.com https://www.chatbase.co https://www.instagram.com https://platform.twitter.com https://unpkg.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.ba.gov.br https://ba.gov.br https://cdn.jsdelivr.net https://unpkg.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://atlas.microsoft.com https://vlibras.gov.br https://www.vlibras.gov.br; connect-src 'self' https://atlas.microsoft.com https://servicosaocidadao.ba.gov.br https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://acessos.vlibras.gov.br https://dicionario2.vlibras.gov.br https://vlibras.gov.br https://cdn.jsdelivr.net https://traducao2.vlibras.gov.br https://www.google.com https://apis.google.com https://www.chatbase.co https://saojoaodabahia.ba.gov.br; frame-src 'self' https://www.youtube.com https://www.google.com https://nuvidio.com https://app.powerbi.com https://prodeb-sac-digital.firebaseapp.com https://gestor.meioambiente.ba.gov.br https://www.chatbase.co https://platform.twitter.com https://www.instagram.com https://publicacao.egba.ba.gov.br https://www.transparencia.ba.gov.br https://calendar.google.com https://copilotstudio.microsoft.com https://services.pge.ba.gov.br; frame-ancestors 'self' https://www.google.com; worker-src 'self' blob:; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 6 frame-ancestors 'self' app.amplience.net https://*.emarsys.net https://*.scarabresearch.com; upgrade-insecure-requests; 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; 6 default-src https:; font-src 'unsafe-inline' https: data:; child-src https: blob:; connect-src https: blob:; worker-src https: blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; object-src; base-uri 'none'; style-src 'unsafe-inline' https: data:; img-src https: data:; 6 frame-ancestors 'self' https://dlinz.sharepoint.com; 6 frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 6 default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net *.centerwatch.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com unpkg.com *.unpkg.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com gstatic.com *.gstatic.com pki.goog *.pki.goog *.google.com googleapis.com *.googleapis.com js.zi-scripts.com *.centerwatch.com *.sentry-cdn.com *.mktoweb.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com *.centerwatch.com *.mktoweb.com; object-src 'self' *.wcgclinical.com *.wcgirb.com *.centerwatch.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net js.zi-scripts.com *.centerwatch.com *.google.com; font-src 'self' fast.wistia.com fonts.gstatic.com *.centerwatch.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com *.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com *.centerwatch.com www.googletagmanager.com *.mktoweb.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org *.centerwatch.com *.mktoweb.com data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com *.centerwatch.com data: blob:; worker-src 'self' blob:; 6 frame-ancestors 'self' https://triple.nl/; 6 default-src 'self'; style-src 'self' 'unsafe-inline'; 6 upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 6 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com https://site-concierge.driftt.com blob: https://www.g2.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://tracking.g2crowd.com https://tracking-api.production.g2.com https://tracking-api.g2.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://job-boards.greenhouse.io/ https://www.g2.com/; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; 6 frame-ancestors 'self';; upgrade-insecure-requests 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871 tools.eurolandir.com tools.euroland.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat analytics.tiktok.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 6 frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 6 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com api.smooch.io wss://api.smooch.io https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com *.adobedtm.com api.smooch.io wss://api.smooch.io wheelpros.tt.omtrdc.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 default-src 'self'; base-uri 'self'; connect-src 'self' *.clarity.ms https://tracking-api.g2.com https://consent.cookiebot.com https://q.clarity.ms/collect https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://api.herefish.com https://c.6sc.co https://consentcdn.cookiebot.com https://distillery.wistia.com *.applicationinsights.azure.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://ipv6.6sc.co https://js.zi-scripts.com https://l.sharethis.com https://pipedream.wistia.com https://px.ads.linkedin.com https://r.clarity.ms https://stats.g.doubleclick.net https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com *.crwdcntrl.net https://fg8vvsvnieiv3ej16jby.litix.io https://forms.hsforms.com; font-src 'self' *.epiqglobal.com *.bluemod.us https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://fast.wistia.com; frame-src 'self' *.epiqglobal.com https://app.herefish.com https://www.googletagmanager.com https://form.typeform.com https://www.youtube.com https://fast.wistia.net https://player.vimeo.com https://www.g2.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://t.sharethis.com https://www.google.com https://go.epiqglobal.com/ https://www.buzzsprout.com; frame-ancestors 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me; img-src 'self' data: *.bing.com *.clarity.ms *.bluemod.us *.bludmod.me *.epiqglobal.com *.linkedin.com https://googleads.g.doubleclick.net https://f.hubspotusercontent20.net https://insights.hgpresearch.com https://privacy-policy.truste.com https://pic3.zhimg.com https://pages.hyperiongp.com https://besixth.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://storage.pardot.com https://via.placeholder.com *.sharethis.com https://b.6sc.co https://fast.wistia.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://forms-na1.hsforms.com/embed/v3/counters.gif; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; report-uri https://6658ad1fa52bdea0f50df6d5.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.herefish.com https://www.epiqglobal.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://embed.typeform.com https://fast.wistia.net https://player.vimeo.com https://www.googletagmanager.com https://platform-api.sharethis.com/panorama.js https://api.herefish.com/scripts/hf.js https://buttons-config.sharethis.com/js/60c0851926c3eb001107c372.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fast.wistia.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766208465/ https://j.6sc.co/6si.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.zi-scripts.com/zi-tag.js https://pi.pardot.com/analytics https://platform-api.sharethis.com/js/sharethis.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://t.sharethis.com/1/k/t.dhj https://tracking.g2crowd.com/attribution_tracking/conversions/1006581.js https://ws-assets.zoominfo.com/formcomplete.js https://www.clarity.ms/tag/dv7zchxaog https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js https://js.sentry-cdn.com https://js.hsforms.net/forms/v2.js https://pi.pardot.com/pd.js https://go.epiqglobal.com https://www.buzzsprout.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://browser.sentry-cdn.com https://tracking-api.g2.com https://www.googleadservices.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.herefish.com https://embed.typeform.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; worker-src 'none'; 6 script-src 'self' 'unsafe-inline' 6 default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src *.gstatic.com *.googleapis.com data: 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: ws: wss: https://app.wotnot.io 'self' wss://ws.hotjar.com; worker-src blob:; child-src blob: 6 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com; 6 connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 6 default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 6 default-src 'self' data: snippet.maze.co heapanalytics.com js.hs-analytics.net tag.demandbase.com prompts.maze.co/api/widgets js.hs-analytics.net secure.intelligent-business-7.com api.investisdigital.com;child-src blob:;style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com *.gbg.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud *.stackadapt.com ifaqs.flexanswer.com du89v9a480hlb.cloudfront.net *.jquery.com heapanalytics.com https://*.maze.co/ *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net webeo-web-content.s3-eu-west-1.amazonaws.com;img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.gbg.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net analytics.twitter.com googleads.g.doubleclick.net *.stackadapt.com *.azr.footprintdns.com *.hsforms.com *.6sc.co *.6sense.com *.jquery.com heapanalytics.com https://*.maze.co/ js.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net webeo-web-content.s3-eu-west-1.amazonaws.com bat.bing.net;font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud heapanalytics.com https://*.maze.co/;media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com *.hs-banner.com *.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com *.gbg.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net *.hs-analytics.net *.hsleadflows.net *.hsadspixel.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hubspotfeedback.com feedback.hubapi.com sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com *.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com *.hsforms.net *.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com *.atmrum.net *.stackadapt.com www.googleoptimize.com resources.customersure.com du89v9a480hlb.cloudfront.net js.hubspot.com *.6sc.co *.6sense.com cdn.heapanalytics.com heapanalytics.com https://*.maze.co/ secure.intelligent-business-7.com www.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com assets.calendly.com browser.sentry-cdn.com;connect-src 'self' *.google-analytics.com *.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net *.stackadapt.com maps.googleapis.com api.investisdigital.com hubspot-forms-static-embed.s3.amazonaws.com gbg.customersure.com *.6sc.co *.6sense.com uksouth-1.in.applicationinsights.azure.com cdn.linkedin.oribi.io heapanalytics.com https://*.maze.co/ js.hscta.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com client-api.auryc.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com px.ads.linkedin.com bat.bing.net;frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.net *.hsforms.com play.hubspotvideo.com *.hubspot.net *.hs-sites.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com www.edisoninvestmentresearch.com otp.tools.investis.com www.connectidfeed.com gbg.customersure.com *.6sc.co *.6sense.com *.hs-sites.com td.doubleclick.net calendly.com *.idology.com outlook.office365.com;frame-ancestors 'self' *.loqate.com gbgplc.interactgo.com;worker-src blob:; 6 object-src 'self'; frame-ancestors 'self' 6 frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 6 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://static.oktopost.com/ https://okt.to/ https://*.demandbase.com/ https://s2079104782.t.eloqua.com/ https://cdn.cookielaw.org/ https://*.hotjar.com https://js.monitor.azure.com/scripts/a/ai.0.js; connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/ https://cdn.linkedin.oribi.io https://img.en25.com https://*.demandbase.com/ https://api.company-target.com https://www.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cdn.cookielaw.org/ https://segments.company-target.com https://tracking.civica.co.uk/ https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://pagead2.googlesyndication.com/; object-src 'none'; media-src 'self' data:; img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com https://id.rlcdn.com/ https://segments.company-target.com/ https://www.hootsuite.com/; style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud; frame-ancestors 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/ https://s.company-target.com/ https://www.googletagmanager.com/; font-src 'self' https://use.typekit.net; 6 default-src 'self' https: blob:; style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai; script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.bugherd.com *.liveperson.net *.lpsnmedia.net *.terminus.services *.jwpcdn.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.adsrvr.org *.twitter.com *.twimg.com *.oktopost.com okt.to *.adroll.com *.adroll.mgr.consensu.org *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai *.hj.contentsquare.net; object-src 'self'; connect-src 'self' px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com wss://*.ramblechat.com data:; font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:; img-src * *.jwpltx.com data:; frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com; 6 https: 6 default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 6 connect-src http://ip-api.com/ 'self' https: data: 6 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src * 6 default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 6 default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 6 default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'; frame-src 'none' 6 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 6 default-src 'self' https://videos.ctfassets.net/; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 6 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 6 object-src 'none'; frame-ancestors 'none' 6 default-src 'self' blob: about:; img-src 'self' 'unsafe-eval' data: blob: about: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com *.bing.net *.usercentrics.eu; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com *.facebook.net blob: about: *.cookiepro.com *.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com *.sovendus.com *.googleapis.com *.usercentrics.eu; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net *.sovendus.com *.usercentrics.eu; font-src 'self' *.amazonaws.com photoservice.cloud oam-software.com *.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: about: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms *.bing.com *.bing.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sovendus.com *.usercentrics.eu; frame-src *; object-src 'none'; 6 base-uri 'none'; font-src 'self' https: data:; form-action self https://cart.penguinrandomhouse.com https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://sites.prh.com https://www.penguinrandomhouse.com https://images.penguinrandomhouse.com https://images.randomhouse.com https://res.cloudinary.com https://i.ytimg.com https://i.vimeocdn.com https://s.amazon-adsystem.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://pixel.sitescout.com https://c.lytics.io/ https://cm.everesttech.net https://dpm.demdex.net https://attribution.sitescout.com https://alb.reddit.com https://www.googletagmanager.com https://scode.randomhouse.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com https://c.lytics.io https://www.googleadservices.com https://www.googletagmanager.com https://s.pinimg.com https://snap.licdn.com/ https://analytics.tiktok.com https://sc-static.net https://connect.facebook.net https://b-code.liadm.com https://cdn01.basis.net https://visitor-service-us-east-1.tealiumiq.com https://googleads.g.doubleclick.net https://tr.snapchat.com https://ct.pinterest.com https://rum-static.pingdom.net https://www.redditstatic.com https://pixel.byspotify.com https://visitor-service.tealiumiq.com; upgrade-insecure-requests; 6 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 6 frame-ancestors 'none' ; 6 default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 6 default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 6 default-src https:; connect-src https:; font-src https: data:; frame-src https: com.amazon.mobile.shopping.web:; img-src http: https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: 6 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' 6 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src none; frame-ancestors 'self'; 6 default-src * https: data: blob: wss: 'unsafe-inline' 6 frame-ancestors 'self' *.roomlynx.net 6 policy-definition 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wpsandwatch.com *.kasandwatch.net *.collect.igodigital.com *.adyen.com apps.bazaarvoice.com whirlpool-cdn.thron.com digitalassets-cdn.thron.com *.algolianet.com *.algolia.net *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.sentry.io *.newrelic.com *.nr-data.net *.bazaarvoice.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.youtube.com *.ytimg.com https://flagcdn.com s3-eu-west-1.amazonaws.com *.execute-api.eu-west-1.amazonaws.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.paypal.com *.kitchenaid.ie *.airpr.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.hotjar.io *.dwin1.com *.awin1.com *.zenaps.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.upsellit.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://osm.klarnaservices.com/lib.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css *.contentsquare.net *.contentsquare.com *.criteo.com https://t.contentsquare.net app.contentsquare.com https://wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com s2.go-mpulse.net c.go-mpulse.net cdn.fonts.net *.akstat.io *.akamaihd.net; img-src * data: ; media-src *; frame-src *; frame-ancestors 'self' 6 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 6 default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 6 frame-ancestors 'self' https://*.negocom-atlantique.com, base-uri 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' *.negocom-atlantique.com *.point-sys.com *.googletagmanager.com *.google-analytics.com *.google.fr *.googleapis.com *.youtube.com *.dmcdn.net *.jsdelivr.net *.mapbox.com blob: 6 frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 6 frame-ancestors 'self' https://app.socialscreen.com 6 default-src * https: data: blob: 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self'; report-uri /log/csp-violation 6 frame-ancestors 'self' https://citylightcloud.com https://geocentric.com https://citylight.studio 6 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com assets.ctfassets.net/8aevphvgewt8/ videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 5 upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 5 frame-ancestors 'self' app.storyblok.com; 5 default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.poe.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://d3div1mtym39ic.cloudfront.net https://*.jwplatform.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.criteo.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.ads-twitter.com https://*.awin1.com https://*.dwin1.com https://*.zenaps.com https://*.the.sciencebehindecommerce.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com https://cdn.embedly.com https://qinternal.quora.net https://*.sprig.com https://*.userleap.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://*.sng.link https://*.apple.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com https://*.poe.com https://quora.okta.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.rubiconproject.com https://*.casalemedia.com https://*.adnxs.com https://*.pubmatic.com https://*.openx.net https://*.criteo.com https://*.sharethrough.com https://*.snigelweb.com https://*.trustedstack.com https://*.iteratehq.com https://iteratehq.com https://*.sprig.com https://*.userleap.com https://app.adjust.com https://app.appsflyer.com https://*.onelink.me https://branchster.app.link https://control.kochava.com https://c.singular.net https://*.sng.link https://*.apple.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.linkedin.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com https://d3div1mtym39ic.cloudfront.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com 5 default-src *.asus.com *.asus.com.cn *.freshworksapi.com http://127.0.0.1:24830 http://127.0.0.1:24831 http://127.0.0.1:24832 https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' *.asus.com; 5 default-src 'self' https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://assets.contentstack.io https://*.qualified.com; script-src 'self' blob: https://www.rapid7.com https://old.rapid7.com https://www.googletagmanager.com http://997-fka-652.mktoweb.com https://997-fka-652.mktoweb.com http://411-nak-970.mktoweb.com https://411-nak-970.mktoweb.com http://information.rapid7.com http://munchkin.marketo.net https://cdn.cookielaw.org https://play.vidyard.com https://www.bugherd.com https://sidebar.bugherd.com https://packages.prmcdn.io https://connect.facebook.net https://*.6sc.co https://cdn.bizible.com https://*.g2crowd.com https://snap.licdn.com https://px.ads.linkedin.com https://munchkin.marketo.net https://*.clarity.ms https://ws.zoominfo.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.google.com https://www.gstatic.com https://*.impartner.live https://*.qualified.com https://*.googleadservices.com https://*.zi-scripts.com 'unsafe-inline'; style-src 'self' https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://packages.prmcdn.io https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://information.rapid7.com 'unsafe-inline'; font-src 'self' data: https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' data: blob: https: https://www.rapid7.com https://old.rapid7.com http://play.vidyard.com http://*.6sc.co https://*.6sc.co https://px.ads.linkedin.com https://bat.bing.com https://googleads.g.doubleclick.net; connect-src 'self' https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://cdn.cookielaw.org https://*.google-analytics.com https://partners.rapid7.com https://*.algolia.net https://*.algolianet.com https://*.googlesyndication.com http://997-fka-652.mktoresp.com http://411-nak-970.mktoresp.com http://*.6sc.co https://*.6sc.co https://munchkin.marketo.net https://997-fka-652.mktoresp.com https://411-nak-970.mktoresp.com https://ws.zoominfo.com https://*.bing.com https://*.doubleclick.net https://google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.gstatic.com https://*.clarity.ms https://*.6sc.co https://*.onetrust.com https://*.my.onetrust.com https://*.google-analytics.com https://sessions.bugsnag.com https://*.pusher.com https://*.brighttalk.com https://*.g2.com https://*.qualified.com https://*.ads.linkedin.com https://*.zi-scripts.com https://*.bing.net https://*.analytics.google.com https://*.doubleclick.net wss://*.qualified.com wss://ws-mt1.pusher.com; frame-src https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://play.vidyard.com https://sidebar.bugherd.com https://*.googletagmanager.com https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://www.brighttalk.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://google.com https://www.rapid7.com/impartner.html https://rapid7-website.contentstackapps.com/impartner.html https://*.doubleclick.net https://*.qualified.com https://*.facebook.com https://information.rapid7.com https://www.google.com; frame-ancestors 'self' https://www.rapid7.com https://old.rapid7.com https://newdev.rapid7.com https://staging.rapid7.com https://rapid7-website.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website-development.contentstackapps.com https://app.contentstack.com; 5 frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com https://otto.mpp360.cloud https://internal.otto.market; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com; connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.com https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org https://maps.googleapis.com https://places.googleapis.com https://www.notion.so https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net https://fonts.gstatic.com; img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://fonts.googleapis.com; frame-ancestors 'self' notion://www.notion.so https://www.notion.so; worker-src 'self' blob:; child-src 'self' blob:; media-src blob: https: http: https://*.mux.com; frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://notion.notion.site https://notion-templates.notion.site 5 frame-ancestors 'self' tvn.pl *.tvn.pl tvn24.pl *.tvn24.pl tvn7.pl *.tvn7.pl tvnstyle.pl *.tvnstyle.pl tvnturbo.pl *.tvnturbo.pl ttv.pl *.ttv.pl discoverychannel.pl *.discoverychannel.pl travelchanneltv.pl *.travelchanneltv.pl tvnfabula.pl *.tvnfabula.pl tlcpolska.pl *.tlcpolska.pl metro.tv *.metro.tv foodnetwork.pl *.foodnetwork.pl wbdpoland.pl *.wbdpoland.pl hgtv.pl *.hgtv.pl itvn.pl *.itvn.pl itvnextra.pl *.itvnextra.pl tvnxrstudio.pl *.tvnxrstudio.pl tvnxrstudio.com *.tvnxrstudio.com player.pl wbd.com 5 default-src https://www.oreilly.com/PDsc-zH5zerlbpyvuLd7XhkXxfg/uDumfXcDrXb8QruE/DVxdSAE/L3B/FUCNhLVQ * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; 5 frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5 default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 5 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 5 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://vwo.com https://*.vwo.com https://googletagmanager.com https://pulse.vwo.io https://pxl.sprouts.ai https://fast.wistia.net https://fast.wistia.com https://api.cr-relay.com https://cdn.cr-relay.com https://cdn.vector.co https://static.licdn.com https://www.googletagmanager.com https://research.landingpageanalyzer.io https://www.google.com https://cdnjs.cloudflare.com https://alfred-chat.paramize.com https://cse.google.com https://static.getclicky.com https://stats.g.doubleclick.net https://code.jquery.com https://cdn.cookielaw.org https://platform.twitter.com https://js.sentry-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.google-analytics.com https://munchkin.marketo.net https://platform.linkedin.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://www.linkedin.com https://unpkg.com https://connect.facebook.net https://www.redditstatic.com https://bat.bing.com https://bat.bing-int.com https://s.adroll.com https://js.partnerstack.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://d.adroll.com https://cdn.pushcrew.com https://cdn.segment.com https://www.gstatic.com https://vwo-stats-blog.disqus.com https://c.disquscdn.com https://apis.google.com https://glitter.services.disqus.com https://referrer.disqus.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://static.licdn.com https://s3.amazonaws.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com https://cdn.cookielaw.org https://www.googletagmanager.com https://research.landingpageanalyzer.io https://app.vwo.com https://fast.wistia.com https://www.gstatic.com https://alfred-chat.paramize.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-src 'self' blob: https://fast.wistia.net https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://research.landingpageanalyzer.io https://spreadsheets.google.com https://www.linkedin.com https://platform.twitter.com https://www.slideshare.net https://es.slideshare.net https://player.vimeo.com https://docs.google.com https://demo.arcade.software https://open.spotify.com https://pca.st https://www.youtube-nocookie.com https://www.youtube.com https://td.doubleclick.net https://x.adroll.com https://app.vwo.com https://disqus.com https://pippio.com https://live.rezync.com https://accounts.google.com https://www.facebook.com https://www.google.com; worker-src 'self' blob:; report-uri https://o10907.ingest.us.sentry.io/api/4508420150788096/security/?sentry_key=8554c521f7daece1fb5ae0ba9ce98b2b; 5 frame-ancestors 'self' *.windy.com:* 5 frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com *.online-metrix.net blob: p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 5 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 5 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 5 block-all-mixed-content;frame-ancestors *.mail.com 5 frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 5 SAMEORIGIN 5 frame-ancestors 'self' https://*.scaleway.com http://localhost:9000 http://localhost:9001; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nextdoor.com *.smarty.com *.crazyegg.com *.invocacdn.com *.invoca.net *.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io *.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com *.googletagmanager.com *.sparklight.com *.zdassets.com *.googleapis.com snapwidget.com fonts.googleapis.com maps.gstatic.com cableone.zendesk.com wss://widget-mediator.zopim.com *.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net *.zopim.com *.bing.com *.google-analytics.com static.hotjar.com *.googleadservices.com *.facebook.net cltgtstor001.blob.core.windows.net *.adsrvr.org *.doubleclick.net *.hotjar.com cdn.polyfill.io *.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io blob: dev.visualwebsiteoptimizer.com *.cognitivlabs.com *.smooch.io *.zendesk.com *.ipify.org *.zdassets.com *.visualwebsiteoptimizer.com wss://api.smooch.io; style-src 'self' 'unsafe-inline' *.crazyegg.com *.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us *.google.com; img-src 'self' data: cableone1615402851.zendesk.com *.crazyegg.com dev.visualwebsiteoptimizer.com v2assets.zopim.io *.gstatic.com www.cableone.net www.sparklight.com www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net *.nextdoor.com *.rlcdn.com *.cognitivlabs.com *.zdassets.com *.ada.support *.gravatar.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 5 default-src 'self' *.alamy.com *.alamyimages.de *.alamyimages.it *.alamyimages.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alamy.com *.alamyimages.fr *.notifpush.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com notifpush.com notifpush.com gjigle.com gddglis.com notifadz.com *.live.net *.link5view.com *.termly.io *.usersnap.com usersnap.com *.leadinfo.com alamy.my.site.com *.ads.google.com ads.google.com *.surveymonkey.com *.formisimo.com *.facebook.net *.impactradius-event.com *.cookieyes.com *.cdn-cookieyes.com *.leadinfo.net *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.depositphotos.com *.amazonaws.com *.addthis.com *.jquery.com *.cardinalcommerce.com *.postcodeanywhere.co.uk *.salesforce.com *.commercetools.com *.cybersource.com *.salesforceliveagent.com *.googleapis.com *.newrelic.com *.trackedlink.net *.force.com *.licdn.com *.trackedweb.net *.stackadapt.com *.abtasty.com *.clarity.ms *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; style-src * 'unsafe-inline' data:; img-src * data:; font-src * data:; frame-ancestors 'self' *.alamy.com; frame-src 'self' https: http: ws: wss: data: mailto:; connect-src *; object-src 'none'; base-uri 'self'; manifest-src 'self' *.alamy.com; media-src 'self' *.alamy.com *.amazonaws.com *.depositphotos.com; worker-src 'self' *.alamyimages.fr notifpush.com gjigle.com gddglis.com notifadz.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com; 5 default-src 'self' *.vidyard.com *.onetrust.com *.visualwebsiteoptimizer.com *.vwo.com *.salesloft.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src *; worker-src * blob:; frame-src * blob:; font-src * data:; media-src *; 5 frame-ancestors 'self' https://nurture.solarwinds.com/ 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *; upgrade-insecure-requests; block-all-mixed-content; 5 frame-ancestors 'self' https://minhaclaro.claro.com.br https://www.clarocadastro.com.br https://clarocadastro.com.br; upgrade-insecure-requests; 5 frame-ancestors 'self' https://splytech.io https://*.splytech.io 5 frame-ancestors 'self' https://easyweb.td.com https://banquenet.td.com 5 default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com fclog.baidu.com tracking-api.g2.com bat.bing.net *.clarity.ms; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com www.youtube.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com bat.bing.net *.bing.com *.clarity.ms *.medium.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com fxgate.baidu.com js.sentry-cdn.com browser.sentry-cdn.com bat.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net *.adobe.com; worker-src 'self' blob:; 5 default-src 'self' *.usbank.com 'unsafe-inline' 'unsafe-eval' blob: data: cdn.appsflyer.com cdn.pdst.fm connect.facebook.net conv-tm.everesttech.net ct.pinterest.com d.agkn.com display.powerreviews.com dsum-sec.casalemedia.com eb2.3lift.com edge.adobedc.net assetts.adobedtm.com fast.fonts.net fonts.gstatic.com google.com hb.yahoo.net ib.adnxs.com idpix.media6degrees.com jadserve.postrelease.com match.sharethrough.com mid.rkdms.com mpsnare.iesnare.com opreq.observepoint.com partners.tremorhub.com pippio.com pixel.rubiconproject.com pixel.tapad.com players.brightcove.net *.invoca.net s.pinimg.com schema.milestoneinternet.com sc-static.net simage2.pubmatic.com siteimproveanalytics.com snap.licdn.com solutions.invocacdn.com ssa.gov static.3playmedia.com sync.bfmio.com sync.taboola.com sync.teads.tv sync-stgz.ads.yieldmo.com t.co tags.tiqcdn.com usbankinteractive.postclickmarketing.com utt.impactcdn.com vjs.zencdn.net websdk.appsflyer.com www.emjcd.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.mczbf.com www.usbankedge.com x.bidswitch.net *.adoberesources.net *.adsrvr.org *.ads-twitter.com *.akamaihd.net *.amazonaws.com *.appdynamics.com *.bing.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.c3tag.com *.casalemedia.com *.company-target.com *.demandbase.com *.demdex.net *.doubleclick.net *.eum-appdynamics.com *.force.com *.glance.net *.glancecdn.net *.google.co.in *.google.com *.googleapis.com *.gstatic.com *.impactradius-event.com *.jsdelivr.net *.kitewheel.com *.knotch.com *.knotch-cdn.com *.krxd.net *.leadfusion.com *.linkedin.com *.loggly.com *.marketo.net *.miaprova.com *.mktoresp.com *.mktoutil.com *.mrpdata.net *.mykukun.com *.nextdoor.com *.ojrq.net *.omtrdc.net *.onetrust.com *.powerreviews.com *.pxf.io *.qualtrics.com *.quantummetric.com *.rlcdn.com *.ru4.com *.salesforceliveagent.com *.sandbox.file.force.com *.siteimproveanalytics.io *.sjv.io *.snapchat.com *.storygize.net *.tealiumiq.com *.turn.com *.typekit.net *.us.bank-dns.com *.videoamp.com *.yahoo.com *.youtube.com *.ispot.tv wss://*.amazonaws.com wss://*.glance.net wss://mpsnare.iesnare.com; report-uri /svt/ecm/csp-violation-report 5 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://d5phz18u4wuww.cloudfront.net/vis_opt.js https://dev.visualwebsiteoptimizer.com https://eu.frcapi.co; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro surfnl.piwik.pro https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://eu.frcapi.com/; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program https://app.vwo.com *.edu.nl https://eu.frcapi.com/; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com https://app.vwo.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro surfnl.piwik.pro pretalx.surf.nl https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://eu.frcapi.com/; report-uri /report-csp-violation; upgrade-insecure-requests 5 frame-ancestors 'self' https://*.shaw.ca 5 upgrade-insecure-requests;frame-ancestors 'self' *.excelsior.com.mx *.jediteam.mx *.imagendigital.com securepubads.g.doubleclick.net *.doubleclick.net *.melodijolola.com *.salud180.com beta.salud180.com www.salud180.com; 5 default-src 'self' data: blob:; 5 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 5 default-src 'self' https:; connect-src 'self' https: wss://realtime.luckyorange.com wss://in.visitors.live; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'report-sample' 'unsafe-inline' https:; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 5 frame-ancestors 'self'; form-action 'self'; 5 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 5 frame-ancestors test.lightstream.com www.lightstream.com *.truist.com; 5 base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors files.prismic.io;frame-src vercel.live prismic.io *.prismic.io *.oncehub.com *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src *.prismic.io;object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io *.mida.so www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' https://*.mida.so;worker-src 'self'; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.nzsomi.com:8443 https://www.youtube.com https://youtube.com https://youtu.be; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.nzsomi.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://youtube.com https://youtu.be https://i.ytimg.com https://img.youtube.com; connect-src 'self' https://www.nzsomi.com:8443 wss://www.nzsomi.com:8443 http://localhost:8443 https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://www.nzsomi.com blob:; object-src 'none'; frame-src 'self' https://www.youtube.com https://youtube.com https://youtu.be; frame-ancestors 'self'; 5 frame-ancestors 'self' *.ci360.sas.com; 5 frame-ancestors 'self' *.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com https://www.home.saxo https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com https://www.investing.com https://*.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://zingbot.bz https://m.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://www.infinityfutures.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com *.chicago.cme.com:7822 https://uatm.cqg.com https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com www.bluelinefutures.com www.bluelinefutures.live www.bluelinefutures.trade bluelinefutures.com https://login.chicago.cme.com https://loginnr.chicago.cme.com https://logincert.chicago.cme.com https://login-ny.chicago.cme.com https://ampfutures.com https://cme.ampfutures.com https://*.advantagefutures.com https://*.e-futures.com https://*.etrade.com https://*.gffbrokers.com https://infinityfutures-cn.com https://sweetfutures.com https://*.tradovate.com https://home.saxo https://*.directa.it *.big.pt https://big.pt https://*.tradestation-international.com http://tradinglessons.com https://tradinglessons.com *.ibroker.it *.ibroker.es *.cornertrader.ch *.whselfinvest.com *.banxbroker.de *.ameritrade.com *.sweetfutures.com *.danielstrading.com *.gainfutures.com gainfutures.com *.futuresonline.com *.tdainc.com *.lsvp.com *.schwab.com *.schwab.co.uk *.us.global.schwab.com *.dev.schwab.com *.cmegroupfoundation.org news.cqg.com https://www.banxbroker.de https://www.banxbroker.ch https://www.banxbroker.at https://www.banxbroker.com https://www.gulfcapitalmarket.org https://www.kqmarkets.co.uk https://dev.kqmarkets.co.uk https://www.kqmarkets.de https://dev.kqmarkets.de https://www.kqtrader.com https://dev.kqmarkets.com https://kqmarketportal.24livehost.com *.trendspider.com trendspider.com fxpronode12template.azurewebsites.net uat-fxpro-website.azurewebsites.net fxpro.com *.youfinance.it *.traderlink.it paradigmfutures.net www.e-mini.com www.e-futures.com www.foreigncurrencies.com www.cannontrading.com *.gcs-web.com www.rjobrien.com www.fxpro.com *.rjobrien.com acmfutures.com *.acmfutures.com www.directaccessusa.com *.topsteptrader.com *.progoldtrader.com https://progoldtrader.com *.thetradingpit.com adssgroup.sharepoint.com *.mandaracapital.com *.sidwellstrategies.com sidwellstrategies.com app.melver.com.br dev-phillipcapital-main.pantheonsite.io *.phillipcapital.com *.vvstradingroom.com *.livesquawk.com *.webull.com *.webull.hk *.webull.sg *.webull.co.jp *.webull.au *.webull.co.za *.webull-uk.com *.comdinheiro.com.br *.invest.academy invest.academy *.nelogica.com.br *.vectorcrypto.com blackarrowtrading.com *.theniba.com *.wpenginepowered.com *.apmcapital.ae *.finanzen.ch apm-capital.webflow.io *.gocharting.com gocharting.com *.thearmchairtrader.com stonexone.com *.stonexone.com stonex.com *.stonex.com *.lynxbroker.de *.avafutures.com unusualwhales.com *.phillip.com.sg *.poems.com.sg *.phillipcapital.us *.qe.com.qa *.dxp.qe.qa straitsfinancial.com *.straitsfinancial.com appdev3.wixstudio.io *.straitsfinancial.gate39tech.com *.sitagri.com *.financeagri.com piqsuite.com *.piqsuite.com *.ironbeam.com insigniafutures.com *.tickmill.com *.cannontrading.com beta.mfpawards.com *.gigatrade.io gigatrade.io *.metrotrade.com metrotrade.com *.tradeday.com *.webullbroker.com *.webullapp.com.my *.schwab.tech; 5 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5 frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 5 frame-ancestors 'self' https://thetitanawards.com 5 frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com https://elmtec.fr https://elmtec.odoo.com 5 default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *; connect-src *; 5 default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob:;frame-ancestors 'self' http://localhost:3000 https://the-gui.testing.nxt.zone https://the-gui.staging.nxt.zone/ https://the-gui.production.nxt.zone/ https://the-gui.cloud 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://rockwellcollinsaerospace.us-7.evergage.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js; img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:; style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com; font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 5 default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-NZTZIt3sstQ6NrtVmpaWBw'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-NZTZIt3sstQ6NrtVmpaWBw'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/system/reporting/csp; report-to csp; trusted-types * 'allow-duplicates'; require-trusted-types-for 'script' 5 child-src 'self' https://apps.rokt.com https://sgtm.lookfantastic.com https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com https://s1.thcdn.com https://d2d7do8qaecbru.cloudfront.net https://tpc.googlesyndication.com https://api.bam-x.com https://www.awin1.com blob: https://gum.criteo.com https://www.pinterest.com https://www.pinterest.co.uk https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://maybelline-uk.beauty-campaigns.com https://qlic.it https://*.abtasty.com https://ct.pinterest.com https://ams.creativecdn.com https://tr.snapchat.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.provenance.org; connect-src 'self' https://pagead2.googlesyndication.com https://obseu.seroundprince.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://ct.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://www.google.co.uk https://analytics.tiktok.com https://smct.co https://*.smct.co https://api.bam-x.com https://*.contentsquare.net https://tr.snapchat.com https://ampcid.google.com.tw https://ampcid.google.com.hk https://ampcid.google.cn https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.criteo.net https://*.obsess-vr.com https://di.rlcdn.com https://api.rlcdn.com https://t.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.abtasty.com https://*.modiface.com https://us-east4-modiface-production.cloudfunctions.net https://sgtm.lookfantastic.com https://ml-services-grpc-gateway-4mhosmzo.nw.gateway.dev https://ams.creativecdn.com https://tr6.snapchat.com https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.ringcentral.com; default-src https://*.lpsnmedia.net; font-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://fonts.gstatic.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://static.thgcdn.cn data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://shadematching.modiface.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.ringcentral.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://cdn.obsess-vr.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.lookfantastic.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://*.liveperson.com https://tpc.googlesyndication.com https://static.narrativ.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://app.contentsquare.com https://cdn.pubnub.com https://assets.dekopay.com https://*.modiface.com blob: https://*.abtasty.com https://tr.snapchat.com https://sgtm.lookfantastic.com https://tags.creativecdn.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.ringcentral.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://modules.obsess-vr.com https://*.abtasty.com https://*.gstatic.com https://cms-cdn.modiface.com https://fonts.googleapis.com https://fonts.smct.io https://*.ringcentral.com; upgrade-insecure-requests; report-to csp-endpoint 5 frame-ancestors 'self' *.wildberries.ru 5 default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com *.adtrafficquality.google *.ep2.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com *.ravecapture.com app.ravecapture.com *.vergic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com wss://*.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org *.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com *.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com www.googletagmanager.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 5 default-src'self'; 5 default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self' 5 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://players.brightcove.net https://cdn.cookielaw.org https://assets.map.brightcove.com https://edge.api.brightcove.com https://www.google.com https://img03.en25.com https://www.gstatic.com https://s292581960.t.eloqua.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://map.brightcove.com https://js.monitor.azure.com https://www.recaptcha.net https://secure.p06.eloqua.com https://maps.googleapis.com https://maps.gstatic.com https://brandcentral.dnvgl.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://connect.facebook.net https://js.hcaptcha.com https://static.hsappstatic.net https://response.questback.com https://events.genndi.com https://ajax.googleapis.com https://jnn-pa.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.tolvnow.com https://script.hotjar.com https://static.hotjar.com https://t.co https://s861531437.t.eloqua.com https://sgtm-bagpdtapf8abapbw.a01.azurefd.net https://sgtm.dnv.com https://snap.licdn.com https://img06.en25.com https://bat.bing.com https://static.ads-twitter.com https://cdn.addevent.com https://js.hs-scripts.com https://cdn.livechatinc.com https://api.livechatinc.com https://js.usemessages.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.clarity.ms https://web-sdk-eu.aptrinsic.com https://tracker.tolvnow.com https://cdn.jsdelivr.net https://sgtm-learn.dnv.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://players.brightcove.net https://cdn.cookielaw.org https://fonts.googleapis.com https://www.google.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://www.recaptcha.net https://secure.p06.eloqua.com https://maps.googleapis.com https://maps.gstatic.com https://brandcentral.dnvgl.com https://stackpath.bootstrapcdn.com https://dnvglstatic.azureedge.net https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://www.googletagmanager.com https://tracker.tolvnow.com https://www.tolvnow.com https://sgtm-learn.dnv.com;img-src 'self' https://app.optimizely.com https://cdn.optimizely.com data: https://cdnjs.cloudflare.com https://players.brightcove.net https://cdn.cookielaw.org https://www.youtube.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://s292581960.t.eloqua.com https://www.google.com https://cloud.brandmaster.com https://www.recaptcha.net https://maps.googleapis.com https://brandcentral.dnv.com https://maps.gstatic.com https://brandcentral.dnvgl.com https://map.brightcove.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://stats.g.doubleclick.net https://*.fls.doubleclick.net/ https://pixelbytes.no https://production.presstogo.com https://images.e.dnv.com https://img06.en25.com https://d1905rzuxsrnqw.cloudfront.net https://*.ads.linkedin.com/ https://s861531437.t.eloqua.com https://dnvglstatic.azureedge.net https://www.facebook.com https://bat.bing.com https://analytics.twitter.com https://t.co https://forms.hsforms.com https://track.hubspot.com https://i.ytimg.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.addevent.com https://maps.google.com https://*.clarity.ms * https://sgtm-learn.dnv.com;media-src 'self' blob: https://brandcentral.dnvgl.com https://player.vimeo.com https://production.presstogo.com https://www.podbean.com https://*.podbean.com/ https://brightcove.com https://gallery.brightcove.com https://bcbolt446c5271-a.akamaihd.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com/ https://sgtm-learn.dnv.com;frame-src 'self' https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://cdnjs.cloudflare.com https://players.brightcove.net https://cdn.cookielaw.org https://www.youtube.com https://www.google.com https://brandcentral.dnvgl.com https://subscribe.dnv.com https://www.recaptcha.net https://secure.p06.eloqua.com https://maps.googleapis.com https://brandcentral.dnv.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://player.vimeo.com https://production.presstogo.com https://plot.ly https://plotly.com https://learn.dnv.com https://maps.dnv.com https://download.dnv.com https://sgtm.dnv.com https://td.doubleclick.net https://www.googletagmanager.com https://*.fls.doubleclick.net/ https://meetings.hubspot.com https://www.podbean.com https://app.hubspot.com https://www.facebook.com https://secure.livechatinc.com https://s861531437.t.eloqua.com https://s292581960.t.eloqua.com https://register.dnv.com https://www.tolvnow.com https://sgtm-learn.dnv.com;font-src 'self' https://cdnjs.cloudflare.com data: https://fonts.gstatic.com https://players.brightcove.net https://cdn.cookielaw.org https://dnvglcom.azureedge.net https://www.google.com https://dhm5hy2vn8l0l.cloudfront.net https://maps.googleapis.com https://maps.gstatic.com https://brandcentral.dnvgl.com https://fonts.gstatic.com https://dnvglstatic.azureedge.net https://www.tolvnow.com;connect-src 'self' https://*.optimizely.com ws://localhost:* wss://localhost:* https://cdnjs.cloudflare.com https://bcbolt446c5271-a.akamaihd.net https://cdn.cookielaw.org https://edge.api.brightcove.com https://players.brightcove.net https://geolocation.onetrust.com wss: https://www.google.com https://dc.services.visualstudio.com https://manifest.prod.boltdns.net https://www.recaptcha.net https://secure.p06.eloqua.com https://maps.gstatic.com https://brandcentral.dnvgl.com https://production.presstogo.com https://response.questback.com https://events.genndi.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://api.livechatinc.com https://cdn.livechatinc.com https://tracker.tolvnow.com https://www.tolvnow.com https://www.linkedin.com https://snap.licdn.com https://t.co https://analytics.twitter.com https://eloqua.com https://s861531437.t.eloqua.com https://go.pardot.com https://sgtm-bagpdtapf8abapbw.a01.azurefd.net https://sgtm.dnv.com https://maps.googleapis.com https://px.ads.linkedin.com https://bat.bing.com https://bat.bing.net https://api.hubspot.com https://forms.hscollectedforms.net https://*.clarity.ms/ https://content.hotjar.io https://vc.hotjar.io https://learn.dnv.com https://privacyportal-de.onetrust.com https://www.facebook.com https://*.brightcovecdn.com https://ad.doubleclick.net https://*.googlesyndication.com/ https://sgtm-learn.dnv.com;worker-src 'self' blob: 5 object-src 'none'; form-action 'self'; frame-ancestors 'none' 5 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app *.contentsquare.net; object-src 'none'; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ *.my.salesforce.com *.my.site.com/ *.force.com/; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://unpkg.com https://use.typekit.net/; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com *.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/ *.adnxs.com/ *.tapad.com/ *.adsrvr.org/ *.bttrack.com/ https://storage.googleapis.com/ https://di.rlcdn.com/ https://assets-pcor-dev.adtalem.com https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.gstatic.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://www.googletagmanager.com https://app.tintup.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://view-awesome-table.com/ https://gtm.waldenu.edu/ https://www.tiktok.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com *.contentsquare.net; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://pcor-dev.adtalem.com https://pcor-qa.adtalem.com https://pcor.adtalem.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://dev-atge-outage.adtalem.com https://qa-atge-outage.adtalem.com https://atge-outage.adtalem.com https://mapsresources-pa.googleapis.com data:; report-uri /report-csp-violation 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.01net.com 5 default-src 'none'; script-src 'self' 'sha256-WN0hqek1jEauhlhWVVXeQPa5BD3f0rsMdmwSZtw1Cys=' 'sha256-VmEf2BGdqVUwcvyhTyarJo/bY7DNqS2+T2sz4IO/kbw=' 'sha256-eIXWvAmxkr251LJZkjniEK5LcPF3NkapbJepohwYRIc=' 'sha256-Jz4XDAN4f076pEj8cOt8mEdISulquB3CBdxFvEpSSyc='; child-src 'self'; frame-src https://*.youtube.com https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://tuta.com data: * wss://app.tuta.com https://app.tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com; 5 frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 5 frame-ancestors 'self' https://commerceinsights.ibmcloud.com 5 frame-ancestors https://*.gsmaevents.com https://gsma.force.com https://gsma.my.site.com 5 object-src 'none'; frame-ancestors 'self'; 5 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 5 style-src 'unsafe-inline' https://*.sitecore.com https://*.hotjar.com https://*.contentsquare.net;base-uri 'self';connect-src wss://*.qualified.com https://*.qualified.com https://*.sitecore.com https://*.sitecorecloud.io https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.contentsquare.net wss://*.contentsquare.net https://*.contentsquare.com wss://*.contentsquare.com https://cdn.dreamdata.cloud https://*.google.com https://google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com https://*.quantcount.com;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.googleapis.com https://*.gstatic.com https://*.6sc.co https://*.6sense.com;font-src https://*.sitecore.com;frame-src https://*.sitecore.com https://*.sitecorecontenthub.cloud https://app.qualified.com https://*.google.com https://td.doubleclick.net https://*.googletagmanager.com https://capture.navattic.com https://sitecore.navattic.com/ https://s.pointerpro.com/ https://media.sequel.io;frame-ancestors 'self' https://*.sitecorecloud.io https://*.sitecore.com;img-src *;media-src https://app.qualified.com 'self' https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud data:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://localhost http://*.6sc.co https://*.contentsquare.net https://*.contentsquare.com https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing.com https://*.bing-int.com https://*.quantserve.com https://*.quantcount.com https://cdn.dreamdata.cloud https://cdn.drda.io https://*.g.doubleclick.net;style-src-attr 'unsafe-inline' https://*.sitecore.com;worker-src blob:; 5 connect-src 'self' https://api2.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.google-analytics.com analytics.google.com *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://stackpath.bootstrapcdn.com data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js app.vwo.com *.visualwebsiteoptimizer.com https://www.google.com/ *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.doubleclick.net *.google-analytics.com analytics.google.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com blob: *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.gstatic.com/recaptcha/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://stackpath.bootstrapcdn.com *.ascension.org; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com *.global-e.com *.bglobale.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn form.jotform.com/241913106756052 cdn.jotfor.ms/s/umd/latest/for-form-embed-handler.js *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://*.roeyecdn.com https://*.roeye.com access.myunidays.com images.unidays.world *.myunidays.com *.unidays.world *.prod.unidays.io https://flo.uri.sh/ https://flo.uri.sh/visualisation/* https://public.flourish.studio/resources/* *.attentivemobile.com *.attn.tv https://clarks.attn.tv/* *.klaviyo.com *.gocertify.me *.narvar.com *.trustpilot.com https://d3k81ch9hvuctc.cloudfront.net/company/SzjbVD/images/ https://d3k81ch9hvuctc.cloudfront.net/company/Vi474Y/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X8bLXb/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XyZ4PK/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X68UL9/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TUPhxz/images/ https://d3k81ch9hvuctc.cloudfront.net/company/SCGrft/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TNqrkg/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XPmW2X/images/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net *.unidays.world *.klaviyo.com; frame-ancestors 'self'; upgrade-insecure-requests ; 5 frame-src *; frame-ancestors 'self'; 5 frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.collectivevoicelocal.com https://collectivevoicelocal.com https://*.collectivevoiceqa.com https://collectivevoiceqa.com https://*.collectivevoicedev.com https://collectivevoicedev.com https://*.collectivevoicebeta.com https://collectivevoicebeta.com https://*.collectivevoice.com https://collectivevoice.com; report-uri /csp-violation; 5 default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com https://*.maze.co/ esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com www.clarity.ms secure.intelligent-business-7.com secure.agile-company-365.com webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com scripts.webeo.com my.g2.com *.sentry-cdn.com cdn.segment.com hm.baidu.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com googletagmanager.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com https://*.maze.co/ webeo-web-content.s3-eu-west-1.amazonaws.com; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net https://*.maze.co/ secure.imaginative-24.com *.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com images.g2crowd.com www.g2.com hm.baidu.com; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud https://*.maze.co/; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co *.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com https://*.maze.co/ *.6sense.com cdn.jsdelivr.net tracking.g2crowd.com secure.adnxs.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com my.g2.com www.g2.com api.segment.io cdn.segment.com unpkg.com https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.execute-api.us-west-2.amazonaws.com/b2bjsstore/b/ https://a.usbrowserspeed.com *.googleadservices.com *.google.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com *.hs-sites.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net docs.google.com www.g2.com https://www.fxiaoke.com/ https://www.googletagmanager.com https://td.doubleclick.net; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com; 5 frame-ancestors 'self' fnbo.com *.fnbo.com banking.scsbnet.com *.banking.scsbnet.com banking.houghtonstatebank.com *.banking.houghtonstatebank.com banking.crawfordcountybank.com *.banking.crawfordcountybank.com banking.fsbloomis.com *.banking.fsbloomis.com banking.landmands.com *.banking.landmands.com banking.sibleystatebank.com *.banking.sibleystatebank.com banking.washingtoncountybank.com *.banking.washingtoncountybank.com banking.yorkstatebank.com *.banking.yorkstatebank.com banking.fandmstatebank.com *.banking.fandmstatebank.com banking.fnbodirect.com *.banking.fnbodirect.com 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.xn--d1aqf.xn--p1ai 5 frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 5 frame-ancestors 'self' https://lojaonline.nos.pt 5 connect-src 'self' data: *.ampproject.org *.clarity.ms/collect *.facebook.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.linximpulse.net *.loggly.com *.plyr.io *.rdstation.com.br *.retargeter.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.voxus.tv api.ipify.org ckies.net https://ampcid.google.com.br https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.securiti.ai https://app.splithero.com/api/sync https://bat.bing.com https://boards-api.greenhouse.io https://cdn-prod.securiti.ai https://cdn.linkedin.oribi.io https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://freegeoip.app https://noembed.com https://notify.bugsnag.com https://px.ads.linkedin.com https://s.yimg.com https://stats.g.doubleclick.net https://suportelinx.my.salesforce-scrt.com https://viacep.com.br https://www.googletagmanager.com wss://*.hotjar.com www.google-analytics.com https://*.tintim.app; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ampproject.org *.bizographics.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.novahaus.com.br *.omguk.com *.rawgit.com *.rdstation.com.br *.reclameaqui.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.tailtarget.com *.unpkg.com *.voxus.com.br *.w3-edge.com *.youtube.com *.ytimg.com https://analytics.tiktok.com https://app.splithero.com https://bat.bing.com https://cdn-prod.securiti.ai https://cdn.amplitude.com https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.mouseflow.com https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://s.yimg.com https://suportelinx.my.site.com https://unpkg.com https://www.clarity.ms snap.licdn.com targeting.voxus.tv https://*.tintim.app/; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/ https://suportelinx.my.site.com; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 5 frame-ancestors 'self' *.thalesgroup.com *.imperva.com 5 upgrade-insecure-requests; object-src 'none'; 5 default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 5 default-src 'self' *.doubleclick.net www.google.com www.ferrero.com acsbapp.com www.google-analytics.com cdn.acsbapp.com region1.google-analytics.com fonts.gstatic.com analytics.ferrero.com privacyportal-eu.onetrust.com static.addtoany.com vod.ferrero.com cdn.cookielaw.org geolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com; script-src 'self' 'unsafe-eval'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com eu-ma.sam4m.com tracker.marinsm.com www.youtube.com www.gstatic.com www.google.com www.google-analytics.com acsbapp.com analytics.ferrero.com cdn.cookielaw.org www.googletagmanager.com static.addtoany.com; img-src 'self' ssl.google-analytics.com www.googletagmanager.com *.doubleclick.net cdn.cookielaw.org privacy-policy.truste.com data: ; style-src 'self' 'unsafe-inline' *.onetrust.com www.googletagmanager.com fonts.googleapis.com; object-src 'none'; frame-src fast.wistia.net fast.wistia.com static.addtoany.com www.facebook.com *.doubleclick.net www.youtube.com www.youtube-nocookie.com static.addtoany.comgeolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com www.google.com; 5 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 5 frame-ancestors 'self' http://localhost:8080 https://cms.dev.ecom.mueller.de https://cms.prod.ecom.mueller.de; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://app-abk.marketo.com; style-src 'self' 'unsafe-inline' https://view.ceros.com https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: https://view.ceros.com https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: https: https://view.ceros.com https://www.googletagmanager.com https://app-abk.marketo.com; frame-src 'self' https://view.ceros.com; connect-src 'self' https://www.googletagmanager.com https://app-abk.marketo.com; object-src 'none'; frame-ancestors 'self' https://*.ezlynx.com/ https://*.appliedsystems.com/ https://*.ivans.com/ https://*.agentinsure.com/ https://*.uatezlynx.com/ https://*.vtpezlynx.com/ https://*.devezlynx.com/ https://appliedsystems--devprob.sandbox.my.site.com/ https://appliedsystems--devproa.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/ https://appliedsystems--uat.sandbox.my.site.com/AppliedClientCommunity/s/ https://community.appliedsystems.com/; 5 default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src * blob:; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 5 frame-ancestors https://sc10cm https://rg-sitecore-website-qa-330340-single.azurewebsites.net https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local https://intermountainhealth.formstack.com 5 frame-ancestors experience.adobe.com service.experiencecloud.adobe.com scandichotelsab.experiencecloud.adobe.com 5 object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 5 default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.free-shipments.com *.freeshipments.com *.getsmartrx.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.joinfansclub.com *.joinfreedelivery.com *.joinsmartyplus.com *.lapost.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.scour.com *.shipmentfree.com *.shipmentprotection.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartypremium.com *.try-smarty.com cdn.joinsmarty.com 5 default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 5 frame-ancestors 'none'; base-uri 'self'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; report-uri 'https://sitesnel.uriports.com/reports/enforce'; report-to default 5 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru 'self' data: self cdn.tbank.ru cfg.tinkoff.ru www.tinkoff.ru acdn.tinkoff.ru www.cdn-tinkoff.ru dolyame.ru adm.tinkoff.ru tmsg.tinkoff.ru chat.dolyame.ru ms-gateway.tinkoff.ru forma.tinkoff.ru shopping.tbank.ru api.dolyame.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: *.dolyame.ru https://www.youtube.com https://rutube.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.dolyame.ru 'self' data:; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.dolyame.ru https://www.youtube.com https://rutube.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data: *.dolyame.ru; report-uri https://www.tinkoff.ru/api/front/pwabnpl/log/csp-error?appName=pwabnpl; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.dolyame.ru 5 frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 5 default-src 'self' https://*.magenta.at; upgrade-insecure-requests; report-to csp-endpoint; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.magentabusiness.at https://*.s-budget-mobile.at https://*.esp.ownsolutions.net https://magenta-at.cleverq.de https://*.youtube.com https://*.youtube-nocookie.com https://eu-dg.knowmax.ai https://*.google.com https://*.google.de https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.tiktok.com https://*.facebook.net https://*.licdn.com https://*.sc-static.net https://*.clarity.ms https://*.crwdcntrl.net https://*.cookielaw.org https://*.cookiebot.com https://*.googleadservices.com https://*.doubleclick.net https://*.medallia.eu https://*.krxd.net https://*.snapchat.com https://*.usercentrics.eu https://*.facebook.com https://*.readpeak.com https://*.evergage.com https://*.bing.com https://*.teads.tv https://*.adnxs.com https://*.fusedeck.net https://*.pinimg.com https://*.sprinklr.com https://*.hotjar.com https://*.googlesyndication.com https://*.evgnet.com https://siteimproveanalytics.com https://sc-static.net https://form.virtualq.tech https://magenta.jobbase.io https://magenta.onlyfy.jobs; img-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data: https://*.google-analytics.com https://*.tiktok.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://www.google.de https://*.google.de https://www.google.com https://*.google.at https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.doubleclick.net https://*.licdn.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.snapchat.com https://*.facebook.com https://*.teads.tv https://*.adnxs.com https://*.fusedeck.net https://*.youtube.com https://*.youtube-nocookie.com https://*.medallia.eu https://*.linkedin.com https://*.usercentrics.eu https://*.bing.com https://*.s3.eu-central-1.amazonaws.com https://magenta.jobbase.io https://magenta.onlyfy.jobs; connect-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.google-analytics.com https://*.googlesyndication.com https://*.googleadservices.com https://*.tiktokw.us https://google.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.tiktok.com https://*.bing.com https://*.licdn.com https://*.clarity.ms https://*.crwdcntrl.net https://*.cookielaw.org https://*.cookiebot.com https://*.snapchat.com https://*.usercentrics.eu https://*.facebook.com https://*.teads.tv https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.adnxs.com wss://*.fusedeck.net https://*.fusedeck.net https://*.pinterest.com wss://*.sprinklr.com https://*.sprinklr.com https://*.linkedin.com https://*.medallia.eu https://tmobileaustria.germany-2.evergage.com https://*.senderinfo.de https://*.usercentrics.eu https://*.bing.com https://form.virtualq.tech https://magenta.jobbase.io https://magenta.onlyfy.jobs; form-action 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.facebook.com https://form.virtualq.tech; media-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data: https://*.sprinklr.com; frame-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.googletagmanager.com https://*.google.com https://google.com https://*.googleapis.com https://*.doubleclick.net https://*.clarity.ms https://*.usercentrics.eu https://eu-dg.knowmax.ai https://*.licdn.com https://*.sprinklr.com https://*.bing.com https://*.medallia.eu https://*.snapchat.com https://*.usercentrics.eu https://*.youtube.com https://*.youtube-nocookie.com https://magenta-shopfinder.pgsdemo.com https://*.adnxs.com https://magenta-at.cleverq.de https://app.wigeogis.com https://form.virtualq.tech https://magenta.onlyfy.jobs; frame-ancestors 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://fonts.googleapis.com https://form.virtualq.tech; font-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://fonts.googleapis.com https://fonts.gstatic.com data: 5 frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 5 frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 5 frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 5 connect-src 'self' wss://*.finance.yahoo.com/ https://*.cdn.yimg.com https://*.oath.com https://*.yahoo.com https://*.yahoo.net https://api.alyavista.com https://api.privacy-center.org https://bam.nr-data.net/ https://dpm.demdex.net/ https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://smetrics.att.com/ https://files.quartr.com/streams/ https://b.trueanthem.com/ https://*.3lift.com https://*.adsrvr.org https://*.adtrafficquality.google https://*.casalemedia.com https://*.clean.gg https://*.criteo.com https://*.doubleclick.net https://*.googlesyndication.com https://*.indexww.com/ https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yieldmo.com https://csi.gstatic.com https://pbs-yahoo-apac.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-us.ay.delivery https://static.criteo.net https://*.dns-finder.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://s.yimg.com https://cdn.taboola.com; frame-ancestors 'self' https://www.aol.com https://www.aol.co.uk https://www.aol.de https://www.aol.ca https://*.ouryahoo.com https://local.cm.yahoo.com https://cm-ui.staging.yahoo.com https://cm-ui.yahoo.com; frame-src 'self' https://*.abcnews.go.com https://*.advertising.com https://*.bbc.co.uk https://*.chartbeat.com https://*.clicktivatedvideoplayer.com https://*.deezer.com https://*.delivery.vidible.tv https://*.dailymotion.com/embed/video https://*.etonline.com https://*.facebook.com https://*.google.com https://*.hulu.com https://*.instagram.com https://*.jac.yahoosandbox.com https://*.livestream.com https://*.mtvnservices.com https://*.myfinance.com https://*.nbc.com https://*.nytimes.com https://*.oath.com https://*.reuters.com https://*.scribd.com https://*.smartasset.com https://*.soundcloud.com https://*.spotify.com https://*.ted.com https://*.theguardian.com https://*.tumblr.com https://*.turner.com https://*.usatoday.com https://*.vimeo.com https://*.washingtonpost.com https://*.wsj.com https://*.yahoo.com https://*.yahoo.net https://abcnews.go.com https://att.demdex.net/ https://bbc.co.uk https://cdn.yahoofinance.com/ https://chartbeat.com https://compass.pressekompass.net https://delivery.vidible.tv https://embed.acast.com https://embed.music.apple.com https://embed.podcasts.apple.com https://embedder.wirewax.com https://flo.uri.sh/ https://flourish.studio https://guce.yahoofinance.com https://interactives.ap.org https://livestream.com https://platform.twitter.com https://s.yimg.com https://service.force.com/ https://smartasset.com https://tsdtocl.com/ https://view.ceros.com https://vimeo.com https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.dailymotion.com/embed/video/ https://www.surveymonkey.com https://www.youtube.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk https://*.1rx.io https://*.3lift.com https://*.a-mo.net https://*.adnxs.com https://*.adsrvr.org https://*.adtrafficquality.google https://*.amazon-adsystem.com https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.doubleclick.net https://*.emxdgt.com https://*.everesttech.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.gumgum.com https://*.indexww.com https://*.kargo.com https://*.kueezrtb.com https://*.lijit.com https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.trustedstack.com https://*.yellowblue.io https://*.yieldmo.com https://jadserve.postrelease.com/ https://www.googletagmanager.com https://yahoo-match.dotomi.com https://ad-delivery.net https://*.dns-finder.com; img-src 'self' data: blob: about: https://*.amazon-adsystem.com https://*.chartbeat.com https://*.chartbeat.net https://*.cloudfront.net/pixel.gif https://*.dotomi.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yimg.com https://media.zenfs.com https://o.aolcdn.com/images/dims https://pbs.twimg.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://platform.twitter.com https://public.flourish.studio/resources/ https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://smetrics.att.com/b/ss/attnetprod/ https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://www.facebook.com https://d1id6p0py4hgs9.cloudfront.net https://news-assets.stockstory.org https://*.1rx.io https://*.3lift.com https://*.adnxs.com https://*.adsafeprotected.com/ https://*.adsrvr.org https://*.adtrafficquality.google https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.disqus.com https://*.doubleclick.net https://*.emxdgt.com https://*.everesttech.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.gumgum.com https://*.indexww.com/ https://*.kargo.com https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com https://*.lijit.com/ https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yellowblue.io https://*.yieldmo.com https://*.bidswitch.net https://creativecdn.com https://prebid.a-mo.net https://www.google.com/ads/measurement/l https://ad-delivery.net https://*.dns-finder.com; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://s.yimg.com https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://files.quartr.com/streams/ https://vidstat.taboola.com; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://launcher.spot.im https://*.oath.com https://*.salesforceliveagent.com/ https://*.yahoo.com https://*.yahoo.net https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://ec.yimg.com/didomi/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://service.force.com/embeddedservice/5.0/ https://static.lightning.force.com/ https://static2.chartbeat.com https://*.adtrafficquality.google https://*.doubleclick.net https://*.googlesyndication.com https://*.taboola.com https://ads.pubmatic.com https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://console.googletagservices.com/pubconsole/loader.js https://gum.criteo.com https://static.criteo.net https://wnsrvbjmeprtfrnfx.ay.delivery https://www.googletagservices.com/activeview/js; style-src 'self' 'unsafe-inline' https://cdn.taboola.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob: 5 default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js *.visualwebsiteoptimizer.com *.vwo.com; object-src *.2degrees.nz; img-src * data: 5 frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.middleeastbriefing.com/ 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 5 default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https:; worker-src 'self' http: blob: data: 5 frame-ancestors 'self' https://app.kontent.ai; 5 base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com dashboard.trustprofile.com *.unzer.com *.mouseflow.com *.inpost.pl *.unzer.com *.etrusted.com; form-action 'self'; frame-ancestors 'self' *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt view.publitas.com scripts.publitas.com app.cux.io *.etracker.com *.etracker.de; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl google.com google.de google.at google.pl static.phrase.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu *.facebook.net *.heidelpay.com *.unzer.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.online-metrix.net *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com trck.linkster.co *.visualwebsiteoptimizer.com app.vwo.com *.unzer.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com view.publitas.com scripts.publitas.com; script-src 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl 'self' *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com dc.cux.io *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de; upgrade-insecure-requests; default-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.trustedshops.com blob: d2bgdldl6xit7z.cloudfront.net *.smarketer.de trck.linkster.co google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl dashboard.trustprofile.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com *.online-metrix.net dc.cux.io *.mouseflow.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trustedshops.com *.trustbadge.com *.analytics.google.com bat.bing.com trck.linkster.co *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net wss://n-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io wss://o-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de; child-src *.trustedshops.com *.mouseflow.com; frame-src 'self' *.usercentrics.eu dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.googletagmanager.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.mouseflow.com sandbox-easy-geowidget.easypack24.net *.inpost.pl; manifest-src 'self'; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob: *.online-metrix.net; 5 frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my; object-src 'none'; upgrade-insecure-requests; script-src 'self' rum.hlx.page assets.adobedtm.com *.googletagmanager.com *.google-analytics.com analytics.tiktok.com *.adsrvr.org tags.crwdcntrl.net connect.facebook.net *.doubleclick.net *.google.com *.innity.net *.outbrain.com *.hotjar.com *.onetrust.com *.line-scdn.net *.demdex.net *.omtrdc.net *.cimb.com.sg *.quantserve.com *.quantcount.com *.brand-display.com *.fontawesome.com *.pand.ai *.mookie1.com *.cimbclicks.com.my *.bbci.co.uk *.oracleinfinity.io *.oracle.com *.gstatic.com *.licdn.com *.recaptcha.net *.adobe.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com https://recaptcha.net https://www.recaptcha.net *.doubleclick.net *.brand-display.com *.googletagmanager.com *.adsrvr.org *.demdex.net *.forksurge.com *.crwdcntrl.net; 5 default-src 'self'; connect-src *; font-src * data: blob:; media-src * data:; frame-src 'self' mailto: tel: *.acuvue.com *.acuvue.ru *.brightcove.com *.brightcove.net *.doubleclick.net *.eprize.net *.google.com *.googletagmanager.com *.livechatinc.com *.mypurecloud.com *.opinionstage.com *.optimizely.com *.platformsh.site *.qualtrics.com *.valassis.eu *.walkme.com *.walls.io *.youtube.com; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.amazon-adsystem.com *.appsflyer.com *.clarity.ms *.cloudflareinsights.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jquery.com *.line-scdn.net *.livechatinc.com *.macromill.com *.mieru-ca.com *.mypurecloud.com *.newrelic.com *.onetrust.com *.optimizely.com *.pulseinsights.com *.qualtrics.com *.smartnews-ads.com *.tiktok.com *.valassis.eu *.walkme.com *.yahoo.co.jp *.yimg.jp *.youtube.com *.zemanta.com walls.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.mypurecloud.com *.onetrust.com *.walkme.com; child-src 'self' blob:; worker-src 'self' blob:; report-to endpoint-1; 5 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com; 5 connect-src 'self' ws: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com 106-jev-611.mktoresp.com; default-src 'self' *.google-analytics.com *.googletagmanager.com; font-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; form-action 'self' *.cookiebot.com *.google.com; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; img-src 'self' data: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; media-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com unpkg.com *.google.com *.wistia.net snap.licdn.com; style-src 'self' 'unsafe-inline' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.marker.io *.umbraco.com unpkg.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; worker-src 'self' *.cookiebot.com *.google.com; 5 frame-ancestors 'none'; form-action 'self'; base-uri 'self' 5 default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 5 frame-ancestors 'self' *.youtube.com *.vimeo.com; 5 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 5 default-src 'self' 'unsafe-inline'; 5 frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 5 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 5 frame-ancestors https://*.builder.io https://builder.io 5 default-src * data: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 5 default-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self' ; img-src 'self' data: https:; font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' *; media-src * data: https:; base-uri 'self'; 5 frame-src 'self' 5 https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 5 frame-ancestors 'self' chayns.de qa.chayns.de tobit.team qa.tobit.team 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.orsted.com *.azureedge.net orsted.com.au *.app.cookieinformation.com *.euroland.com *.eurolandir.com cdn.appdynamics.com *.eum-appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net; 5 frame-ancestors 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com *.eu-api.friendlycaptcha.eu secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com *.evgnet.com secure.adnxs.com *.criteo.net *.addthisedge.com *.ads-twitter.com *.infogram.com *.adnxs.com *.optimalworkshop.com *.audioboom.com *.acsbapp.com acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.d3fw5vlhllyvee.cloudfront.net vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net hm.baidu.com data: 5 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 5 default-src https: 'unsafe-inline'; frame-ancestors 'self' 5 upgrade-insecure-requests; base-uri 'self' 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 5 frame-ancestors 'self' *.storyblok.com; 5 base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 5 frame-ancestors 'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com https://anchor.fm https://airtable.com https://*.spotify.com https://checkout.freemius.com/ https://chatbot.psnc.pl; report-uri https://csper.geant.org/api/1/security/?glitchtip_key=69dac6024cfb4b528e9c89037d8e03fd 5 object-src 'none'; base-uri 'none'; 5 frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 5 default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com *.lambda-url.us-east-1.on.aws; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com https://*.cookiebot.com/ https://cookiebot.com/*; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/ https://*.cookiebot.com/ https://*.paysign.com https://*.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.lambda-url.us-east-1.on.aws/ https://*.cookiebot.com/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 5 default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com https://toodate-rekognition.s3.eu-west-1.amazonaws.com https://toodate-rekognition-a.s3.eu-west-1.amazonaws.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://code.createjs.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; object-src 'none'; 5 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 5 default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.mapbox.com *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 5 img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; upgrade-insecure-requests; frame-ancestors 'self'; 5 upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' www.paypal.com api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger googleads.g.doubleclick.net adservice.google.com/pagead www.google.com/ccm/collect *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.net/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com t.paypal.com www.paypalobjects.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr www.google-analytics.com stats.g.doubleclick.net/g/collect www.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.net/action/0 bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.paypal.com www.paypalobjects.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/ www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz www.clarity.ms/s/ bat.bing.com/bat.js bat.bing.net/bat.js bat.bing.com/p/action/ stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com www.googletagmanager.com/debug/ fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js www.googletagmanager.com/ blob:; 5 worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; form-action 'self' https://codesandbox.io; upgrade-insecure-requests; frame-ancestors 'none'; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 5 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 5 frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com https://*.paperflite.com https://*.cleverstory.io; 5 object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 5 require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 5 default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 5 frame-ancestors "none" 5 default-src 'self' *avatel.es avatel.es; style-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.jquery.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com f.vimeocdn.com cdn.jsdelivr.net cdn-cookieyes.com; connect-src 'self' 'unsafe-inline' blob: avatel.es *.avatel.es clictv.es *.clictv.es *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googlesyndication.com log.cookieyes.com https://cdn-cookieyes.com www.google.com fresnel.vimeocdn.com https://directory.cookieyes.com; img-src 'self' 'unsafe-inline' blob: data: avatel.es *.avatel.es secure.gravatar.com *.google.com *.google.es analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleapis.com maps.gstatic.com *.facebook.com correostelecom.es *.correostelecom.es *.doubleclick.net https://cdn-cookieyes.com ade.googlesyndication.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.google.com *.doubleclick.net avatel.speedtestcustom.com *.facebook.com *.googletagmanager.com *.googlesyndication.com player.vimeo.com youtube.com *.youtube.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; worker-src 'self' blob: avatel.es *.avatel.es; 5 img-src 'self' data:; 5 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 5 frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 5 object-src 'self'; frame-ancestors 'self'; 5 default-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://download-video-ak.vimeocdn.com https://*.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com; script-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 5 default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 5 frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net acrobatservices.adobe.com player.vimeo.com app.supademo.com app.heygen.com documentcloud.adobe.com insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com *.doubleclick.net *.googletagmanager.com; connect-src 'self' *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net *.adobe.io wss://*.adobe.io *.doubleclick.net *.google.com analytics.ahrefs.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com 633-ybp-923.mktoutil.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.salesloft.com *.clarity.ms *.tt.omtrdc.net bat.bing.net; img-src 'self' assets.adoberesources.net lh3.googleusercontent.com *.doubleclick.net *.linkedin.com *.b26net.com *.googletagmanager.com *.clarity.ms *.facebook.com *.bing.com *.bing.net *.google.com s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; font-src *.infrontfinance.com *.infront.co *.typekit.net; style-src *.infrontfinance.com *.infront.co 'unsafe-inline' *.typekit.net; script-src *.infrontfinance.com *.googleadservices.com *.infront.co scout-cdn.salesloft.com connect.facebook.net analytics.ahrefs.com *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net munchkin.marketo.net static.r66net.com static.r66net.net *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com assets.adoberesources.net acrobatservices.adobe.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.salesloft.com *.clarity.ms 'self' 'unsafe-eval' 'unsafe-inline'; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.monitor.azure.com *.livechatinc.com https://static.meiqia.com secure-fra.livechatinc.com *.google.com *.gstatic.com/ https://cdn.matomo.cloud https://hms.matomo.cloud https://cdn.cookielaw.org/ https://hm.baidu.com/ https://snap.licdn.com/ https://cdn.leadinfo.net https://*.ldnfrpl.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://cdn.matomo.cloud; font-src 'self' data: api.stockdio.com *.googletagmanager.com *.gstatic.com https://at.alicdn.com/ https://cdn.leadinfo.net; connect-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.onetrust.com dc.services.visualstudio.com *.azureedge.net *.hms-networks.com https://api.instatus.com *.meiqia.com *.livechatinc.com https://hms.matomo.cloud/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ wss://camorope-client-a.meiqia.com/ https://collector.leadinfo.net www.hms-networks.cn https://api.leadinfo.com https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://www.google.com/ https://pagead2.googlesyndication.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src 'self' data: blob: * *.cookielaw.org https://cdn.cookielaw.org/ https://hm.baidu.com/ https://px.ads.linkedin.com/ https://tenant-assets.meiqiausercontent.com/ https://cdn.livechat-static.com/ https://cdn.livechat-files.com/ https://*.meiqiausercontent.com https://cdn.files-text.com/ https://collector.leadinfo.net https://cdn.leadinfo.net https://www.google.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' 'unsafe-inline' api.stockdio.com *.googletagmanager.com *.googleapis.com https://cdn.leadinfo.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; frame-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.bihl-wiedemann.de secure-fra.livechatinc.com *.google.com https://www.youtube.com warranty.hms-networks-data.com https://td.doubleclick.net/; media-src 'self' data: blob: *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net https://static.meiqia.com/; child-src 'self' blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.bihl-wiedemann.de 5 frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat https://www.lasemaineduroussillon.com https://lasemaineduroussillon.com; 5 frame-ancestors 'self' *; default-src 'self' data: wss: int.freekassa.net fk.money mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com *.freekassa.ru *.freekassa.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com mzm.fk.money fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *googletagmanager.com *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.net *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.freekassa.net *.kassa.ai *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; connect-src 'self' data: wss: wss://cdnwbstts.com mzm.fk.money newassets.hcaptcha.com checkout.paythrone.com mc.yandex.ru cdnwbstts.com openfpcdn.io api.fpjs.io tls-use1.fpapi.io *.fptls.com *.freekassa.net *.freekassa.ru *.jivosite.com *.google.com *.google-analytics.com 5 upgrade-insecure-requests ; 5 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 5 default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3 pingvp.com *.pingvp.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com www.clarity.ms cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com *.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js s.pinimg.com ct.pinterest.com www.reddit.com ads.reddit.com www.redditstatic.com api.salesfeed.com *.segmentstream.com static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com js.monitor.azure.com/scripts/b/ai.config.1.cfg.json ib.adnxs.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com adservice.google.com googleads.g.doubleclick.net www.googleadservices.com stm.eneco.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io content.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com track.segmentstream.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com adservice.google.com *.googleadservices.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com pingvp.com *.pingvp.com;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com *.hotjar.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com;style-src 'self' 'unsafe-inline' *.hotjar.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.facebook.com connect.facebook.net www.google.com stm.eneco.nl *.googletagmanager.com vars.hotjar.com ct.pinterest.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com *.chilipiper.com; 5 frame-ancestors 'self' https://app.storyblok.com/ 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss:; 5 frame-ancestors 'self' https://*.sonepar.coremedia.cloud/ https://*.sciquest.com https://*.jaggaer.com https://*.danisco.com:57101 https://*.danisco.com:57201 https://*.danisco.com:57301 https://*.danisco.com:44300 http://*.danisco.com:8000 https://*.global.iff.com:8000 https://*.global.iff.com:44300 https://*.global.iff.com:57201 https://*.global.iff.com:57301 https://*.global.iff.com:57101 https://*.ariba.com:44300 https://*.ariba.com:8000 https://*.ariba.com https://*.sirti.net:8001 https://*.sirti.net http://*.sirti.net:8001 https://*.linde.grp:8001 https://*.linde.grp http://*.linde.grp:8001 https://*.linde.grp:44350 https://*.hopperix.it; 5 frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 5 base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 5 frame-ancestors 'self'; base-uri 'self'; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; font-src 'self' data: https: http:; img-src 'self' data: https: http:; media-src 'self' data: https: http:; frame-src 'self' https: http:; connect-src 'self' https: http:; 5 worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 5 font-src fonts.gstatic.com use.typekit.net https://*.gopersonal.ai *.fontawesome.com *.bootstrapcdn.com data: *.gstatic.com 'self' data: *.moosend.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.gopersonal.ai *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.vnforapps.com h.online-metrix.net *.loginextsolutions.com widget.botlers.io somosngr.com.pe td.doubleclick.net PJCLAIM http://r1.dotdigital-pages.com http https email.papajohns.com.pe r1.ddlnk.net/signup.ashx cdn-images-pj-admin-prod.s3.amazonaws.com *.getblue.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://*.gopersonal.ai www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.designer-images.net maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: cdn.cookielaw.org google.com c.clarity.ms www.google.com.ar c.bing.com *.t.co *.twitter.com *.google.com.pe fonts.gstatic.com https://ad.soicos.com/ *.afilio.com.br *.getblue.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://*.gopersonal.ai https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com polyfill.io *.moosend.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com cdn.cookielaw.org cdn.onesignal.com *.hotjar.com widget.botlers.io onesignal.com *.vnforapps.com h.online-metrix.net *.cdn.stat-track.com https://www.clarity.ms/ *.tiktok.com *.ads-twitter.com http://r1.dotdigital-pages.com http://email.papajohns.com.pe email.papajohns.com.pe *.web.app *.afilio.com.br *.getblue.io https://static.targethaus.net/analytics.js https://237.logstracker.com/237.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.gopersonal.ai *.fontawesome.com *.moosend.com *.bootstrapcdn.com cdn.dnky.co *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org widget.botlers.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://*.gopersonal.ai https://*.goshops.ai https://*.googleapis.com https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com *.cookielaw.org *.moosend.com region1.analytics.google.com *.hotjar.io oldenterprise.botlers.io vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.clarity.ms cors-anywhere.herokuapp.com www.google.com.ar geolocation.onetrust.com privacyportal.onetrust.com *.tiktok.com www.google.com https://lib-us-1.brilliantcollector.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 5 frame-ancestors app.storyblok.com 5 default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.hcaptcha.com; script-src *.googletagmanager.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.hcaptcha.com *.recaptcha.net 'self'; connect-src 'self' *.google.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net; 5 default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.iconnode.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.securitastechnology.com *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.segment.com *.segment.io *.fontawesome.com *.wistia.net *.windows.net www.stanleysecuritysolutions.com *.adroll.mgr.consensu.org *.subscribers.com *.6sc.co *.adroll.com *.omappapi.com *.callrail.com *.police.uk *.stanleysecurity.com *.stanleycss.com *.pardot.com *.wistia.com *.google.com *.google.fr *.google.be *.google.nl *.google-analytics.com *.googleapis.com *.formstack.com *.jsdelivr.net *.addtoany.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.bing.com *.go-mpulse.net *.akamaihd.com *.akamaihd.net *.janraincapture.com *.rpxnow.com *.nr-data.net *.newrelic.com *.marketo.net *.marketo.com *.youtube.com *.ytimg.com *.onetrust.com *.cookielaw.org *.drift.com *.driftt.com *.reevoo.com *.pricespider.com *.cloudfront.net *.mapbox.com *.hotjar.com *.doubleclick.net *.linkedin.com *.licdn.com *.ads.linkedin.com *.facebook.net *.facebook.com rpxnow.com *.googleoptimize.com resource://pdf.js app-ab06.marketo.com resources.securitastechnology.com content.securitastechnology.com cdn.jsdelivr.net cdnjs.cloudflare.com d8ejoa1fys2rk.cloudfront.net maps.googleapis.com polyfill.io unpkg.com www.google.com *.googleapis.com *.adnxs.com *.mktoweb.com *.visualwebsiteoptimizer.com *.iconnode.com *.demandbase.com *.feathery.io cdn.ontame.io *.sentry-cdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.nl *.google.fr *.police.uk *.google.be *.cloudflare.com *.formstack.com *.jsdelivr.net *.marketo.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com *.google-analytics.com *.googleapis.com *.reevoo.com *.pricespider.com *.cloudfront.net in.hotjar.com *.mapbox.com *.typekit.net p.typekit.net *.googletagmanager.com *.mktoweb.com *.feathery.io *.securitastechnology.com; img-src 'self' data: blob: *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.google.com.tr *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.doubleclick.net *.bing.com *.bing.net *.hotjar.com *.marketo.com resources.securitastechnology.com content.securitastechnology.com *.google.am *.google.co.uk *.google.ca *.securitastechnology.com *.mktoweb.com *.nr-data.net *.visualwebsiteoptimizer.com *.stanleysecurity.com id.rlcdn.com *.company-target.com *.demandbase.com *.feathery.io *.amazonaws.com collector.ontame.io; media-src 'self' data: blob: *.fontawesome.com *.wistia.net *.windows.net *.driftqa.com *.driftt.com *.googletagmanager.com *.wistia.com *.stanleysecurity.com *.feathery.io; frame-src 'self' *.google.com *.stanleysecurity.co.uk stanleyblackanddecker.ent.box.com *.police.uk *.twitter.com *.stanleysecurity.com *.stanleycss.com www.google.nl www.google.fr www.google.be *.marketo.net *.stanleyhealthcare.com *.stanleyaccess.com *.wistia.com *.wistia.net *.marketo.com resources.securitastechnology.com content.securitastechnology.com *.doubleclick.net *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.janraincapture.com *.youtube.com *.drift.com *.driftt.com *.drift.click *.reevoo.com *.pricespider.com *.reachmee.com *.stanleysecurity.fr *.mktoweb.com *.securitastechnology.com *.company-target.com *.visualwebsiteoptimizer.com *.feathery.io; frame-ancestors 'self' *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.bing.com *.hotjar.com *.stanleysecurity.com *.stanleycss.com *.securitastechnology.com securitastechnology.com *.feathery.io; child-src 'self' *.fontawesome.com *.wistia.net *.windows.net *.pardot.com *.stanleycss.com *.googletagmanager.com; worker-src 'self' data: blob: *.securitastechnology.com; font-src 'self' data: *.fontawesome.com *.wistia.net *.windows.net *.cloudflare.com *.formstack.com *.jsdelivr.net *.googleapis.com *.googleusercontent.com *.gstatic.com *.typekit.net *.hotjar.com d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ *.googletagmanager.com *.wistia.com *.feathery.io *.cloudfront.net; connect-src 'self' *.akamaihd.net *.segmentapis.com *.clarity.ms *.segment.io *.segment.com *.fontawesome.com *.wistia.net *.windows.net *.doubleclick.net *.6sense.com *.litix.io *.police.uk *.ip-api.com *.6sc.co *.adnxs.com *.subscribers.com *.wistia.com *.callrail.com *.google.com www.google.nl www.google.fr www.google.be *.facebook.com *.facebook.net wss://*.hotjar.com *.driftcdn.com *.googleapis.com *.google-analytics.com *.mktoresp.com *.bing.com *.bing.net *.googlevideo.com *.hotjar.com *.hotjar.io *.nr-data.net *.onetrust.com *.cookielaw.org wss://*.driftt.com *.reevoo.com *.mapbox.com d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json *.bynder.cloud p11.techlab-cdn.com cdn.linkedin.oribi.io *.googletagmanager.com *.oribi.io *.securitas.com *.mktoutil.com *.securitastechnology.com *.googleadservices.com googleadservices.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.iconnode.com *.company-target.com *.demandbase.com *.linkedin.com *.feathery.io https://p.ksrndkehqnwntyxlhgto.com; report-uri /report-csp-violation; upgrade-insecure-requests 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.radancy.com/analytics https://pi.pardot.com/analytics https://pi.pardot.com/pd.js https://pagead2.googlesyndication.com https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://www.google.com https://*.vimeo.com https://s45065.pcdn.co https://www.radancy.com https://www.googletagmanager.com https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://www.linkedin.com https://www.google.at https://ade.googlesyndication.com https://www.googletagmanager.com https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://s45065.pcdn.co https://*.talentbrew.com; worker-src 'self' blob: ; 5 default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 5 default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'self'; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub16f8f4157f115b184e143716929b3d8c&dd-evp-origin=content-security-policy&ddsource=csp-report; 5 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com; frame-ancestors 'self' https://newcms.webcentral.au; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 5 img-src *; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk https://surveys.enalyzer.com https://white-meadow-0e5747a03.3.azurestaticapps.net 5 frame-ancestors 'self' *.alineops.com; 5 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com app-script.monsido.com connect.facebook.net *.cloudfront.net media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com drive.google.com *.googleusercontent.com docs.google.com web-messenger.ingenious.ai *.smooch.io maps.googleapis.com sc-static.net ecodev.jotform.com snap.licdn.com *.clarity.ms challenges.cloudflare.com *.salesforceliveagent.com *.freshworks.com *.freshdesk.com google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au fonts.googleapis.com tagmanager.google.com fast.fonts.net *.openforms.com fontlibrary.org *.googletagmanager.com web-messenger.ingenious.ai *.smooch.io drwgdblqzrfiz.cloudfront.net *.freshworks.com *.freshdesk.com; img-src 'self' *.amazee.io *.analytics.google.com *.content.vic.gov.au *.doubleclick.net *.fastly.net *.google-analytics.com *.google.com *.google.com.au *.gravatar.com *.gstatic.com *.hotjar.com *.hotjar.io *.ingenious.ai *.sdp.vic.gov.au *.smooch.io *.www.vic.gov.au api.mapbox.com assets.storerocket.io au-gmtdmp.mookie1.com base.maps.vic.gov.au blob: cdn.storerocket.io content.vic.gov.au data: dhhs.vic.gov.au drwgdblqzrfiz.cloudfront.net i.ytimg.com lh3.googleusercontent.com maps.googleapis.com maps.gstatic.com secure.adnxs.com tracking.monsido.com vic-bot.netlify.app wss://*.hotjar.com www.dhhs.vic.gov.au www.facebook.com www.google.co.id www.google.co.jp www.google.co.uk www.google.co.za www.google.com www.google.com.bo www.google.com.br www.google.com.co www.google.com.eg www.google.com.mx www.google.com.na www.google.com.om www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.fr www.google.gr www.google.hr www.google.ie www.google.it www.google.lk www.google.nl www.google.rs www.googletagmanager.com *.clarity.ms *.linkedin.com c.bing.com *.freshworks.com *.freshdesk.com www.vic.gov.au plan-gis.mapshare.vic.gov.au; font-src 'self' data: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org *.smooch.io *.ingenious.ai; frame-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net livestream.com flo.uri.sh zingtree.com control.5stream.com *.podbean.com lgi-complaint-form-uat.powerappsportals.com www.kuula.co s3-ap-southeast-2.amazonaws.com e.issuu.com deakin.h5p.com padlet.com e.infogram.com fuse.education.vic.gov.au *.arcgis.com ecodev.jotform.com app.vision6.com.au *.formsite.com digitaltender.alstom.com urldefense.com app4.vision6.com.au dhhschange.syd1.qualtrics.com *.clarity.ms datawrapper.dwcdn.net cite360.tours open.spotify.com enterprise.mapshare.vic.gov.au forms.zohopublic.com.au www.googletagmanager.com confirmsubscription.com childcare-calc-apps.shinyapps.io *.freshdesk.com; manifest-src 'self' data:; media-src 'self' *.ingenious.ai; connect-src 'self' *.analytics.google.com *.api.go.vic.gov.au *.arcgis.com *.au.ingenious.ai *.chatbot.digital.vic.gov.au *.content.vic.gov.au *.doubleclick.net *.fastly.net *.google-analytics.com *.hotjar.com *.hotjar.io *.mapbox.com *.myvictoria.vic.gov.au *.sdp.vic.gov.au *.smooch.io *.storerocket.io *.www.vic.gov.au analytics.google.com api.go.vic.gov.au api.ipify.org chatbot.digital.vic.gov.au content.vic.gov.au corp-geo.mapshare.vic.gov.au directory.data.vic.gov.au discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net flex-api.twilio.com iam.twilio.com maps.googleapis.com secure-ds.serving-sys.com stat.data.abs.gov.au storerocket.io tsock.us1.twilio.com web-messenger.ingenious.ai wss://*.hotjar.com wss://*.smooch.io wss://tsock.us1.twilio.com www.facebook.com www.google.com *.clarity.ms *.linkedin.com *.google.com *.freshworks.com *.freshdesk.com www.vic.gov.au opendata.maps.vic.gov.au plan-gis.mapshare.vic.gov.au; frame-ancestors 'self' *.vic.gov.au *.shrine.org.au *.victorianveteranscouncil.org.au; 5 referrer no-referrer 5 'self'; 5 frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' 5 frame-ancestors 'self' https://app.contentful.com https://anypoint.mulesoft.com 5 frame-ancestors 'self' https://preview.plaece.nl; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://*.mobinterier.com https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://google.fr https://*.google.fr https://google.de https://*.google.de https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz https://scaleflex.cloudimg.io https://*.cloudflareinsights.com https://*.ads-twitter.com https://analytics.twitter.com/ 5 frame-ancestors 'self' my.enboarder.com nine.enboarder.io; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://login.microsoftonline.com https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.linkedin.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-vto.es *.metro-properties.com.tr *.metro-campus-services.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl *.metro-gsc.com px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de; frame-src 'self' *.googletagmanager.com *.facebook.com https://video.metro.de www.youtube.com *.walls.io plugins.flockler.com charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com t.email.metro.de feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com; connect-src 'self' *.google.com *.googlesyndication.com content-eu-discoveryengine.googleapis.com *.google-analytics.com *.qualtrics.com *.twitter.com *.ads.linkedin.com *.facebook.com bscmiagbot.metro.de 1634.global.siteimproveanalytics.io; frame-ancestors 'self'; worker-src blob:; media-src 'self' data: https://video.metro.de; report-uri MagReport.csp?cspReport=true 5 connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.unifyintent.com unifyintent.com *.google.com google.com; default-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.googletagmanager.com *.zi-scripts.com *.tag.unifyintent.com; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.tag.unifyintent.com *.googleadservices.com; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data: *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.zi-scripts.com *.tag.unifyintent.com *.unifyintent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com unpkg.com/vue@3/dist/vue.global.js unpkg.com/vue@3/ *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.terryberry.com *.unifyintent.com; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.unifyintent.com; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 5 default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' blob:; 5 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM=' 'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE=' 'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig=' 'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA=' 'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8=' 'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0=' 'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4=' 'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE=' 'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po=' 'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com *.archgroup.com www.googletagmanager.com www.clarity.ms; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com www.archgroup.com www.googletagmanager.com platform.twitter.com www.clarity.ms c.clarity.ms e.clarity.ms; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com *.googletagmanager.com fonts.gstatic.com; frame-src *.archgroup.com www.podbean.com www.youtube.com www.google.com *.icims.com player.vimeo.com *.twitter.com; img-src 'self' data: www.archgroup.com archgroup.com ps.w.org p.adsymptotic.com wpengine.com dify.wpengine.com maps.gstatic.com *.googleapis.com *.ggpht.com secure.gravatar.com *.linkedin.com *.google-analytics.com *.analytics.google.com *.twitter.com c.clarity.ms c.bing.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.archgroup.com insurance.archgroup.com mortgage.archgroup.com reinsurance.archgroup.com *.google-analytics.com analytics.google.com *.analytics.google.com archcapital2020tf.q4web.com *.licdn.com stats.g.doubleclick.net my.wpengine.com yoast.com api.redirect.li px.ads.linkedin.com cdn.linkedin.oribi.io e.clarity.ms; media-src *.archgroup.com extend.vimeocdn.com; form-action 'self'; base-uri 'self'; frame-ancestors 'self' www.slipcase.com marketplace.marsh.com; upgrade-insecure-requests ; object-src 'self'; child-src 'self'; worker-src 'self' blob: *.archgroup.com; 5 upgrade-insecure-requests; default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5 frame-ancestors 'self' https://admin.hifiklubben.dk https://businesscentral.dynamics.com https://lshardware.audionord.dk https://bctest.audionord.dk https://bc.audionord.dk 5 frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 5 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 5 default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' * 'unsafe-inline' ; 5 base-uri 'none'; default-src: 'none'; block-all-mixed-content 5 default-src 'self' *.aptaclub.de/ *.aptaclub.ch/ *.aptaclub.at/ *.activia.de/ *.danone-dany.de/ *.fruchtzwerge.at/ *.milupa.de/ *.milupa.at/ *.nutricia.de/ *.provamel.de/ *.badoit.ch/ *.volvic.de/ *.volvic.ch/ *.yopro.de/ *.typeform.com/ *.salesforce-scrt.com/ *.adsrvr.org/ *.danonino.ch/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.aptaclub.de/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; style-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.activia.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.salesforce-scrt.com/ *.danonino.ch/ *.badoit.ch/ *.nutricia.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/ *.aptaclub.de/ *.aptaclub.de/ *.volvic.ch/ *.volvic.de/ *.yopro.de/ *.typeform.com/ *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.chargebee.com/ *.danone-dany.de/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.live2support.com/ *.lpsnmedia.net/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ https://start.video-stream-hosting.de/ *.nutriciaflocare.com/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; script-src 'self' *.typeform.com/ https://js.adsrvr.org/ https://c.amazon-adsystem.com/aat/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.danonino.ch/ *.salesforce-scrt.com/ *.nutricia.de/ *.milupa.at/ *.activia.de/ *.yopro.de/ sgtm.volvic.de/ sgtm.volvic.ch/ sgtm.provamel.de/ sgtm.danone-dany.de/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.analytics.google.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.typeform.com/ *.activia.de/ sgtm.provamel.de/ https://sync.targeting.unrulymedia.com/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.badoit.ch/ *.actimel.fr/ *.salesforce-scrt.com/ *.adsrvr.org/ *.yopro.de/ https://sgtm.volvic.de/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://sync.1rx.io/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.sync.1rx.io/ *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.nutricia.de/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.rubiconproject.com/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.google.es/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ id5-sync.com/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; frame-src 'self' *.aptaclub.de/ *.activia.de/ *.danonino.ch/ *.aptaclub.de/ *.aptaclub.at/ *.aptaclub.ch/ *.provamel.de/ *.danone-dany.de/ *.typeform.com/ https://danone-events.eu.typeform.com/ https://business.safety.google/ *.actimel.de/ *.milupa.de/ *.milupa.at/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.volvic.ch/ *.nutricia.de/ *.volvic.de/ *.salesforce-scrt.com/ *.adsrvr.org/ *.office.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.yopro.de/ *.force.com/ *.salesforce.com/ *.paypal.com *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/ *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; connect-src 'self' *.typeform.com/ *.activia.de/ *.milupa.at/ *.yopro.de/ https://sgtm.volvic.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.nutricia.de/ *.salesforce-scrt.com/ *.algolianet.com/ *.algolia.net/ *.algolia.io/ https://api.trustbadge.etrusted.com/accounts/ https://trustbadge.api.etrusted.com/ https://sgtm.provamel.de/ https://ara.paa-reporting-advertising.amazon/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://id5-sync.com/ *.tiktok.com/ *.linkedin.com/ *.azure.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.s3.eu-west-1.amazonaws.com/ https://bam.eu01.nr-data.net/ *.badoit.ch/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.my.site.com/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.salesforce-sites.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.googlesyndication.com/ *.adnxs.com/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; font-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.danonino.ch/ *.badoit.ch/ *.salesforce-scrt.com/ *.activia.de/ *.danone-dany.de/ *.volvic.ch/ *.volvic.de/ *.aptaclub.ch/ *.aptaclub.at/ *.aptaclub.de/ *.danone-dtc.net *.typekit.net/ *.nutricia.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.yopro.de/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/ *.googlesyndication.com/ *.provamel.de/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.milupa.de/ *.milupa.at/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/ *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; media-src 'self' *.lpsnmedia.net/ *.nutricia.de/ *.danone-dany.de/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.volvic.ch/ *.badoit.ch/ *.danonino.ch/ *.volvic.de/ *.yopro.de/ *.activia.de/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/*.aptaclub.at/ *.aptaclub.de/ *.adsrvr.org/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.squarelovin.com/ *.digital4danone.com/; 5 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; object-src 'self' *; frame-src 'self' *; worker-src 'self' *; connect-src 'self' * 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fensterversand.com *.fensterversand.at *.fensterversand.ch *.fenetre24.com *.fenetre24.be *.haustueren.de *.finestre.com *.ventanas.es *.windows24.com *.neuffer.de *.neuffer-payment.com *.k8s.nng-stage.de *.nng-prod.de *.amazonaws.com *.cloudflare.com *.cloudfront.net *.google.com *.google.de *.googleapis.com *.googlecode.com *.googletagmanager.com *.gstatic.com *.attributy.com *.spoteffects.net *.google-analytics.com *.googlecommerce.com *.googleadservices.com unpkg.com *.matomo.cloud *.etrusted.com *.trustedshops.com *.trustpilot.com *.bootstrapcdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.jquery.com *.typeform.com *.doubleclick.net *.userlike.com wss://*.userlike.com userlike-cdn-umm.b-cdn.net *.optimizely.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io data: *.geschuetzteinkaufen.commerzbank.de *.usd.de *.ogone.com *.sofort.com *.billpay.de *.paypal.de *.paypal.com *.paypalobjects.com *.pay1.de *.klarnacdn.net *.klarna.com *.klarnaevt.com https://*.klarnaservices.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.hotjarconsent.com *.hotjar.io *.mouseflow.com *.bing.com *.bing.net *.mozilla.org *.jsdelivr.net *.trackjs.com *.consensu.org *.consentmanager.net *.taboola.com *.googleusercontent.com cdn.datatables.net *.criteo.com *.criteo.net *.twiago.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.emxdgt.com *.solutenetwork.com *.ubembed.com *.1rx.io *.adsensecustomsearchads.com *.openai.com *.dwin1.com *.awin1.com *.roeyecdn.com *.roeye.com *.sciencebehindecommerce.com *.wepowerconnections.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net 5 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 5 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5 default-src 'self' https:; img-src 'self' data: https:; style-src-elem 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src-attr 'unsafe-inline'; font-src 'self' data: https:; frame-ancestors https://volkswagen-admin.porsche-holding.com; connect-src 'self' https: wss: ws: data:; manifest-src 'self' https:; media-src 'self' https: data: blob; frame-src 'self' https:; upgrade-insecure-requests 5 frame-ancestors 'self' svb.matomo.cloud cbs.svb-hb.de cbs-local.svb-hb.de 5 default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com https://cdn.auth0.com https://ads.twitter.com https://imasdk.googleapis.com https://pagead2.googlesyndication.com https://static.ads-twitter.com https://s0.2mdn.net https://www.googletagservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://imasdk.googleapis.com/; media-src * data: blob:; worker-src * data: blob: 5 media-src 'self'; 5 frame-ancestors 'self' ; script-src 'self' cdn.rudderlabs.com 5 media-src blob: 'self' 5 frame-ancestors 'self' *.appcard.com 5 frame-ancestors 'self' *.volusion.com 5 frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 5 frame-ancestors 'self' https://*.sagepay.com https://*.paypal.com https://*.klarna.com https://*.instagram https://*.evopaymentgateway.com https://*.boipapaymentgateway.com https://*.paypalobjects.com 5 default-src https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.twistoo.co; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.twistoo.co t.cometlytrack.com google.com *.nosto.com respondent.survicate.com survey.survicate.com survey-prd.survicate-cdn.com *.cookieyes.com cdn-cookieyes.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com cdn.jsdelivr.net; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com *.doubleclick.net *.flippingbook.com publuu.com googletagmanager.com *.google.com; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com analytics.tiktok.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com assets.survicate.com img.survicate.com images.unsplash.com cdn-cookieyes.com; media-src *.twistoo.co data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.publuu.com cdnjs.cloudflare.com *.twistoo.co t.cometlytrack.com static.cloudflareinsights.com *.nosto.com nosto.stackla.com *.cloudfront.net survey.survicate.com surveys-static.survicate.com surveys-static-prd.survicate-cdn.com survey-prd.survicate-cdn.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com cdnjs.cloudflare.com *.twistoo.co *.cloudfront.net surveys-static.survicate.com surveys-static-prd.survicate-cdn.com 5 default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:; 5 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagead2.googlesyndication.com https://deviceid.notolytix.com https://*.userguiding.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://apis.google.com https://omg.toptex.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google.com https://ajax.cloudflare.com/ https://www.gstatic.com https://ipinfo.io https://cdn.jsdelivr.net https://*.lyra.com https://static.cloudflareinsights.com https://tag.toptex.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.lyra.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.privacy-center.org https://*.lyra.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://cdn.toptex.com https://tag.toptex.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://www.toptex.fr https://*.toptex.com https://pagead2.googlesyndication.com https://files.europeancatalog.fr https://files.toptex.fr https://blog.toptex.com; connect-src 'self' https://*.privacy-center.org https://tag.toptex.com wss://ws.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.userguiding.com https://px.ads.linkedin.com https://www.google.com https://insights.algolia.io https://ipinfo.io https://api.privacy-center.org https://pagead2.googlesyndication.com https://*.algolia.net; frame-src 'self' https://www.youtube.com https://tag.toptex.com https://www.googletagmanager.com https://www.google.com https://api.lyra.com https://player.vimeo.com https://ns.europeancatalog.com https://www.europeancatalog.com https://challenges.cloudflare.com; object-src 'none'; base-uri 'self'; form-action 'self' https://secure.lyra.com; upgrade-insecure-requests; worker-src 'self' blob:; 5 default-src 'self'; frame-src 'self' blob: data: application/pdf *.vimeo.com *.fnb.co.za *.ebucks.com authentication.cardinalcommerce.com *.fnbbotswana.co.bw *.doubleclick.net *.fnbconnect.co.za *.rmb.co.za:10443 *.fnbswaziland.co.sz:10443 *.fnbzambia.co.zm:10443 *.firstnationalbank.com.gh:10443 *.fnb.co.ls:10443 *.fnbci.co.uk:10443 *.fnbnamibia.com.na:10443 *.rmbprivatebank.com:10443 *.fnb.co.za:10443 *.rmb.co.za *.fnbswaziland.co.sz *.google.com *.gstatic.com *.fnbzambia.co.zm msgfnb.bankserv.co.za *.firstnationalbank.com.gh *.fnb.co.ls *.fnbci.co.uk *.fnbnamibia.com.na *.id.opendns.com *.rmbprivatebank.com https://*.googletagmanager.com; frame-ancestors 'self' *.fnb.co.za *.doubleclick.net https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://connect.facebook.net https://*.doubleclick.net https://*.fnb.co.za https://*.google.com https://*.google.co.za; worker-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com; object-src 'self'; img-src 'self' https://*.google.com https://*.google.co.za https://www.facebook.com https://*.google-analytics.com *.doubleclick.net https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.vimeocdn.com https://*.vimeo.com https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com blob: data: https://*.google.co.za https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://media.tenor.com https://media.giphy.com https://*.googlesyndication.com; media-src 'self' blob: data: https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com https://*.cloudfront.net https://download-video.akamaized.net https://*.vimeo.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.fnbconnect.co.za https://eu.whatfix.com https://*.gstatic.com https://*.fnbwealthandinvestments.co.za wss://*.fnbconnect.co.za:* https://*.googleapis.com https://media.tenor.com https://media.giphy.com https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com https://*.google.com https://*.google.co.za https://*.google-analytics.com https://*.googlesyndication.com https://qa-sgtm-kdhtvzc.uc.r.appspot.com https://fnb-za-sgtm-km7z7r4k.ey.r.appspot.com *.doubleclick.net; form-action 'self' https://*.fnb.co.za https://*.fnbwealthandinvestments.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnbci.co.uk https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com; 5 upgrade-insecure-requests; frame-ancestors: self 5 frame-ancestors 'self' https://secure.simplepart.com https://checkout.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 5 font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: intent: fb-messenger:; frame-ancestors self; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' report-sample blob: https://www.youtube.com https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com https://*.cookiebot.com https://*.doubleclick.net https://www.googletagmanager.com; report-uri https://csp.ew72.net?site=osg 5 default-src https: wss://*.hotjar.com wss://wc.dcbprotect.com:8080 'unsafe-inline' 5 connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; frame-ancestors 'self' https://www.youtube.com https://player.vimeo.com 5 default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 5 default-src 'self'; img-src 'self' data:; 5 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; frame-ancestors 'self'; 5 frame-ancestors 'self' *.intuit.com 4 frame-ancestors *.mi.com; 4 frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 4 frame-ancestors 'self' *.wal.co *.walmart-customcards.com *.walmart.com:* *.walmart.net *.walmartimages.com; report-uri https://csp.walmart.com/c/r/gl 4 frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 4 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com thesun.co.uk the-sun.com thescottishsun.co.uk thesun.ie au-script.dotmetrics.net; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com thesun.co.uk the-sun.com thescottishsun.co.uk thesun.ie au-script.dotmetrics.net 4 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 4 frame-ancestors 'self' https://www.onetrust.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com; media-src * blob:; worker-src * blob:; 4 frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 4 frame-ancestors 'self' media.rakr.net rackspace.pathfactory.com docs.google.com; report-uri https://www.rackspace.com/report-uri/enforce 4 default-src 'self' *.techcrunch.com; frame-ancestors 'self'; frame-src 'self' https:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; connect-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; media-src 'self' *.youtube.com *.jetpackdigital.com; font-src 'self' * data:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; 4 default-src * 'self' blob: data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 4 frame-ancestors 'self' https://support.ancestry.com 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu https://dotcom.tags.elsevier.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com https://px4.ads.linkedin.com https://www.googleadservices.com https://www.googletagmanager.com https://dotcom.tags.elsevier.com https://s3.amazonaws.com; font-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com https://business.api.elsevier.com https://gtm-dotcom.staging.webpresence.elsevier.com https://dotcom.tags.elsevier.com https://www.google.com/ccm/collect https://eu01.rec.mouseflow.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net https://survey.alchemer.eu https://dotcom.tags.elsevier.com; base-uri 'self'; form-action 'self'; 4 frame-ancestors 'self' https://*.facebook.com https://*.google.com 4 frame-ancestors https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org 4 frame-ancestors 'self' https://redis.io https://app.mutinyhq.com 4 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com https://rsdk2.grafana-dev.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com https://widget.kapa.ai https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://grafana.chilipiper.com https://static.zuddl.com https://js.stripe.com https://node-api-test-sand.vercel.app https://cdn.cookielaw.org https://track.customer.io https://cdn.rudderlabs.com 4 frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 4 frame-ancestors 'self' appsec.aarp.org secure.aarp.org cms.aarp.org arenax-testing2-games.aarp.org test.giveback.aarp.org giveback.aarp.org aarp.staging.jibeapply.com aarp.devserver.cloud navigator.aarp.org earnpoints.aarp.org events.xg4ken.com ayuda-sp.aarp.org ayuda-s.aarp.org ayuda.aarp.org app.devserver.cloud nutrition.aarp.org aarp.jibeapply.com arenax-testing3-games.aarp.org aarp.theworkademy.com stage.jobskills.aarp.org jobskills.aarp.org feeds.aarp.org memberoffers.aarp.org aarp.org cdn.aarp.net appsec.aarp.org secure-pi.aarp.org test.elearn.aarp.org dev.livablemap.aarp.byf1.dev livablemap.aarp.org nextgen.jobs.aarp.org jobs.aarp.org arenax-testing-games.aarp.org games.aarp.org futureofhousing.aarp.org aarpfutureodev.wpengine.com aarpfohstage.wpengine.com help-s.aarp.org test.elearn.aarp.org elearn.aarp.org local.aarp.org staging.local.aarp.org longtermscorecard.org careers.aarp.org www.aarp.org yqa.livetech.dev yqa.test caretotalk.aarp.org policybook.aarp.org policybookdb8jfimehk.devcloud.acquia-sites.com livindexhub.aarp.org livabilityindex.aarp.org livablemap.aarp.org press.aarp.org stage.mediaroom.com policybookwmcd4qm5qv.devcloud.acquia-sites.com dev.livindex-21.aarp.byf1.dev stage.livindex-21.aarp.byf1.dev veterans.aarp.org learn.aarp.org help.aarp.org community.aarp.org services.share.aarp.org secure.aarp.org virtualevents.aarp.org cdn.kitewheel.com aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org blog.aarp.org taxappointment.aarp.org banksafetraining.aarp.org virtualevents.aarp.org; 4 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 4 frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 4 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thebalancemoney.com; upgrade-insecure-requests; 4 default-src 'none'; form-action 'self' https://madmimi.com https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; connect-src 'self' https://matomo.org https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://v1.api.service.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu https://graphql.usercentrics.eu; script-src 'self' https://snap.licdn.com https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline' https://app.usercentrics.eu https://api.usercentrics.eu https://web.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://app.usercentrics.eu; img-src 'self' https://*.matomo.org https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://video.matomo.org https://app.usercentrics.eu https://uct.service.usercentrics.eu api.userlike.com https://userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://matomo.org https://*.matomo.org https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud data: https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org https://app.usercentrics.eu https://web.cmp.usercentrics.eu; 4 frame-ancestors 'self' https://app.optimizely.com 4 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cloudflare.com www.yola.com unpkg.com *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com *.storylane.io *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.f.vimeocdn.com *.i.vimeocdn.com jitter.video stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net data: blob:;frame-ancestors 'self'; form-action 'self'; 4 upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 4 frame-ancestors 'self' https://mobile.southwest.com https://www.southwest.com https://www.swabiz.com; 4 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ https://c.lytics.io/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 4 default-src 'self'; font-src 'self' data: *.raif.v305.tmphost.ru cdn.megabonus.com fonts.gstatic.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net; style-src 'self' 'unsafe-inline' *.raif.v305.tmphost.ru cdn.jsdelivr.net kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net *.yastatic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.insapp.ru *.kaspersky-labs.com widget.oval.life polyfill.io code.jquery.com edge.fullstory.com connect.facebook.net *.googleoptimize.com *.tmweb.ru unpkg.com platform.twitter.com *.rutarget.ru *.hybrid.ai snap.licdn.com *.kirarock.space *.mail.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net analytics.tiktok.com cdn.jsdelivr.net google-analytics.com *.google-analytics.com google.com *.google.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru ru.id.group-ib.com statad.ru vk.com www.googletagmanager.com www.gstatic.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net yastatic.net *.yastatic.net; frame-src *.doubleclick.net *.insapp.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net captcha-api.yandex.ru mc.yandex.ru google.com *.google.com kaplife.ru *.kaplife.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru ru.id.facct.ru ru.id.group-ib.com sync.1dmp.io vk.com zettains.ru securepaymentway.ru *.sbrf.ru securepaymentgateway.ru securecardpayment.ru *.sberbank.ru mafin.ru raif.ponimau.com www.youtube.com; connect-src 'self' *.doubleclick.net *.insapp.ru *.kirarock.space *.mail.ru *.trackjs.com *.upravel.com *.vk.com analytics.tiktok.com dadata.ru *.dadata.ru google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru vk.com wss://*.raiffeisen.ru raiffeisen.cpeople.ru sentry.b2bpolis.ru sbbe.group-ib.ru *.fp.kaspersky-labs.com *.amplitude.com ymetrica1.com www.googletagmanager.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net; img-src 'self' blob: data: *.mail.ru *.trackjs.com *.upravel.com *.vk.com google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com statad.ru sync.1dmp.io vk.com www.google.com www.google.ru *.google.com.tr www.gstatic.com www.welldonecode.com proxy-block.raiffeisen.ru:8002 hit.acstat.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net *.yastatic.net; media-src blob: data: audiocdn.lingualeo.com api.lingvolive.com raiffeisen.ru *.raiffeisen.ru; form-action 'self'; 4 object-src 'none'; base-uri 'none' 4 default-src 'self' www.app5.unisys.com js.qualified.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.siteimprove.net cdn.jsdelivr.net js.monitor.azure.com bugcrowd.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com js.adsrvr.org *.intentsify.io acdn.adnxs.com *.techtarget.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com js.qualified.com www.googleadservices.com *.optimizely.com *.twitter.com *.gartner.com cdn.pdst.fm www.gstatic.com *.6sc.co *.contentsquare.net app.contentsquare.com *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com https://js.ipredictive.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com https://t.contentsquare.net/ https://static.ads-twitter.com/ *.newscred.com *.rezync.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.googletagmanager.com *.gartner.com https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' blob: data: http: https: *.ipredictive.com www.googletagmanager.com *.contentsquare.net https://cdn.optimizely.com; font-src 'self' *.gartner.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' *.siteimprove.com *.intentsify.io *.onetrust.com *.cookielaw.org *.qualified.com *.ads.linkedin.com https://logx.optimizely.com *.techtarget.com *.demandbase.com https://*.optimizely.com https://us-central1-adaptive-growth.cloudfunctions.net *.optimizely.com *.6sc.co *.adnxs.com cdn.linkedin.oribi.io *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com *.contentsquare.net; child-src blob: 'self' cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; media-src 'self' www.app5.unisys.com wwwdev-unisyscorp.msappproxy.net wwwqa-unisyscorp.msappproxy.net https://*.unisys.com; frame-src * csxd.unisys.com; frame-ancestors 'self' https://arcade.software; worker-src 'self' blob: data: 4 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 'self' data: blob:; 4 block-all-mixed-content; frame-ancestors 'self' https://payload.anker-in.com; upgrade-insecure-requests; 4 default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: app-ab56.marketo.com gs-cdn.optimonk.com cdn.jsdelivr.net d2c7xlmseob604.cloudfront.net *.impartner.live js.hs-scripts.com munchkin.marketo.net translate.google.com/translate_a/element.js web.bentley.com *.ads.linkedin.com *.ads-twitter.com *.amazonaws.com *.bentley.com *.bing.com *.brightcove.net *.byspotify.com www.clarity.ms *.cloudflare.com *.cloudfront.net *.company-target.com *.demandbase.com *.drift.com *.driftt.com *.doubleclick.net *.excentos.com *.facebook.net *.feedbackify.com *.flockler.com *.getsmartling.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.cn *.gstatic.com *.hsforms.net *.jotform.com *.marketo.com *.marketo.net *.mouseflow.com *.onetrust.com packages.prmcdn.io *.pagespeed-mod.com *.pingdom.net pixel.byspotify.com qvdt3feo.com *.recaptcha.net *.redditstatic.com static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js *.salesloft.com *.surveysparrow.com tags.srv.stackadapt.com *.tourial.com *.twitter.com *.userway.org *.zencdn.net 1.safecdn01.com accessibilityserver.org api.hubspot.com bat.bing.com/bat.js beacon-v2.helpscout.net/ bentleypocstg.wpengine.com blibok.com c.itaozi.cn cdn.cookielaw.org cdn.mathjax.org cdn.mouseflow.com click.easypower.com client.prod.mplat-ppcprotect.com connect.facebook.net conoret.com cookie-cdn.cookiepro.com d2c7xlmseob604.cloudfront.net fast.wistia.com form.jotform.com/static/feedback.js forms.hubspot.com gateway.on24.com images.uc.cn js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com mstat.acestream.net munchkin.marketo.net ob.segreencolumn.com pixel.byspotify.com players.brightcove.net relatedgamesnet-a.akamaihd.net scout-cdn.salesloft.com search.imtt.qq.com service.excentos.com snap.licdn.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com tag.demandbase.com tags.srv.stackadapt.com ucads-cdn.ucweb.com unpkg.com unpkg.zhimg.com vjs.zencdn.net w8o39.m70vee7.com *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com onsite.optimonk.com *.onsite.optimonk.com cdn-asset.optimonk.com; style-src 'self' 'report-sample' 'unsafe-inline' data: app-ab56.marketo.com *.bentley.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.easypower.com packages.prmcdn.io *.excentos.com s3.amazonaws.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.userway.org web.bentley.com; object-src 'self' *.brightcove.net; connect-src 'self' data: localhost: ad.doubleclick.net gjtrack.ucweb.com https: *.doubleclick.net *.hubspot.com adservice.google.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net forms.hubspot.com manifest.prod.boltdns.net stats.g.doubleclick.net wss://www.bentley.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: themes.googleusercontent.com https:; frame-ancestors 'self' *.bentley.com *.docebosaas.com/ bentleysystems.gcs-web.com/ bentleysystems-preview.gcs-web.com/; frame-src 7668309.hs-sites.com/ app-ab56.marketo.com www.facebook.com *.bentley.com *.brightcove.net *.core.windows.net *.doubleclick.net *.facebook.com *.flickr.com *.getsmartling.com *.google.com *.googletagmanager.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.jotform.com *.driftt.com *.menlosecurity.com *.on24.com *.onetrust.com outlook.office.com outlook.office365.com *.podbean.com *.recaptcha.net *.surveysparrow.com *.tourial.com *.twitter.com *.userway.org *.wpengine.com *.youtube.com *.zscalerthree.net 7rx80283.ibosscloud.com block.opendns.com blocked.freedom.to bpb.opendns.com cdn.cookielaw.org click.easypower.com div.show gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net leap13.github.io login.zscloud.net mozbar.moz.com *.statuspage.io remove.video s.company-target.com skytraf.xyz www.ciuvo.com zswpmanager.wip.mmc.com wp-rocket.me/ app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' blob: data: www.bentley.com https: t.co *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; manifest-src 'self' www.bentley.com; media-src 'self' blob: data: https:; report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7; worker-src 'self' blob:; 4 frame-ancestors 'self' https://c360.cricketwireless.com; 4 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://sdk.privacy-center.org https://api.privacy-center.org; 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net *.linkedin.com *.facebook.com munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com player.vimeo.com widget.trustpilot.com; img-src * data:; object-src 'none'; base-uri 'none'; 4 frame-ancestors 'self' https://www.facebook.com; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com https://www.gstatic.com https://www.google.com/recaptcha/ https://static.addtoany.com http://www.zyxel.com https://js.hubspot.com https://js.hscollectedforms.net https://report.cookie-script.com https://ind-widget.freshworks.com https://zyxel-support-help.freshchat.com https://server.fillout.com https://media.campaigner.com https://mpsnare.iesnare.com; style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com https://zyxel-support-help.freshchat.com https://ind-widget.freshworks.com https://media.campaigner.com https://mpsnare.iesnare.com; 4 default-src 'self' *.6sc.co *.acquia.com *.youtube.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.vimeo.com *.vwo.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anthology.com img.en25.com *.github.com *.recaptcha.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.siteimprove.net *.fontawesome.com *.vimeo.com *.vimeocdn.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com s3.amazonaws.com siteimproveanalytics.com prod.ally.ac bugcrowd.com assets.bugcrowdusercontent.com cdnjs.cloudflare.com cdn.jsdelivr.net *.cookielaw.org *.onetrust.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.twitter.com *.cloudflareinsights.com *.cloudflare.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com *.redditstatic.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.gstatic.com prod.ally.ac cdnjs.cloudflare.com; img-src 'self' * data: blob: *.siteimproveanalytics.io; media-src * data:; frame-ancestors 'self' *.blackboard.com *.ally.ac *.anthology.com; child-src 'self' * blob:; font-src 'self' *.fontawesome.com *.gstatic.com *.googleusercontent.com *.typekit.net data:; connect-src 'self' *.anthology.com *.adnxs.com *.vimeocdn.com *.6sense.com *.siteimprove.com *.siteimprove.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.fontawesome.com t.co *.facebook.com *.bizographics.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com prod.ally.ac *.cookielaw.org *.onetrust.com *.twitter.com *.visualwebsiteoptimizer.com *.vwo.com *.g2.com headless.lndo.site *.eloqua.com *.redditstatic.com *.reddit.com *.hubapi.com *.hscollectedforms.net *.googleadservices.com; 4 frame-ancestors 'self' https://*.group.gca https://*.credit-agricole.fr https://*.banque-chalus.fr 4 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.solutenetwork.com https://analytics.google.com https://analytics.tiktok.com https://balancechecks.tx-gate.com https://cloud.mail.lidl.de https://dmp.theadex.com https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://tracking.s24.com https://utiqcontent.com https://www.google-analytics.com https://www.lacmp.net https://www.moebel.de https://*.tailortool.de https://utiq.mno.link https://mobile-token.telekom.de https://tmi.vodafone.de https://o2de.mno.link data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com intent: https://*.adyen.com https://*.bizrate.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.ftrace.com https://*.lidl-info.com https://*.mynetfair.com https://*.paypal.com https://*.sit.az.odj.cloud https://*.sit.sys.odj.cloud https://*.vrxs.de https://api.theadex.com https://ar.lidl.com https://balancechecks.tx-gate.com https://facebook.com https://h.online-metrix.net https://lidl-giftcard.eu https://review.apps.01.cf.eu01.stackit.cloud https://www.edge-cdn.net https://www.lidl-gewinnspiel.de https://www.lidl-giftcard.eu https://utiq.mno.link; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz moz-extension: https://*.adition.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.bizrate.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.pubmatic.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.solutenetwork.com https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://analytics.tiktok.com https://balancechecks.tx-gate.com https://contextual.media.net https://dmp.theadex.com https://facebook.com https://h.online-metrix.net https://lh3.googleusercontent.com https://match.adsrvr.org https://match.sharethrough.com https://pubsaf.global.ssl.fastly.net https://prodeastusmappscreative.azureedge.net https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://utiqcontent.com https://www.econda-monitor.de https://www.google-analytics.com https://www.ladenzeile.de https://www.lead-alliance.net https://*.tailortool.de data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com https://*.lidl-info.com https://*.online-metrix.net https://facebook.com https://h.online-metrix.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' https://*.8select.io https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.semtrack.de https://*.simplesurance.de https://adservice.google.de https://ajax.googleapis.com https://analytics.tiktok.com https://api.theadex.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://cloud.mail.lidl.de https://cm.g.doubleclick.net https://code.etracker.com https://dmp.theadex.com https://dsp.adfarm1.adition.com https://facebook.com https://h.online-metrix.net https://s.ytimg.com https://tracking.s24.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.lacmp.net https://www.ladenzeile.de https://www.moebel.de https://*.tailortool.de https://frontend.prod.utiq-aws.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com https://*.sit.az.odj.cloud; 4 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4 connect-src * data: 4 frame-ancestors *.motor1.com 4 frame-ancestors 'self' *.ampproject.org *.zdbb.net 4 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net https://challenges.cloudflare.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com https://challenges.cloudflare.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4 font-src 'self' https://tls.freenet.de https://use.typekit.net https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 4 default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.streamlock.net/ https://*.ingest.sentry.io https://*.zeturf.com https://*.zeturf.be https://maps.googleapis.com https://zz.connextra.com https://*.clarity.ms https://*.bing.com https://www.facebook.com https://*.zdassets.com https://*.zendesk.com wss://*.zendesk.com https://privacy.trustcommander.net https://privacy.commander1.com/ https://collect.commander1.com/ https://*.xiti.com/ https://*.snapchat.com https://analytics.twitter.com; frame-src 'self' https://consentcdn.cookiebot.com/ https://vision.prod.thebetmakers.com/ https://api-vcs-awstbmtst002.mugbookie.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.facebook.com https://*.zendesk.com https://*.snapchat.com; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleusercontent.com data: blob: https://*.zeturf.com https://*.zeturf.be https://*.ytimg.com https://zz.connextra.com https://*.adnxs.com https://*.bidr.io https://www.facebook.com https://connect.facebook.net https://*.cookiebot.com https://*.clarity.ms https://*.bing.com https://www.paypalobjects.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com https://manager.tagcommander.com/ https://*.snapchat.com https://analytics.twitter.com https://t.co; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://github.com https://*.zeturf.com https://*.zeturf.be https://*.snapchat.com; media-src 'self' https://*.streamlock.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net https://maps.googleapis.com https://*.cookiebot.com https://*.zeturf.com https://*.zeturf.be https://*.sentry-cdn.com https://connect.facebook.net https://static.ads-twitter.com https://zz.connextra.com https://*.clarity.ms https://*.zdassets.com https://*.zendesk.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://tag.aticdn.net https://ga.jspm.io/ https://sc-static.net/ https://*.snapchat.com blob: data:; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be https://*.snapchat.com 4 default-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://build.cloudbees.com;font-src 'self' https: data:;img-src 'self' https: data:;frame-ancestors 'self' https://*.contentful.com;object-src 'none';upgrade-insecure-requests 4 frame-ancestors 'self' https://www.carat.fiserv.com; 4 frame-ancestors 'self' https://frida.main.messefrankfurt.com/ *.messefrankfurt.com 4 frame-ancestors 'self' https://*.analog.com 4 frame-ancestors 'self' https://reown.sanity.studio https://*.walletconnect.com https://*.walletconnect.org https://*.reown.com https://widget.solflare.com/ 4 default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io *.rudderstack.com cdn.rudderlabs.com https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://feeds.businesswire.com https://csapi-nonprod.pg.com https://csapi.pg.com https://downloads.ctfassets.net https://cdn.segment.com https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.rudderstack.com cdn.rudderlabs.com *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://pgn2020news.q4web.com https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://mms.businesswire.com/ https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 4 frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 4 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 4 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.acsbapp.com https://*.wistia.com http://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.litix.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com https://www.recaptcha.net *.doubleclick.net *.6sc.co *.zi-scripts.com *.zoominfo.com https://*.algolia.net https://www.googletagmanager.com; font-src 'self' https://*.wistia.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://fast.wistia.net https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com js.stripe.com www.googletagmanager.com https://ulsolutions.outgrow.us; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://fast.wistia.com https://fast.wistia.net https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com https://ulsolutions.outgrow.us *.kickfire.com *.6sc.co https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://live-vietnam-ul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.psapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: https://ulsolutions.outgrow.us *.adobedtm.com *.doubleclick.net *.kickfire.com *.6sc.co *.zi-scripts.com https://src.litix.io consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://js.stripe.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com https://ulsolutions.outgrow.us https://fast.wistia.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 4 frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/ https://*.pr.sls.schibsted.tech; upgrade-insecure-requests 4 default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' active24.cz *.active24.cz active24.com *.active24.com active24.eu *.active24.eu *.iubenda.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com bat.bing.com *.ads-twitter.com c.seznam.cz *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com; style-src 'self' 'report-sample' 'unsafe-inline' active24.cz *.active24.cz active24.eu *.active24.eu; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 active24.cz *.active24.cz active24.eu *.active24.eu *.iubenda.com googleapis.com *.googleapis.com *.google.com google.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com websupport.sk *.websupport.sk h.seznam.cz *.acsbapp.com *.motu-teamblue.services *.teamblue.services; font-src 'self' 'report-sample' 'unsafe-inline' data: active24.eu *.active24.eu gstatic.com *.gstatic.com; frame-ancestors 'self' *.active24.com; frame-src 'self' 'report-sample' blob: *.active24.cz ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com tracker.metricool.com gravatar.com *.gravatar.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.facebook.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net px.ads.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.motu-teamblue.services *.teamblue.services active24.cz *.active24.cz active24.eu *.active24.eu; manifest-src 'self'; media-src 'self'; worker-src 'self'; 4 frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com *.zinrelo.com wd-en.widget.custhelp.com script.mfilterit.net wafs.mfilterit.net 'unsafe-eval' apps.usw2.pure.cloud 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk www.schweizeraktien.net webapp-preprod.np.six-group.com webapp.api.six-group.com fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com *.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com; img-src https: data:; 4 default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: bat.bing-int.com www.googleadservices.com analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' google.com tsvc.bluebeam.com tsvc.bluebeam.com.au tsvc.bluebeam.se tsvc.bluebeam.co.uk tsvc.bluebeam-dev.com refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: attr.ml-api.io secure.adnxs.com s.ml-attr.com www.googleadservices.com obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' use.typekit.net p.typekit.net *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' blob: www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; 4 frame-ancestors 'self' *.trendemon.com *.rithum.com 4 frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com www.outpayce.com jobs.amadeus.com corporate.amadeus.com t3ch.amadeus.com digital-guidelines.internal.amadeus.com sales-playbook.internal.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com 4 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ https://app.contentful.com 4 frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 4 frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 4 frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 4 frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com *.loudcrowd.com *.lookaside.fbsbx.com 4 child-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.hotjar.com https://*.hsforms.com https://*.sitescout.com https://www.databank.com; connect-src 'self' https://*.akamaihd.net https://*.amazonaws.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.hs-sites.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.parsely.com https://*.salesloft.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://*.youtube.com https://bat.bing.com https://maps.googleapis.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com; font-src 'self' data: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.databank.com; frame-src 'self' https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com/ https://*.wordpress.com https://*.wp.com https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.cardlytics.com https://*.company-target.com https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.parsely.com https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.usbrowserspeed.co https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://storage.pardot.com https://www.databank.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.wistia.com/ https://www.databank.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.bing.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.optmnstr.com https://*.pardot.com https://*.parsely.com https://*.pixel.ad https://*.predictiveresponse.net https://*.remarketstats.com https://*.salesloft.com https://*.scriptintel.io https://*.twitter.com https://*.usbrowserspeed.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://connect.facebook.net https://ml314.com https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.clickcease.com https://www.databank.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wp.com https://tagmanager.google.com https://www.databank.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com 4 frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org provcustomerservicedev.crm.dynamics.com provcustomerserviceuat.crm.dynamics.com provcustomerservice.crm.dynamics.com ; 4 frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu oc-cdn-public-eur.azureedge.net; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu oc-cdn-public-eur.azureedge.net; report-uri https://www.gdatasoftware.com/__cspreporting__ 4 default-src 'none'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://www.dwin1.com https://cdn.signly.co/release/latest/ https://dam.santander.co.uk https://t.contentsquare.net https://app.contentsquare.com https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk; connect-src 'self' 'unsafe-inline' https://google.com https://www.google.com https://analytics-fe.digital-cloud-uk.medallia.eu https://signly.azurewebsites.net https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://*.contentsquare.net https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://*.contentsquare.net https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://cdn.signly.co/release/latest/ https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.signly.co/release/latest/ https://portal-benefits-calculator.turn2us.org.uk https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src https://british-sign-language-videos.signly.co https://signlymediaservice-ukso1.streaming.media.azure.net https://signlystorageaccount.blob.core.windows.net https://cdn.signly.co/images/ https://lpcdn.lpsnmedia.net; worker-src blob:; 4 report-uri https://sentry.eneba.com/api/6/security/?sentry_key=102de17feb49405fadcbb032c33331d1&sentry_release=1.3121.0; report-to csp-endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.nsureapi.com https://device.maxmind.com https://fpnpmcdn.net https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://eneba.atlassian.net https://static.eneba.games https://assets.eneba.games https://challenges.cloudflare.com https://mx.eneba.com https://*.criteo.net https://*.criteo.com https://mainf.global-cache.online https://widget.trustpilot.com https://apps.rokt.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://www.paypal.com https://c.paypal.com https://*.cardinalcommerce.com https://*.js.stripe.com https://js.stripe.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live.adyen.com https://cdn.safecharge.com https://pay.google.com https://static.dlocal.com https://ebanx-js.ebanx.com https://beacon.riskified.com https://i.k-analytix.com https://cdn.checkout.com https://applepay.cdn-apple.com https://js.tazapay.com; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hubspot.com/ cdn.jsdelivr.net *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.usemessages.com cdn.cookielaw.org t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hubspot.com td.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com www.googletagmanager.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: https://bat.bing.net/ do.oncdn.uk *.hsforms.com *.hubspot.com cdn.cookielaw.org *.contentsquare.net i.vimeocdn.com *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk googleads.g.doubleclick.net script.hotjar.com; font-src data: 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local gb1-li-thghostinguat-001.io.thehut.local *.gb1-li-thghostinguat-001.io.thehut.local gb4-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local ingenuitycloudservices.com *.ingenuitycloudservices.com *.hubspot.com *.hscollectedforms.net cdn.cookielaw.org track.gaconnector.com www.google.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 4 frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:* https://*.dev-innovation.com:* https://*.derwentinnovation.com:* http://*.globalq.com:* https://*.globalq.com:* http://*.globalqinc.com:* https://*.globalqinc.com:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms allow-modals 4 frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' home.integrate.com *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com launcher.1mind.com; connect-src 'self' data: https: http: wss://ws.qualified.com; frame-src 'self' data: https: http:; img-src 'self' data: https: http:; 4 frame-ancestors 'self' https://*.ensineme.com.br https://*.estacio.br https://*.yduqs.com.br https://*.wyden.com.br https://*.ibmec.br https://*.idomed.com.br https://*.damasio.com.br 4 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 4 default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 4 frame-ancestors 'self' https://*.procaresoftware.com; 4 upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.facebook.net *.googleapis.com *.googletagmanager.com *.bing.com *.virtualearth.net www.cdn.botfriendsx.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com www.cdn.botfriendsx.com api.eu-1.smooch.io blob:; font-src 'self' www.cdn.botfriendsx.com data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.facebook.net *.linkedin.com *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io www.cdn.botfriendsx.com *.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 4 frame-ancestors 'self' https://*.breuninger.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://bat.bing-int.com https://kit.fontawesome.com players.brightcove.net vjs.zencdn.net https://www.buzzsprout.com https://static.zohocdn.com https://sdk.ceros.com https://labs.ceros.com https://trk.techtarget.com https://connect.facebook.net https://creative-services.ceros.com https://www.googleadservices.com https://connect.facebook.net https://eloquatracking.iqvia.com https://script.hotjar.com https://img03.en25.com https://static.hotjar.com https://snap.licdn.com https://edge.fullstory.com https://www.clickcease.com https://cdn.pagesense.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://kit.fontawesome.com https://players.brightcove.net https://ajax.googleapis.com https://static.cloud.coveo.com https://tag.demandbase.com https://cookie-cdn.cookiepro.com https://www.google.com https://www.gstatic.com https://view.ceros.com; img-src 'self' blob: data: https://bat.bing.com https://s.gravatar.com https://www.google.pl https://www.linkedin.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com https://i.ibb.co https://ad.doubleclick.net https://www.google.co.in https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://attr.ml-api.io https://secure.adnxs.com https://www.google-analytics.com https://www.facebook.com https://attr.ml-api.ios https://secure.adnxs.com https://s.ml-attr.com https://eloquatracking.iqvia.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://id.rlcdn.com https://cookie-cdn.cookiepro.com https://www.iqvia.com https://*.wp.com/cdn.auth0.com https://px.ads.linkedin.com https://segments.company-target.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com players.brightcove.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://bat.bing.com https://bat.bing-int.com https://region1.analytics.google.com *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com https://region1.google-analytics.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://analytics.google.com https://ibc-flow.techtarget.com https://vc.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://pagesense-collect.zoho.com https://edge.fullstory.com https://rs.fullstory.com https://www.google-analytics.com https://td.doubleclick.net https://www.google.com https://bcbolt446c5271-a.akamaihd.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://ka-f.fontawesome.com https://edge.api.brightcove.com https://cookie-cdn.cookiepro.com https://api.company-target.com https://pagead2.googlesyndication.com; font-src 'self' 'unsafe-inline' https://kit.fontawesome.com players.brightcove.net https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://ka-f.fontawesome.com data:; worker-src 'self' 'unsafe-inline' blob:; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' players.brightcove.net https://www.buzzsprout.com https://view.ceros.com https://11057559.fls.doubleclick.net https://www.facebook.com https://td.doubleclick.net https://s.company-target.com https://www.google.com https://view.ceros.com https://www.googletagmanager.com; upgrade-insecure-requests; 4 frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 4 frame-ancestors 'self' *.bny.com; 4 frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4 default-src 'self'; style-src https://*.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://ams.wpml.org; frame-ancestors 'self' https://partner.hornetsecurity.com; img-src 'self' data: https://bat.bing.com https://bat.bing.net https://*.reddit.com https://*.g.doubleclick.net https://www.google.nl https://www.google.ca https://www.google.com https://logo.clearbit.com https://www.google.de https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://cdn-public.borlabs.io https://*.ytimg.com https://track.hubspot.com https://forms-eu1.hsforms.com; media-src 'self' https://cdn-public.borlabs.io; frame-src 'self' blob: https://*.doubleclick.net https://*.livechatinc.com https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://www.youtube.com https://*.hsforms.net https://youtube.de https://*.frcapi.com; connect-src 'self' https://tracking-api.g2.com https://trk.hornetsecurity.com https://google.com/pagead/ https://api.hsforms.com https://*.hscollectedforms.net https://*.hubapi.com https://bat.bing.net https://bat.bing.com https://www.redditstatic.com https://*.reddit.com https://analytics.google.com https://www.google.com www.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://www.facebook.com https://*.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://yoast.com https://my.yoast.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu https://ams.wpml.org https://*.sendmarc.com; script-src-elem 'self' data: 'unsafe-inline' https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsforms.net https://*.hs-analytics.net https://*.hsforms.com https://*.hs-banner.com https://tracking-api.g2.com https://trk.hornetsecurity.com https://bat.bing.com https://*.googlesyndication.com https://www.redditstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.livechatinc.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://ams.wpml.org https://yoast.com https://snap.licdn.com https://*.sendmarc.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; font-src https://*.gstatic.com https://cdnjs.cloudflare.com 'self' data: ; worker-src 'self' blob: ; 4 frame-ancestors 'self' commander.weatherops.com 4 frame-ancestors depositfiles.com *.depositfiles.com depositfiles.org *.depositfiles.org dfiles.eu *.dfiles.eu dfiles.com *.dfiles.com 4 default-src 'self' *.bim.com.tr *.bim.ma *.bim.eg *.bimcell.com.tr *.file.com.tr *.google.com *.google.com.tr *.cloudflare.com *.gstatic.com *.doubleclick.net *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.jquery.com *.facebook.net *.youtube.com *.youtube-nocookie.com *.hr-link.net hr-link.net 'unsafe-inline' 'unsafe-eval' data:; 4 font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io *.googleapis.com;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 4 frame-ancestors 'self' *.paessler.com 4 default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors https://secure.quia.com https://secure.quia.backboneintegration.ixl.dev:9301 https://secure.quia.alpha.ixl.dev:9301 https://secure.quia.rsmarketingbuypage.ixl.dev:9301 https://www.quia.cap:12301 https://www.quia.cap:65201 https://www.quia.n:22401 https://secure.quia.rsgd-6022.ixl.dev:9301 ; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.bing.com https://www.linkedin.com https://*.mktoutil.com https://*.clickcease.com https://*.jquery.com https://www.gartner.com https://*.litix.io https://*.reddit.com https://*.firstup.io https://www.google-analytics.com https://nitroscripts.com https://*.google-analytics.com https://*.licdn.com https://www.clickcease.com https://clickcease.com https://*.wistia.net https://*.googlesyndication.com https://heapanalytics.com https://*.nitrocdn.com https://*.hockeystack.com https://*.ads.linkedin.com https://heapanalytics.com wss://*.hotjar.com https://*.youtube.com https://*.cloud.adobe.io https://*.default.com https://*.adoberesources.net https://*.hotjar.io https://*.storylane.io https://www.redditstatic.com https://*.cloudflare.com https://*.sentry-cdn.com https://*.bizible.com https://*.heapanalytics.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.cookiebot.com https://*.wistia.com https://*.doubleclick.net https://*.6sc.co https://*.zi-scripts.com https://*.marketo.net https://*.nitroscripts.com https://*.pardot.com https://*.mountain.com https://*.hotjar.com https://*.g2crowd.com https://*.googletagmanager.com https://*.mktoresp.com https://*.getnitropack.com https://*.g2.com https://*.zoominfo.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.bizibly.com https://www.facebook.com https://p.typekit.net https://use.typekit.net https://cdn.fontshare.com https://placehold.co https://www.googleadservices.com https://js.zi-scripts.com https://munchkin.marketo.net https://dx.mountain.com https://secure.gravatar.com https://widget.usersnap.com https://resources.usersnap.com https://js.stripe.com https://maps.googleapis.com https://library.elementor.com https://firstup.io https://yoast.com https://d3rxaij56vjege.cloudfront.net https://player.simplecast.com https://static.userguiding.com https://s.w.org https://www.redditstatic.com https://td.doubleclick.net.x.92211b520cc4a047d009342036621b8266e2.d0452016.id.opendns.com https://block.opendns.com https://stats.g.doubleclick.net https://td.doubleclick.net.x.ad1472150db1e0428a08d450764ba7151758.d04520bd.id.opendns.com https://static.hotjar.com https://bat.bing.com https://cdn.bizible.com https://cdn.heapanalytics.com https://alb.reddit.com https://widget.intercom.io https://w.soundcloud.com https://i.ytimg.com https://connect.facebook.net https://pixel-config.reddit.com https://nitroscripts.com moz-extension: https://googleads.g.doubleclick.net https://firstupstage.wpengine.com https://pro.fontawesome.com https://cdn.scite.ai https://infird.com https://*.googleusercontent.com https://www.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://qvdt3feo.com/ https://tags.srv.stackadapt.com; object-src 'none'; connect-src https: wss:; base-uri 'self'; report-uri https://o4509193025683456.ingest.us.sentry.io/api/4509193026732032/security/?sentry_key=734b8ab53e0825f7bce70d3fc8d92599; worker-src blob:; 4 default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https:;https://*.liveperson.net;https://cdn.lpsnmedia.net 4 object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 4 frame-ancestors https://tongji.baidu.com 4 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors https://*.postbank.de 4 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 4 default-src https:; style-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'none'; base-uri 'self'; form-action * 4 default-src https: 'unsafe-inline' 4 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud https://js.partnerstack.com https://cdn.jsdelivr.net https://js-na1.hs-scripts.com https://rechargeapps.chilipiper.com/concierge-js/cjs/concierge.js https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://www.redditstatic.com; 4 frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 4 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://*.addsearch.com https://*.searchcdn.com https://d20vwa69zln1wj.cloudfront.net https://www.google-analytics.com https://www.googleanalytics.com https://*.outbrain.com https://snap.licdn.com https://assets.apollo.io https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com https://*.omappapi.com https://widget.manychat.com https://app.calculatorstudio.co https://cdn.userway.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.addsearch.com https://*.searchcdn.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.omappapi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.userway.org; img-src 'self' https: data: blob:; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://aplo-evnt.com https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://api.hubapi.com https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://*.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.omappapi.com https://app.vwo.com https://api.userway.org https://cdn.userway.org https://*.api.userway.org; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org; frame-ancestors 'self' https://www.google.com https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://*.outbrain.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://app.calculatorstudio.co https://cdn.userway.org 4 frame-ancestors 'self' https://www.facebook.com/ 4 connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 4 upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com adsdk.microsoft.com *.safeframe.googlesyndication.com *.grupo.reforma.com; 4 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io *.binkies3d.com https://app.insites.com https://app.prospect.silktide.com https://cdn.clinch.co https://cookies-data.onetrust.io https://eur01.safelinks.protection.outlook.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://widget.euw1.chat.pega.digital sc-static.net https://binkiesproductionweu.servicebus.windows.net https://binkiescontentnode.blob.core.windows.net https://binkiesteaserstorage.blob.core.windows.net https://online.publuu.com *.bing.com bytedance.com sslocal.com analytics.tiktok.com;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com https://binkiescontentnode.blob.core.windows.net https://binkiesdevnode.blob.core.windows.net *.tiktok.com; 4 frame-ancestors 'self' https://builder.io; 4 default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 4 frame-ancestors 'self' https://*.paperflite.com 4 frame-ancestors 'self' https://*.easyname.com https://*.easyname.at; 4 frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://static.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://recaptcha.net https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com platform.careemapis.com https://stats.g.doubleclick.net https://jnn-pa.googleapis.com https://play.google.com https://*.googlevideo.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com https://www.google-analytics.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com recaptcha.net https://www.youtube.com; img-src 'self' data: https://careem-catalog-media.imgix.net https://yt3.ggpht.com https://i.ytimg.com https://www.gstatic.com https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' blob: https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src https://recaptcha.net; form-action 'self' 4 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 4 default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 4 frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 4 frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net homeiswherethemanais.webflow.io holidayhouse.teremana.com 4 default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: beta.career.io *.beta.career.io career.io *.career.io careercenter.intent-usa.com *.careercenter.intent-usa.com careerio.careerminds.com *.careerio.careerminds.com careerio.topresume.com *.careerio.topresume.com cv.dk *.cv.dk cvapp.ar *.cvapp.ar cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl cvapp.cz *.cvapp.cz cvapp.de *.cvapp.de cvapp.es *.cvapp.es cvapp.fi *.cvapp.fi cvapp.fr *.cvapp.fr cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu cvapp.ie *.cvapp.ie cvapp.it *.cvapp.it cvapp.mx *.cvapp.mx cvapp.no *.cvapp.no cvapp.nz *.cvapp.nz cvapp.ro *.cvapp.ro cvapp.rs *.cvapp.rs cvapp.vn *.cvapp.vn cveasy.pl *.cveasy.pl cvkungen.se *.cvkungen.se cvster.nl *.cvster.nl lebenslaufapp.at *.lebenslaufapp.at lebenslaufapp.ch *.lebenslaufapp.ch onlinecurriculo.com.br *.onlinecurriculo.com.br onlinecurriculo.pt *.onlinecurriculo.pt resume-test.io *.resume-test.io resume.io *.resume.io resume.io *.resume.io resumeapp.co.kr *.resumeapp.co.kr rirekisho.jp *.rirekisho.jp widget.resume.io *.widget.resume.io; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 4 frame-ancestors 'self' https://*.boditrax.com/ *.puregym.com/; 4 frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.npodoc.nl *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 4 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry-cdn.com *.callrail.com *.calltrk.com fast.wistia.com googleads.g.doubleclick.net *.marketo.net *.nitroscripts.com nitroscripts.com *.linkedin.com *.licdn.com *.ads-twitter.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.youtube.com *.wellsky.com *.osano.com; 4 frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com farapulse.stage.apps.bsci.com eligibility.farapulse.com www.relievant.com www.intracept.com relievantstage.wpengine.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 4 default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://*.influ2.com https://1752680588.rsc.cdn77.org https://adservice.google.com https://analytics.google.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://app.continual.ly/ https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://content.hotjar.io https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://wss-pr.continual.ly:6001 https://www.google.com.et https://www.google.com.pr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://view.ceros.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://ib.adnxs.com https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.twitter.com *.xactware.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://*.influ2.com https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://view.ceros.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://isoi04aap05vc2prod.azurewebsites.net/stott.security.optimizely/api/cspreporting/reporturiviolation/; 4 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; connect-src 'self' blob: https: wss://collection.decibelinsight.net/ ; media-src 'self' blob: https: ; font-src 'self' data: https: ; frame-src 'self' tel: https: ; 4 default-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://*.ttwstatic.com/ https://cdn.jsdelivr.net https://cdn.sendpulse.com https://www.google.com/recaptcha 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net data: https://www.googletagmanager.com 4 object-src 'none'; frame-ancestors https://*.neoed.ca https://*.neoed.com https://*.neoed.net https://*.neogov.com https://*.neogov.net https://*.planitpolice.com https://*.powerdms.com https://*.powerdms.net; upgrade-insecure-requests; 4 connect-src * ; default-src 'self' *.gs.com:* *.cft.gs:* data: blob: ; frame-ancestors 'self' *.gs.com:* *.cft.gs:* ; img-src 'self' *.gs.com:* *.cft.gs:* https://images.ctfassets.net 'unsafe-inline' https://consent.trustarc.com data: blob: ; font-src https://consent.trustarc.com 'self' *.gs.com:* *.cft.gs:* data: ; script-src 'self' *.gs.com:* *.cft.gs:* ; worker-src 'self' *.gs.com:* *.cft.gs:* blob: data: ; style-src 'self' 'unsafe-inline' *.gs.com:* *.cft.gs:* ; media-src 'self' *.gs.com:* *.cft.gs:* data: blob: https://media-gsam.akamaized.net/ ; frame-src 'self' *.gs.com:* *.cft.gs:* *.gsam.com:* https://consent-pref.trustarc.com/ https://na-ab44.marketo.com/ https://*.jiji.com https://tools.euroland.com https://tools.eurolandir.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://na-ab44.marketo.com https://unpkg.com https://gateway.zscalerthree.net https://ds-aksb-a.akamaihd.net https://s.go-mpulse.net ; style-src-elem 'self' 'unsafe-inline' https://na-ab44.marketo.com https://unpkg.com https://login.idfs.gs.com https://cdn.gs.com 4 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 4 default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.beamery.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com *.sprinklr.com d2hrivdxn8ekm8.cloudfront.net telemetry.vaultdcr.com; img-src * data: blob: ; connect-src *; frame-src *; media-src 'self' *.sprinklr.com blob:; font-src 'self' fonts.bridgestoneresources.com data: 4 default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com static.cloudflareinsights.com ajax.cloudflare.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4 frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 4 frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 4 default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://is.stock3.com https://data.boerse-go.de https://api.stock3.com https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: *.googleusercontent.com http://localhost:* ws://localhost:*; font-src 'self' https://fonts.gstatic.com 4 worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com https://gateway.zscloud.net https://*.usw2.pure.cloud https://*.nr-data.net https://*.newrelic.com https://*.computershare.com https://*.mypurecloud.com;connect-src https://www.googletagmanager.com https://www.google-analytics.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io https://siteintercept.qualtrics.com https://rules.quantcount.com https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com https://content-images.computershare.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud https://www.google.com https://*.mypurecloud.com wss://*.mypurecloud.com ;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://insight.adsrvr.org https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com https://gateway.zscloud.net https://*.usw2.pure.cloud ;frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://www.canva.com https://*.crazyegg.com https://www.youtube-nocookie.com https://gateway.zscloud.net https://*.computershare.com https://*.usw2.pure.cloud https://www.googletagmanager.com https://*.doubleclick.net https://*.mypurecloud.com; 4 script-src 'self' kakao.com *.kakao.com t1.daumcdn.net *t1.daumcdn.net addtoany.com *.addtoany.com capitaland.my.site.com ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com *.thehotelsnetwork.com thehotelsnetwork.com *.stackla.com stackla.com *.accesstrade.ne.jp accesstrade.ne.jp *.clarity.ms clarity.ms *.taboola.com taboola.com *.hybridtheory.com hybridtheory.com *.go.affec.tv go.affec.tv *.accesstrade.co.id accesstrade.co.id *.sojern.com sojern.com *.consent-pref.trustarc.com consent-pref.trustarc.com *.ailab.criteo.com ailab.criteo.com *.criteo.com criteo.com *.p.relay-t.io p.relay-t.io *.policies.google.com policies.google.com *.privacy.yahoo.co.jp privacy.yahoo.co.jp *.googleadservices.com googleadservices.com *.s.yimg.jp s.yimg.jp *.numberly.com numberly.com *.xandr.com xandr.com *.pinterest.com pinterest.com *.ir.baidu.com ir.baidu.com *.hm.baidu.com hm.baidu.com *.js.adsrvr.org js.adsrvr.org *.insight.adsrvr.org insight.adsrvr.org *.adsrvr.org adsrvr.org *.tawk.to tawk.to *.embed.tawk.to embed.tawk.to *.instagram.com instagram.com *.relay-t.io relay-t.io *.secure-relay.com secure-relay.com *.antvoice.com antvoice.com *.avads.net avads.net *.appsflyer.com appsflyer.com assets.adobedtm.com *.adobe.com adobe.com *.adobedc.net * ads.zalo.me ads.zalo.me * s.zzcdn.me s.zzcdn.me *bing.com bing.com *adroll.com adroll.com wcs.naver.net *.naver.net policy.naver.com *.naver.com doubleclick.net *.doubleclick.net google.com *.google.com business.safety.google 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; 4 frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 4 default-src 'self' *.crazyegg.com *.survale.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://static.survale.com/ext/survey.js https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.clarity.ms/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ https://play.vidyard.com/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/ *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://app.survale.com/v0/site-settings/1713989634000 https://play.vidyard.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.clarity.ms/collect *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://px.ads.linkedin.com https://analytics.google.com/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.clarity.ms/ *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://static.survale.com/survale-logo-black.png https://static.survale.com/ext/assets/graphics/outlines/drop-shadow.png https://static.survale.com/ext/assets/graphics/zoomout.cur https://static.survale.com/ext/assets/graphics/loader.white.gif https://static.survale.com/ext/assets/feedback-buttons/feedback-button-red.png https://static.survale.com/image-uploads/ *.survale.com https://play.vidyard.com/ https://cdn.vidyard.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/ https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/ https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://static.survale.com/ext/assets/survale.min.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 4 frame-ancestors 'self' https://*.osp.tech 4 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://tv4play.humany.net/ https://apps.mypurecloud.com/ https://chat.kindlycdn.com/ https://cdn.braze.eu https://use.fontawesome.com;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 4 object-src 'none'; base-uri 'self'; frame-ancestors 'self' 4 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.cookielaw.org *.cdntwrk.com *.wistia.com *.wistia.net *.q2.com *.sentry-cdn.com *.clarity.ms *.google.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com *.hsappstatic.com *.hsappstatic.net *.hubspot.net *.hs-banner.com *.hsadspixel.com *.hsadspixel.net *.hs-analytics.com *.hs-analytics.net *.licdn.com *.marketo.net *.marketo.com *.zoominfo.com *.bizible.com *.6sc.co *.qualified.com *.segment.com *.bugcrowd.com *.bugcrowdusercontent.com bugcrowd.com *.jsdeliver.net *.jsdelivr.net *.cloudflare.com *.doubleclick.net *.youtube.com *.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; style-src 'self' *.q2.com 'report-sample' 'unsafe-inline' *.cdntwrk.com *.googleapis.com *.hsappstatic.net *.hubspot.net *.jsdeliver.net *.jsdelivr.net *.marketo.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.pathfactory.com *.googletagmanager.com *.zuddl.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com *.hubspotusercontent-na1.net *.google.com *.hubspot.com *.hs-banner.com *.onetrust.com *.cookielaw.org *.wistia.com *.embed-cloudfront.wistia.com *.wistia.com *.6sc.co *.6sense.com *.qualified.com wss://*.qualified.com *.segment.com *.segment.io *.linkedin.com *.google-analytics.com *.clarity.ms *.hubapi.com *.doubleclick.com https://stats.g.doubleclick.net *.zoominfo.com *.adnxs.com *.litix.io *.marketo.com *.doubleclick.net *.youtube.com *.pathfactory.com *.zuddl.com api.prod.zuddl.com; font-src 'self' data: *.gstatic.com *.cdntwrk.com *.wistia.com 7044196.fs1.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; frame-src 'self' *.q2.com *.qualified.com *.doubleclick.net *.wistia.net *.gstatic.com *.google.com *.googletagmanager.com *.bugcrowd.com bugcrowd.com *.hubspotvideo.com *.marketo.com *.youtube.com *.pathfactory.com *.uberflip.com *.zuddl.com; img-src 'self' *.q2.com data: *.hubspotusercontent-na1.net *.hsappstatic.net *.6sc.co *.cdntwrk.com *.cookielaw.org *.wistia.com *.hsforms.com *.linkedin.com *.hubspot.com *.hubspot.net *.bizible.com *.cloudinary.com *.clarity.ms *.bing.com *.googletagmanager.com *.placeholder.com *.marketo.com googleads.g.doubleclick.net *.doubleclick.net *.google.com *.doubleclick.net *.youtube.com *.hubspotusercontent40.net *.pathfactory.com *.bizibly.com *.gstatic.com *.zuddl.com *.imgix.net; manifest-src 'self'; media-src 'self' *.q2.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net 7044196.fs1.hubspotusercontent-eu1.net 7044196.fs2.hubspotusercontent-eu1.net *.marketo.com blob: *.doubleclick.net *.youtube.com *.pathfactory.com; form-action 'self' *.marketo.com *.mktoweb.com *.zuddl.com; frame-ancestors 'self' *.q2.com *.pathfactory.com *.lookbookhq.com; report-to https://343747560e392f7a31ae9a0247c09302.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 4 frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action shop.justlanded.com *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 4 font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 4 default-src 'self'; img-src 'self' merchant-shop.gr *.cloud.adobe.io *.merchant-shop.gr *.mypurecloud.de *.worldline.madebypi.dev *.usercentrics.eu pages.worldline.com *.reddit.com wss://*.caas4prd.worldline-solutions.com *.bing.com *.seadform.net *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net cdn.cookielaw.org www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.usercentrics.eu *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com cdn.cookielaw.org snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com cdn.cookielaw.org files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' *.worldline.com wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' data: blob: *.mypurecloud.com *.mypurecloud.de wss://webmessaging.mypurecloud.de web-worldline-chatbot-api.azurewebsites.net cdn.jsdelivr.net *.worldline.madebypi.dev *.bc0a.com ws.zoominfo.com js.zi-scripts.com *.usercentrics.eu *.reddit.com *.redditstatic.com wss://*.caas4prd.worldline-solutions.com *.friendlycaptcha.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net cdn.cookielaw.org privacyportal-eu.onetrust.com *.cloud.adobe.io *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com geolocation.onetrust.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net cookies-data.onetrust.io vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' *.mypurecloud.de https://vimeo.com/ *.worldline.madebypi.dev *.adform.net *.usercentrics.eu *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; child-src blob:; frame-ancestors 'self' *.adobe.com https://frontend-v2.ocularium.be; 4 connect-src 'self' https://analytics-framework-service.eks.staging.ethos-int.com https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://browser-intake-datadoghq.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.ethos.com wss://*.ethos.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://*.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://hooks.torq.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://gum.criteo.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.userway.org blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://*.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://*.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://websitevisitorleads.com https://*.pinterest.com https://*.ethos.com https://dynamic.criteo.com; object-src 'self'; frame-src 'self' https://www.googletagmanager.com https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://app.storylane.io https://js.storylane.io https://cloudinary.com/ https://console.cloudinary.com/ https://*.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com https://*.userway.org; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://*.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://*.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 4 script-src 'unsafe-inline' 'unsafe-eval' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com *.go-mpulse.net; frame-ancestors 'self' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com *.go-mpulse.net; 4 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.clevernt.com *.cleverwebserver.com 4 upgrade-insecure-requests; default-src 'self' https://*.canadalife.com; connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://*.tt.omtrdc.net https://analytics.google.com https://ct.pinterest.com https://*.force.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.gwl.bz https://*.mouseflow.com https://edge.adobedc.net https://analytics.tiktok.com https://*.onetrust.com https://cdn.cookielaw.org https://cookies-data.onetrust.io https://pagead2.googlesyndication.com https://www.tickertech.com https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com https://*.ads.linkedin.com; script-src 'self' 'unsafe-eval'; script-src-attr 'unsafe-hashes' 'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4=' 'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ='; script-src-elem 'self' 'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk=' 'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM=' 'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec=' 'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY=' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' 'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340=' 'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA=' 'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ=' 'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA=' 'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM=' 'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg=' 'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA=' 'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0=' 'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg=' 'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY=' 'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM=' 'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc=' 'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg=' 'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI=' 'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4=' 'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU=' 'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ=' 'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4=' 'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg=' 'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM=' 'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ=' 'sha256-UslN52emMX/WzG5xOZW4SSmhTC38p8AM6nfHugezhSI=' https://*.canadalife.com https://*.gwl.bz https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://*.fls.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net https://s.pinimg.com/ct/ https://ct.pinterest.com https://googleads.g.doubleclick.net https://bat.bing.com/bat.js https://bat.bing.com/p/action/11042675.js https://bat.bing.com/p/insights/t/11042675 https://www.googleadservices.com https://analytics.google.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.mouseflow.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://www.redditstatic.com/ads/pixel.js https://analytics.tiktok.com https://cdn.cookielaw.org https://embed.myadvocado.com https://canada-life.gitlab.io https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com; style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.gwl.bz https://*.vidyard.com https://*.qualtrics.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com; img-src 'self' data: https://*.canadalife.com https://*.gwl.bz https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://*.fls.doubleclick.net https://maps.googleapis.com https://*.ads.linkedin.com https://www.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://analytics.twitter.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/ https://www.google.com/ads/ https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.ca/pagead/ https://www.googletagmanager.com https://t.co https://s.pinimg.com/ct/ https://ct.pinterest.com https://bat.bing.com https://*.force.com https://*.salesforce-sites.com https://ca-gmtdmp.mookie1.com https://cdn.cookielaw.org https://alb.reddit.com https://www.redditstatic.com; font-src 'self' data: https://*.canadalife.com https://*.gwl.bz https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com; frame-src 'self' https://play.vidyard.com https://*.gwl.bz https://*.qualtrics.com https://www.youtube.com https://www.pinterest.com https://gwl.demdex.net https://*.force.com https://www.google.com https://td.doubleclick.net https://ct.pinterest.com https://embed.myadvocado.com; child-src https://*.canadalife.com https://*.gwl.bz https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net; object-src 'none'; base-uri 'none'; 4 default-src *; font-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://acsbapp.com https://*.googlesyndication.com https://*.marker.io https://*.hsforms.net https://*.cookielaw.org https://*.usefathom.com https://*.techtarget.com https://*.chilipiper.com https://*.googletagmanager.com https://*.revenuehero.io https://*.wistia.com https://*.wistia.net https://*.mend.io https://*.insent.ai https://*.gstatic.com https://*.sentry-cdn.com https://*.clearbit.com https://*.mktoweb.com https://*.marketo.com https://*.6sc.co https://*.licdn.com https://*.google-analytics.com https://*.redditstatic.com https://*.outbrain.com https://*.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.driftt.com https://*.zoominfo.com https://*.ubembed.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.marketo.net https://*.zi-scripts.com https://js.zi-scripts.com https://tags.clickagy.com https://dytzfsedsvijt.cloudfront.net https://*.trendemon.com https://*.teamme.io https://*.teamme.link https://*.navattic.com https://*.doubleclick.net https://*.comeet.co https://*.google.com https://*.googleapis.com https://*.google.pt https://*.google.co https://*.google.com.br https://*.googleadservices.com https://*.jquery.com https://*.madkudu.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.hotjar.com https://*.omappapi.com https://*.adroll.com https://*.token.awswaf.com https://*.airfleet.co https://hackerone.com https://*.beyondwords.io; style-src * 'unsafe-inline'; frame-ancestors 'none'; frame-src *; img-src * data: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; connect-src *; media-src * blob:; 4 img-src * data:; 4 default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src 'self' https://cdn.devicevalidation.io https://cs.deviceatlas-cdn.com blob: 4 default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; report-to endpoint-1 4 upgrade-insecure-requests; default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://cdn-app.pathfactory.com/ https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://cdn.shortpixel.ai https://app.vwo.com https://s.pointerpro.com https://snap.licdn.com https://*.ibm.com https://*.s81c.com https://tags.tiqcdn.com https://cdn.segment.com https://consent.trustarc.com https://scripts.demandbase.com https://*.tealiumiq.com https://cdn.metadata.io/site-script.js https://my.g2.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.shortpixel.ai https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://app.cdn.lookbookhq.com https://app.vwo.com https://cdn-app.pathfactory.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com https://tag-logger.demandbase.com https://px.ads.linkedin.com https://platformapi.metadata.io https://my.g2.com https://www.g2.com https://*.ibm.com https://*.tealiumiq.com https://*.segment.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://cdn.shortpixel.ai https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://*.gartner.com https://tag-logger.demandbase.com https://1.www.s81c.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net https://app.vwo.com https://s.pointerpro.com https://s.company-target.com https://apptio.jifflenow.com https://reprint.forrester.com https://www.figma.com https://www.g2.com https://www.googletagmanager.com/; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com https://media.trustradius.com https://*.s81c.com https://images.g2crowd.com https://www.g2.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com https://episodes.castos.com; worker-src https://*.apptio.com blob: 'self'; frame-ancestors 'self' https://*.apptio.com https://*.tbmcouncil.org https://*.tbmconference.org https://*.ibm.com https://apptio.lookbookhq.com; 4 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 4 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.williamhill-pp1.es *.williamhill.es *.williamhill-pp1.it *.williamhill.it *.williamhilltest.it *.plugnplay.host *.wlscasino.com *.gambling-solutions.ro *.888.ro 4 frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 4 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self'; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 4 object-src 'none'; report-uri /report-csp-violation 4 frame-ancestors 'self' https://www.blinds.com https://blinds.homedepot.com https://custom.homedepot.com https://www.homedepot.ca https://www.blinds.ca https://www.americanblinds.com https://www.justblinds.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' ads.google.com www.clarity.ms www.googletagmanager.com maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com docasap.com cdn.appdynamics.com claritev.com www.claritev.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http:; img-src 'self' ads.google.com www.clarity.ms maps.google.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com csi.gstatic.com cdn.appdynamics.com claritev.com www.claritev.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http:; object-src 'none'; worker-src 'self'; frame-ancestors *.claritev.com 4 frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com 4 default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.virtualearth.net *.bing.com *.googleapis.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com *.abtasty.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.google-analytics.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com *.playbuzz.com *.ex.co *.infinity-tracking.net *.infinity-tracking.com p.teads.tv go.affec.tv *.permutive.com *.adnxs.com *.monitor.azure.com *.applicationinsights.io *.vo.msecnd.net *.ingest.sentry.io *.pinimg.com *.pinterest.com *.youtube.com *.ytimg.com *.liveperson.net *.lpsnmedia.net widgets-eu.reputation.com ir.tools.investis.com *.eventbrite.co.uk emac-direct.service-plan.co.uk *.jaguarlandrover.com cdn.worldpay.com *.onetrust.com *.netdirector.auto *.netdirector.co.uk s3.amazonaws.com *.list-manage.com *.research-tree.com *.evanshalshaw.com *.stratstone.com *.carstore.com intranet.local *.pendragonplc.com *.pendragonvehiclemanagement.co.uk; frame-src * 'self' data: 'unsafe-inline' *.fls.doubleclick.net *.abtasty.com *.onetrust.com *.pinterest.com ir.tools.investis.com *.evanshalshaw.com *.stratstone.com *.carstore.com; object-src 'none'; font-src 'self' blob: data: *.abtasty.com *.gstatic.com *.googleapis.com *.netdirector.auto; img-src * 'self' data: blob: pplc-p-001.sitecorecontenthub.cloud *.abtasty.com; child-src * 'self' pplc-p-001.sitecorecontenthub.cloud; connect-src * 'self' data: *.abtasty.com *.ingest.sentry.io *.pinterest.com *.mixpanel.com pplc-p-001.sitecorecontenthub.cloud; worker-src data: blob:; upgrade-insecure-requests; block-all-mixed-content; 4 default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net https://qcnl.tv; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 https://qcnl.tv; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se borsrum.episerverhosting.com shbfxcalc.millistream.com mws-2.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com qcnl.tv; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 4 default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' 'unsafe-eval' snap.licdn.com www.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com msamarketing.z22.web.core.windows.net admin.microsoft.com adsuxsiwest.blob.core.windows.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com customervoice.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com res-1.cdn.office.net data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com blob:; connect-src 'self' wss: 'unsafe-inline' js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com consentreceiverfd-prod.azurefd.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net msftenterprise.sc.omtrdc.net westus2-2.in.applicationinsights.azure.com bat.bing.net msamarketing.z22.web.core.windows.net *.microsoft.com adsuxsiwest.blob.core.windows.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com comms.omnichannelengagementhub.com *.trouter.skype.com *.communication.azure.com us-prod.asyncgw.teams.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; media-src 'self' blob: dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com; 4 frame-ancestors 'self' https://nintex.pathfactory.com https://resources.nintex.com https://pathfactory.nintex.com https://info.nintex.com 4 frame-ancestors 'self' app.hubspot.com; 4 default-src https: wss://*.hotjar.com wss://*.qualified.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 4 frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.googletagmanager.com *.bing.com *.licdn.com *.hotjar.com *.driftt.com *.terminus.services *.demandbase.com *.doubleclick.net *.vidyard.com *.facebook.com *.facebook.net *.marketo.net *.monitor.azure.com *.googleadservices.com *.adobedtm.com analytics-sm.com *.24-astute.com *.affec.tv *.adnxs.com *.adentifi.com *.google.com *.gstatic.com *.cloudflareinsights.com *.redditstatic.com *.bat.bing-int.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.googleapis.com; img-src 'self' data: *.vidyard.com *.cookielaw.org *.ads.linkedin.com *.terminus-services.com *.terminus.services *.bing.com *.rlcdn.com *.google.com *.adsrvr.org *.company-target.com *.adentifi.com *.doubleclick.net *.facebook.com *.linkedin.com driftt.imgix.net *.googleadservices.com *.everesttech.net *.demdex.net *.google.ca analytics-sm.com *.go.affec.tv *.adnxs.com trkn.us *.reddit.com; font-src 'self' data:; connect-src 'self' wss: https:; media-src 'self' 'unsafe-inline'; frame-src 'self' *.doubleclick.net *.googletagmanager.com *.company-target.com *.driftt.com *.vidyard.com *.demdex.net *.google.com hackerone.com; 4 connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 frame-ancestors 'self' http://*.commonwealthu.edu https://*.commonwealthu.edu http://commonwealthu.prod.acquia-sites.com https://commonwealthu.prod.acquia-sites.com http://commonwealthustage.prod.acquia-sites.com https://commonwealthustage.prod.acquia-sites.com http://commonwealthudev.prod.acquia-sites.com https://commonwealthudev.prod.acquia-sites.com http://commonwealthura.prod.acquia-sites.com https://commonwealthura.prod.acquia-sites.com http://commonwealth.ddev.site https://commonwealth.ddev.site https://*.vimeo.com https://*.youtube.com https://bbox.blackbaudhosting.com; report-uri https://www.commonwealthu.edu/report-uri/enforce 4 default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src fonts.gstatic.com use.fontawesome.com; frame-ancestors 'none'; 4 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.acsbapp.com mhosting.hu *.mhosting.hu *.iubenda.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.ladesk.com srv.isy-teamblue.services srv.motu-teamblue.services *.adform.net www.youtube.com *.clarity.ms; style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net *.mhosting.hu cdn.iubenda.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.acsbapp.com *.doubleclick.net *.facebook.com *.mhosting.hu *.clarity.ms *.iubenda.com googleapis.com *.googleapis.com *.google.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com *.motu-teamblue.services; font-src 'self' cdn.jsdelivr.net; frame-src 'self' *.apps.ladesk.com *.iubenda.com td.doubleclick.net webonic.ladesk.com www.googletagmanager.com; img-src 'self' data: *.googletagmanager.com *.bing.com *.mhosting.hu *.clarity.ms www.facebook.com www.google.com www.google.hu; manifest-src 'self'; media-src 'self'; 4 frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://*.optimizely.com https://www.mdon-line.com/ https://inovalon.canto.com; 4 default-src 'self' http: https: ws: data: blob: 'unsafe-inline' 'unsafe-eval' 4 object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 4 frame-ancestors 'self' tpadprda.st.sk tpadsign.telekom.sk http://tpadtsta.st.sk https://*.acp.sk.tmo 4 frame-ancestors 'self' https://dashboard.sitew.com https://admin.sitew.com https://www.sitew.com; 4 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.wistia.net *.wistia.com *.amazonaws.com embedwistia-a.akamaihd.net; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors 'none'; style-src * 'unsafe-inline'; worker-src 'self' blob:; font-src 'self' data: blob: *.wistia.net *.wistia.com *.leandata.com *.gstatic.com; 4 frame-ancestors 'self'; default-src 'self' https://*.clarity.ms https://c.bing.com https://*.webinargeek.com wss://*.liveperson.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.conversationalsdevelopment.nl wss://api.seamly-app.com wss://api.qooqie.com https://api.seamly-app.com https://*.sharethis.com https://*.visualwebsiteoptimizer.com https://useruploads.vwo.io https://app.vwo.com https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 4 frame-ancestors same; report-uri /report-csp-violation 4 frame-ancestors 'self' *.webex.com 4 frame-ancestors 'self' *.amplience.net 4 default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com wss://*.niceincontact.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 4 default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 4 frame-ancestors https://www.notion.so 4 default-src 'self' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com ; connect-src 'self' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.quotemedia.com ; script-src 'self' 'unsafe-inline' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.quotemedia.com *.google.com cdnjs.cloudflare.com ajax.googleapis.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net *.bootstrapcdn.com code.angularjs.org ; style-src 'self' 'unsafe-inline' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.quotemedia.com *.googleapis.com cdnjs.cloudflare.com cdn.datatables.net code.jquery.com cdn.jsdelivr.net *.bootstrapcdn.com ; style-src-elem 'self' 'unsafe-inline' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.quotemedia.com *.jquery.com *.googleapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net *.google.com code.angularjs.org ; font-src 'self' data: localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.quotemedia.com *.gs.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com ; img-src 'self' data: localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com syndicatedsearch.goog *.quotemedia.com *.jquery.com *.google.com cdn.datatables.net ajax.googleapis.com syndicatedsearch.goog ; child-src 'self' blob: localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com syndicatedsearch.goog ; object-src 'none' ; frame-ancestors 'self' localhost *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.ria.site.gs.com *.advisorsolutions.site.gs.com *.gstatic.com ; upgrade-insecure-requests; block-all-mixed-content 4 default-src * 'unsafe-inline' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; 4 default-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com appsflyer.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com *.kfc.com.pe test.ipg-online.com mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.alignet.io *.entersektehs.com *.klar.mx *.efaka.net *.secureacs.com www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lili.ly *.lytics.io *.groovinads.com global.frcapi.com *.creativecdn.com *.americanexpress.com *.dragontail.com test.ipg-online.com *.kfc.com.pe mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com 3ds.eglobal.com.mx *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.appsflyer.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com cdn.inspectlet.com lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com *.groovinads.com appsflyer.com *.lytics.io *.creativecdn.com extranet.prb.com.mx *.dragontail.com dragontail.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.kfc.ph *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app *.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com dev.local.com:8080 test-tictuk.kfc.com.pe *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com kfc.com.pe *.kfc.com.pe ; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https:; connect-src 'self' https:; frame-src https:; object-src 'none'; frame-ancestors 'self'; form-action 'self' 4 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 4 frame-src 'self' hubbell.my.salesforce.com hubbellcdn.com *.google.com *.addthis.com *.windows.net cdn.krxd.net *.paymentsradius.com *.googletagmanager.com *.doubleclick.net *.hsforms.com www.youtube.com *.brightcove.net resources.hubbellwiringsystems.com www.youtube-nocookie.com hiwebar.azureedge.net flickrembed.com www.powr.io w2.countingdownto.com bcove.video www.linkedin.com go.bluevolt.com widget.spreaker.com cm-hubbell01-prod.web.app hubbellwiringsystems.com www.slideshare.net progresslighting.wufoo.com my.matterport.com e.issuu.com www.kooltronic.com www.surveymonkey.com forms.office.com hubbell.dcatalog.com service.force.com app.hubspot.com 2897803.hs-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monitor.azure.com *.cdn.applicationinsights.io cdn.channelsight.com cscoreproweustor.blob.core.windows.net hubbell-inc.secure.force.com static.lightning.force.com *.salesforceliveagent.com ajax.googleapis.com maps.googleapis.com kit.fontawesome.com cdnjs.cloudflare.com js.hsleadflows.net 2897803.hs-sites.com 9281193.fls.doubleclick.net ajax.aspnetcdn.com analytics.google.com assets.map.brightcove.com bat.bing.com bcove.video blog.hubbell.com c.bing.com c.office.com careers.hubbell.com cdn.cookielaw.org connect.facebook.net ct.pinterest.com cta-service-cms2.hubspot.com d.la5-c1-ia5.salesforceliveagent.com docs.google.com dokumfe7mps0i.cloudfront.net e.issuu.com edge.api.brightcove.com edge.fullstory.com experiences.assets.brightcove.com forms-na1.hsforms.com forms-na1.hubspot.com forms.cloud.microsoft forms.hsforms.com forms.hubspot.com forms.office.com googleads.g.doubleclick.net hubbell.com hubbell.dcatalog.com hubbell.my.salesforce.com hubbellcdn.com id.hubbell.com img.youtube.com info.hubbell.com info.hubbellpowersystems.com investor.hubbell.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hubspot.com map.brightcove.com media-exp1.licdn.com metrics.brightcove.com no-cache.hubspot.com pagead2.googlesyndication.com perf-na1.hsforms.com pixel.quantserve.com play.google.com players.brightcove.net progresslighting.wufoo.com public.slidesharecdn.com px.ads.linkedin.com s.pinimg.com salespersonlookup.hubbellapps.com service.force.com snap.licdn.com static.doubleclick.net static.hubspot.com stats.g.doubleclick.net store.hubbell.com tagmanager.google.com track.hubspot.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.hubbell.com www.linkedin.com www.redditstatic.com www.slideshare.net www.surveymonkey.com www.youtube-nocookie.com www.youtube.com youtube.com app.hubspot.com; object-src 'self' *.brightcove.net *.dcatalog.com *.flickrembed.com *.google.com *.hubbell.com *.hubbellcdn.com hubbellcdn.com *.hubbellwiringsystems.com *.issuu.com *.killarkar.blob.core.windows.net *.matterport.com *.office.com *.slideshare.net *.wufoo.com *.youtube.com bluevolt.com cm-hubbell01-prod.web.app docs.google.com forms.office.com hieeewebar.blob.core.windows.net hiwebar.azureedge.net 4 base-uri 'self'; object-src 'self'; frame-ancestors 'self' 4 default-src http: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' blob: data: *.apple.com; connect-src 'self' *.apple.com *.apple.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com; img-src 'self' data: *.apple.com; child-src 'self' *.apple.com blob: data: *.apple.com; style-src 'self' 'unsafe-inline' *.apple.com; font-src 'self' data: *.apple.com 4 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 4 frame-ancestors 'self' http://localhost:8000 http://*.localhost:8000 https://*.dev.000.ue-ict.net/ https://dev.000.ue-ict.net/ https://*.pre.000.ue-ict.net/ https://pre.000.ue-ict.net/ https://*.universidadeuropea.com/; 4 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net px.ads.linkedin.com snap.licdn.com data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 4 default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com *.vimeocdn.com; font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net 25126500.fs1.hubspotusercontent-eu1.net *.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net *.delen.bank; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com *.marker.io *.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.marker.io *.hotjar.com player.vimeo.com *.cookiebot.com *.googletagmanager.com cdn.raffle.ai player.clevercast.com *.webflow.io vimeo.com *.vimeo.com *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net https://app httpsdelen://app https://forms.office.com https://oyensappsimulator.acpt.delen.be https://delenappsimulator.acpt.delen.be https://login.acpt.delen.be https://online.acpt.delen.bank https://loginoyens.acpt.delen.be https://delenappsimulator.acpt.delen.lu https://delenchappsimulator.acpt.delen.lu https://login.acpt.delen.lu https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com vimeo.com blog.delen.bank https://app.skeeled.com/api/offers https://js-eu1.hscollectedforms.net/collectedforms.js https://delen.bank/_hcms/api/apicall; upgrade-insecure-requests 4 upgrade-insecure-requests;block-all-mixed-content 4 default-src 'self' cdn.invicti.com static.getclicky.com embed-ssl.wistia.com/deliveries/8e4be7011c8173f56f7717e7332cd52a7803b61e.bin; script-src 'self' 'unsafe-eval' 'unsafe-inline' go2.invicti.com cdn.invicti.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tcp.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net *.greenhouse.io *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.hotjar.com connect.facebook.net www.facebook.com bat.bing.com px.ads.linkedin.com www.linkedin.com snap.licdn.com sjs.bizographics.com js.driftt.com *.clearbitjs.com *.marketo.net *.mktoresp.com cdn.bizible.com *.calendly.com vidassets.terminus.services static.getclicky.com anchor.fm ct.capterra.com/capterra_tracker.js tag.demandbase.com *.newrelic.com js.zi-scripts.com/zi-tag.js schedule-staging.zoominfo.com/zischedule.js schedule.zoominfo.com/zischedule.js ws-assets-staging.zoominfo.com/formcomplete.js ws-assets.zoominfo.com/formcomplete.js ob.brilliantlocco.com obs.brilliantlocco.com j.6sc.co cdn.neverbounce.com api.neverbounce.com assets.trendemon.com trackingapi.trendemon.com static.oktopost.com okt.to social.invicti.com; style-src 'self' 'unsafe-inline' www.invicti.com go2.invicti.com cdn.invicti.com *.googleapis.com *.vwo.com assets.trendemon.com; frame-src go2.invicti.com cdn.invicti.com *.googletagmanager.com bid.g.doubleclick.net docs.google.com/presentation/ *.greenhouse.io app.vwo.com *.hotjar.com www.facebook.com *.youtube.com *.youtube-nocookie.com *.youtube.com player.vimeo.com *.driftt.com calendly.com anchor.fm *.soundcloud.com *.slideshare.net https://portal.productboard.com/ydb17fml3scd3vd6hcduruo7 www.podbean.com; frame-ancestors 'self' *.invicti.com *.acunetix.com; font-src 'self' data: cdn.invicti.com *.gstatic.com app.vwo.com *.hotjar.com cdn.neverbounce.com/; img-src 'self' data: www.invicti.com *.invicti.com cdn.invicti.com go2.invicti.com ssl.gstatic.com www.gstatic.com *.googleusercontent.com *.google.com *.google.co.uk *.google.de *.google.fr *.google.ar *.google.com.br *.google.com.tr *.google.nl *.google.cn *.google.ca *.google.it *.google.co.il *.googleapis.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.visualwebsiteoptimizer.com www.facebook.com *.bing.com bat.bing.com *.ytimg.com *.vimeocdn.com *.linkedin.com px.ads.linkedin.com cdn.bizible.com cdn.bizibly.com p.adsymptotic.com vidassets.terminus.services *.gravatar.com match.prod.bidr.io id.rlcdn.com e-2072.adzerk.net/e/2072/419463/e.gif ob.brilliantlocco.com obs.brilliantlocco.com b.6sc.co pic.trendemon.com trackingapi.trendemon.com; object-src 'self' cdn.invicti.com; media-src 'self' blob: cdn.invicti.com js.driftqa.com; connect-src 'self' cdn.invicti.com go2.invicti.com *.google.com *.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com/pagead/buyside_topics/set/ boards-api.greenhouse.io/v1/boards/invictisecurity/jobs *.visualwebsiteoptimizer.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.facebook.com *.vimeo.com vimeo.com cdn.linkedin.oribi.io px.ads.linkedin.com/wa *.clearbit.com *.mktoresp.com *.mktoutil.com api.calendly.com *.adnxs.com js-staging.zi-scripts.com/unified/v1/master/getSubscriptions js.zi-scripts.com/unified/v1/master/getSubscriptions ws.zoominfo.com ob.brilliantlocco.com obs.brilliantlocco.com c.6sc.co ipv6.6sc.co eps.6sc.co v.eps.6sc.co epsilon.6sense.com/v3/company/details cdn.neverbounce.com api.neverbounce.com; worker-src 'self' blob: dev.visualwebsiteoptimizer.com 4 connect-src 'self' https: wss:; default-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 4 img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.nr-data.net *.youtube.com *.translate.google.com *.startengo.dev *.startengo.fr mapb.boschaftermarket.com mapb.boschaftermarket.fr; object-src 4 default-src https: 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' *.betcris.com *.betcris.mx *.betcris.pa *.betcris.do *.betcris.sv *.betcris.pe 4 object-src 'none'; form-action 'self'; frame-ancestors 'self' 4 default-src 'self' api-v2.psg777.com https://www.google.com;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com https://www.google.com;img-src 'self' * blob: data: https://www.google.com;connect-src 'self' api-v2.psg777.com https://www.google.com;frame-ancestors 'self' https://www.google.com;base-uri 'self';form-action 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 4 default-src 'self' 'unsafe-inline' *.myconnectsuite.com *.schoolinsites.com *.pcmac.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; base-uri 'self'; form-action 'self' 'unsafe-inline' *; img-src 'self' *; connect-src 'self' *; frame-src *; media-src 'self' blob: *; worker-src 'self' blob: * 4 default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 4 default-src 'self' ; script-src 'report-sample' 'self' 'unsafe-inline' https://account.creoline.com https://analytics.creoline.com/js/script.js https://assets.cstatic.io https://assets.cstatic.com https://js.intercomcdn.com https://widget.intercom.io/widget/o08uq8et ; style-src 'report-sample' 'self' 'unsafe-inline' https://account.creoline.com https://assets.cstatic.io https://assets.cstatic.com ; object-src 'none' ; base-uri 'self' ; connect-src 'self' https://api.creoline.com https://assets.cstatic.io https://assets.cstatic.com https://analytics.creoline.com https://api-iam.eu.intercom.io wss://nexus-europe-websocket.intercom.io https://uploads.intercomcdn.eu/ ; font-src 'self' https://account.creoline.com data: https://assets.cstatic.io data: https://assets.cstatic.com data: https://fonts.intercomcdn.com ; frame-src 'self' ; img-src 'self' data: https://account.creoline.com https://assets.cstatic.io https://assets.cstatic.com https://avatars.cstatic.io https://avatars.cstatic.com https://downloads.intercomcdn.eu https://js.intercomcdn.com https://static.intercomassets.eu ; manifest-src 'self' ; media-src 'self' https://js.intercomcdn.com ; report-uri https://api.creoline.com/v1/report/d/csp ; worker-src blob: https://www.creoline.com ; 4 default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.elfsightcdn.com https://*.med-congress.just-medical.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://*.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.clever-click.ch https://*.sli.do https://scatec.io https://soundcloud.com/ https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://ton.twimg.com https://*.clever-click.ch https://scatec.io https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://*.crazyegg.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; frame-src 'self' https://feed.yellow.camera https://*.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://www.facebook.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://ton.twimg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.mediclinic.ae; 4 frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 4 default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' *.kiavi.com *.lh-qa.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hs-sites.com *.hsadspixel.net *.hsappstatic.net *.hscollectedforms.net *.hscta.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspot.com *.hubspot.net *.hubspotfeedback.com *.hubspotusercontent20.net *.hubspotvideo.com *.usemessages.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adroll.com https://*.adsymptotic.com https://*.analytics.yahoo.com https://*.bing.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com; object-src 'none';; upgrade-insecure-requests 4 frame-ancestors 'self' *.futuoa.com 4 frame-ancestors 'self' https://www.ruralvia.com https://ruralviasimuladores.afi.es https://bancocooperativosimuladores.afi.es; 4 default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu onet.pl *.onet.pl *.gstatic.com *.google.com *.google.pl *; frame-ancestors 'self' https://www.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::PROD 4 default-src 'self' 'unsafe-inline' data: *.datatables.net *.wsasitecore.net *.site.com *.salesforce-scrt.com *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.salesforce-sites.com *.widexpro.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.trustarc.com *.typekit.net *.azureedge.net *.azurefd.net *.youtube-nocookie.com *.bootstrapcdn.com *.w3.org *.doubleclick.net *.facebook.net *.mouseflow.com *.googlesyndication.com *.gstatic.com *.sleeknote.com *.stackadapt.com *.linkedin.com *.shoeboxonline.com *.nr-data.net *.force.com *.nakanohito.jp *.crazyegg.com gift.echoes.plus blob:; img-src 'self' data: blob: *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.ytimg.com *.cloudflare.com *.trustarc.com *.azureedge.net *.azurefd.net *.linkedin.com *.w3.org *.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.com *.ggpht.com *.ytimg.com *.sleeknote.com *.shoeboxonline.com *.sivantos.com *.auditionsolidarite.org *.nakanohito.jp *.userlocal.jp *.simpli.fi *.doubleclick.net www.googleadservices.com *.crazyegg.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.datatables.net *.simpli.fi *.site.com *.cookieinformation.com *.rawgit.com *.salesforce-sites.com *.salesforceliveagent.com *.salesforce.com *.jsdelivr.net *.widex.com *.wsa.com *.signia.net *.signia-hearing.com *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.widexpro.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.trustarc.com *.youtube-nocookie.com *.azureedge.net *.azurefd.net *.facebook.net *.doubleclick.net *.googlesyndication.com https://browser-update.org *.w3.org *.youtube.com *.livechatinc.com *.newrelic.com *.nr-data.net *.stackadapt.com *.gstatic.com *.sleeknote.com *.licdn.com *.shoeboxonline.com *.piwik.pro *.google-analytics.com *.mouseflow.com *.force.com *.nakanohito.jp js.adsrvr.org qvdt3feo.com cdn.bttrack.com static.airtable.com *.crazyegg.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; frame-src https://sst.coselgi.com/ https://sst.rexton.com/ https://sst.signia-pro.com/ https://wsaud.my.site.com/ https://wsaud--playground.sandbox.my.site.com/ https://insight.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://www.shoeboxonline.com/ https://www.google.com/ https://tracker-detail-page.trustarc.com/ https://features.signia-hearing.com/ https://service.force.com/ https://embed.acast.com/ https://www.googletagmanager.com/ https://airtable.com/ https://sst.audioservice.com https://sst.widex.com https://sst.signia.net https://sst.signia-pro.com https://sst.widexpro.com; media-src storage.userlocal.jp *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com *.azureedge.net *.azurefd.net; worker-src blob:; child-src blob: 4 frame-ancestors 'self' *.netcinehd.si netcinehd.si 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net; script-src-elem 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.contentsquare.net/ https://*.contentsquare.net/* https://*.rib-software.com https://*.rib-software.com/* https://cdn.livechatinc.com/tracking.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/ https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://ipapi.co/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://region1.analytics.google.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/; style-src 'self' 'report-sample' 'unsafe-inline' blob: data: https://fast.wistia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://*.contentsquare.net/ https://*.contentsquare.net/* https://www.facebook.com/ https://connect.facebook.net/ https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://aggregator.service.usercentrics.eu/ https://px.ads.linkedin.com/ https://region1.google-analytics.com/ https://ipapi.co/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://core.service.elfsight.com/ https://ipapi.co/ https://ipapi.co/49.43.97.126/json/ https://api.ipify.org/ https://ipapi.co/49.43.97.0/json/ https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/; font-src 'self' data: https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/*; https://*.wistia.com https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js; frame-src 'self' data: https://go.rib-software.com/* https://go.rib-software.com/ https://*.rib-software.com/ https://*.rib-software.com/* https://fast.wistia.com https://fast.wistia.net https://www.meinauftrag.rib.de/ https://www.rib-software.com/* https://go.pardot.com/* https://go.pardot.com/ https://go.esam.ncee.rib-software.com/* https://go.esam.ncee.rib-software.com/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://*.wistia.com https://*.wistia.net https://www.youtube.com https://go.dach.data.rib-software.com/ https://go.esam.uki.rib-software.com/; frame-ancestors 'self' https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/*; img-src 'self' data: https://*.contentsquare.net/ https://*.contentsquare.net/* https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://secure.gravatar.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://api.iconify.design/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; worker-src 'self' blob: data: ; child-src blob: data: https://www.youtube.com/ https://app.usercentrics.eu/ https://*.wistia.com https://*.wistia.net; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 4 connect-src 'self' index-education.matomo.cloud cdn.matomo.cloud https://*.friendlycaptcha.com/ https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.datatables.net https://data.geopf.fr;default-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com;frame-ancestors 'self' ;frame-src 'self' *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self' *.index-education.france *.index-education.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com *.datatables.net https://*.index-education.com https://*.bootstrapcdn.com https://app.mailjet.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self' https://*.index-education.com index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus *.linkedin.com blob: data:; 4 frame-ancestors 'self' *.myworkdayjobs.com *.hbm.com; upgrade-insecure-requests; script-src hbkworld.com *.hbkworld.com *.livechatinc.com *.youtube.com js-agent.newrelic.com *.adobedtm.com assets.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.google.com *.google-analytics.com *.crazyegg.com *.licdn.com static.cloudflareinsights.com *.cookieinformation.com *.ipify.org *.zoominfo.com *.matomo.cloud *.piwik.pro *.wistia.com *.rlcdn.com *.doubleclick.net *.adsymptotic.com *.facebook.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net js.hubspot.com *.doubleclick.net *.google.com *.linkedin.com *.cloudfront.net *.clickagy.com dqm.crownpeak.com *.myworkdayjobs.com *.force.com *.gstatic.com *.clarity.ms *.cloudflare.com *.a1.typesense.net js.zi-scripts.com *.js.zi-scripts.com *.zi-scripts.com *.bing.com dpm.demdex.net *.hubspot.com *.hsforms.net js.adsrvr.org *.adsrvr.org 'unsafe-inline' 'unsafe-eval' blob:; 4 frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 4 default-src 'self';script-src 'self' 'nonce-oFqTrMGyS51FG8qyOU7fDATY' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org cdn.uc.assets.prezly.com;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com godot.emakina.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 4 frame-ancestors https:; 4 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.recaptcha.net https://*.twitter.com *.bing.com https://*.fonts.net https://*.bazaarvoice.com https://*.sprinklr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.pinterest.com https://storage.cloud.kargo.com https://*.recaptcha.net https://*.twimg.com https://*.bing.com https://*.gstatic.com https://*.google.com https://*.everesttech.net https://*.dotomi.com https://*.iovation.com https://*.bridgestonetire.com https://*.iesnare.com https://*.akamaihd.net https://*.bazaarvoice.com https://*.jquery.com https://*.twitter.com https://*.ads-twitter.com https://*.virtualearth.net https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://pixel.everesttech.net https://*.pinimg.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://*.everestjs.net https://www.youtube.com https://*.firestonecompleteautocare.com https://*.tiresplus.com https://*.wheelworks.net https://*.hibdontire.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net https://*.sprinklr.com; connect-src *; frame-src 'self' https://*.googletagmanager.com https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.doubleclick.net https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.bazaarvoice.com https://*.sprinklr.com; img-src * data: blob:; media-src 'self' https://*.iesnare.com https://*.sprinklr.com; font-src 'self' https://*.bazaarvoice.com https://*.fonts.net https://*.bridgestoneresources.com https://*.sprinklr.com data: 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeocdn.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com *.libsyn.com *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net *.cookielaw.org cdn.matomo.cloud *.vimeo.com *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; img-src * 'self' data: blob:;frame-ancestors 'self'; 4 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 4 default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; 4 frame-ancestors 'self' https://latitude.sh 4 frame-ancestors 'self' https://dvag.test.dlstages01.dvag.de https://dvag.dev.dlstages01.dvag.de https://static.test.dlstages01.dvag.de https://static.dev.dlstages01.dvag.de https://static-career.test.dlstages01.dvag.de https://static-career.dev.dlstages01.dvag.de https://berater.finanzanalyse.dvag https://uat.berater.finanzanalyse.dvag https://staging.berater.deutschefin.tech https://vpd.finanzanalyse.dvag https://uat.vpd.finanzanalyse.dvag https://www.finanzanalyse.dvag https://uat.finanzanalyse.dvag https://benutzerkonto.abnahme.dvag https://benutzerkonto.dvag https://catalog.finanzanalyse.dvag https://uat.catalog.finanzanalyse.dvag 4 ; 4 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com *.ibkrcampus.com ibkrcampus.com *.traderstation-international.com; 4 font-src * data:; 4 frame-ancestors 'self' *.com 4 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 4 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net *.hawksearch.net *.g2crowd.com *.sentry-cdn.com/ *.google.com *.vimeo.com https://*.usercentrics.eu *.hs-scripts.com *.hs-analytics.net *.baidu.com *.bcebos.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com/ https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com *.hawksearch.net *.hawksearch.com *.baidu.com https://aff-im.cdn.bcebos.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net *.googletagmanager.com *.hsforms.net *.baidu.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com *.google.com https://google.com *.hsforms.com *.baidu.com https://www.facebook.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net *.baidu.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 4 default-src 'self'; script-src 'report-sample' 'self' https://contentkit.t-mobile.com https://hu.us4.list-manage.com/ https://*.googleadservices.com https://*.google.com https://www.youtube.com/iframe_api 'unsafe-inline' https://connect.facebook.net https://*.googletagmanager.com https://*.g.doubleclick.net https://*.tiktok.com https://static.ads-twitter.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://*.snapchat.com https://*.klaviyo.com https://www.datadoghq-browser-agent.com; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.klaviyo.com; img-src 'self' data: blob: https://contentkit.t-mobile.com https://t-mobile.scene7.com https://cdn.shopify.com https://images.prismic.io https://*.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.facebook.com https://*.tiktok.com https://static.ads-twitter.com https://t.co https://analytics.twitter.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://tags.w55c.net https://*.klaviyo.com https://cbbhbarr.api.sanity.io https://cdn.sanity.io https://images.unsplash.com; connect-src 'self' https://*.mapbox.com/ https://*.t-mobile.com https://dev-checkout.humane.com https://carry-checkout.humane.com https://checkout.humane.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://webapi.dev.humane.cloud https://webapi.carry.humane.cloud https://webapi.prod.humane.cloud https://region1.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://support.humane.com https://*.snapchat.com https://*.klaviyo.com https://cbbhbarr.api.sanity.io wss://cbbhbarr.api.sanity.io https://images.unsplash.com https://*.myshopify.com https://boards-api.greenhouse.io; manifest-src 'self'; font-src 'self' https://assets.vercel.com https://static.klaviyo.com/ https://humane.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com/ bid.g.doubleclick.net https://td.doubleclick.net/ https://*.snapchat.com https://*.klaviyo.com https://beta.humane.com https://dev.humane.com https://carry.humane.com https://humane.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/ https://bgtyb5tggz7dcsgj.public.blob.vercel-storage.com; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1c4ce6290da09358707613fe74943eb5&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awebsite%2Cenv%3Aprod; worker-src blob:; frame-ancestors 'self'; form-action 'self' 4 frame-ancestors 'self' https://aderantonline.force.com; 4 default-src https: data: 'unsafe-eval' 'unsafe-inline' 4 default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4 default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rekai.se https://dj5ytzb70q57z.cloudfront.net https://internetstiftelsen.confetti.events https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://d2wd18kp3k18ix.cloudfront.net https://*.onetrust.com https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://*.rekai.se https://graphtool.internetstiftelsen.se https://api.services.confetti.events https://internetstiftelsen.confetti.events https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' blob: https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; frame-ancestors 'self'; media-src 'self' https://*.libsyn.com 4 frame-ancestors *.df-automotive.de *.felgenshop.de 4 default-src 'self'; frame-src 'self' aax-eu.amazon-adsystem.com ct.pinterest.com https://www.googletagmanager.com www.google.com www.youtube.com live.brame-gamification.com *.paypal.com www.facebook.com weatherwidget.io tpc.googlesyndication.com td.doubleclick.net; media-src 'self'; img-src 'self' data: https://a.mgid.com https://tr.blismedia.com maps.gstatic.com sp.analytics.yahoo.com maps.googleapis.com *.paypal.com uip.semasio.net www.google.com www.facebook.com www.google.gr bold.adman.gr cdn.cookielaw.org www.googletagmanager.com www.google.nl ads.travelaudience.com sherlock.adman.gr ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com tr.outbrain.com cm.g.doubleclick.net ad.yieldlab.net pixel.rubiconproject.com image2.pubmatic.com ice.360yield.com ih.adscale.de ib.adnxs.com ads.betweendigital.com p1.zemanta.com a.mgid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sitepixel.blis.com https://a.mgid.com *.zemanta.com c.amazon-adsystem.com ct.pinterest.com *.pinimg.com *.tiktok.com https://*.adform.net *.paypal.com *.paypalobjects.com *.braintreegateway.com sp.analytics.yahoo.com connect.facebook.net s.yimg.com maps.googleapis.com www.googletagmanager.com www.google.com www.youtube.com www.gstatic.com cdn.cookielaw.org weatherwidget.io ads.travelaudience.com www.googleadservices.com theferries.com tpc.googlesyndication.com tr.outbrain.com amplify.outbrain.com wave.outbrain.com js-tag.zemanta.com a.mgid.com; connect-src 'self' https://tr.blismedia.com aax-eu.amazon-adsystem.com ara.paa-reporting-advertising.amazon ct.pinterest.com *.tiktok.com *.zemanta.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.googleadservices.com https://amplify.outbrain.com maps.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com cdn.cookielaw.org *.analytics.google.com stats.g.doubleclick.net s.yimg.com privacyportal-eu.onetrust.com geolocation.onetrust.com adservice.google.com www.google.com www.google.gr tr.outbrain.com p1.outbrain.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none' 4 default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org 'unsafe-inline' 'unsafe-eval' data: 4 upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 4 base-uri 'self'; frame-ancestors 'self' https://*.worldanimalprotection.org.uk; 4 frame-src 'self' youtube.com www.youtube.com www.dailymotion.com assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; worker-src 'self' blob: assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; child-src 'self' assirmforum21-backend.liveforum.space assirmforum21.liveforum.space 4 default-src 'self' data: *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl cdn.leadinfo.net api.leadinfo.com collector.leadinfo.net collector4.leadinfo.net *.clarity.ms c.bing.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl cdn.leadinfo.net api.leadinfo.com collector.leadinfo.net collector4.leadinfo.net *.clarity.ms c.bing.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl cdn.leadinfo.net api.leadinfo.com collector.leadinfo.net collector4.leadinfo.net *.clarity.ms c.bing.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net 4 connect-src *.doubleclick.net *.linkedin.com *.google.com *.motork.io *.getwarmly.com *.iubenda.com *.google-analytics.com; default-src 'self'; font-src 'self' *.typekit.net; frame-src *.youtube.com *.google.com *.motork.io *.facebook.com; img-src 'self' *.drata.com *.lfeeder.com *.linkedin.com t.co *.twitter.com *.google.com *.google.it *.facebook.com *.googletagmanager.com; script-src 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.typekit.net *.iubenda.com *.motork.io *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.hotjar.com *.licdn.com *.ads-twitter.com *.facebook.net *.lfeeder.com *.head3high.com *.getwarmly.com *.doubleclick.net; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' *.typekit.net *.motork.io; worker-src 'self' blob:; 4 'self'.model-t.cc.commerce.ondemand.com:443 *.ynk.cl:443 4 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com https://*.ampproject.org 4 upgrade-insecure-requests; report-uri 4 frame-ancestors 'self' https://explore.medius.com 4 frame-ancestors 'self' https://app.contentful.com https://app.eu.contentful.com 4 require-trusted-types-for 'script';report-uri /_/ChromeWebStoreConsumerFeUi/cspreport 4 default-src 'self' blob: centinelapi.cardinalcommerce.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.global *.freedom24.com *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com code.jivo.ru *.mail.ru api.sumsub.com *.tradernet.com *.tradernet.kz *.tradernet.global *.tradernet.ru *.tradernet.by widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com; img-src 'self' 'unsafe-inline' blob: data: *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy www.google.com.vn google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com code.jivosite.com code.jivo.ru *.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com *.oninvest.com *.ffin.tr *.ffin.ae *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com code.jivo.ru cdn.jsdelivr.net yastatic.net; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app wss://realtime-services-eu.carrotquest.io wss://realtime-services-eu-chat-2.carrotquest.io realtime-services-eu.carrotquest.io wss://rts-v2.carrotquest.app/websocket_connect_time rts-v2.carrotquest.app/websocket_connect_time api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props delivery.consentmanager.net/delivery/ *.clarity.ms suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.tradernet.global wss://wss.tradernet.am ffin.global mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com pay.google.com www.google.com google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivosite.com *.jivo.ru wss://*.jivosite.com wss://*.jivo.ru top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.tradernet.com *.typi.team wss://wss.tradernet.by wss://wss.tradernet.com wss://wss.tradernet.kg wss://wss.almaty-ffin.kz wss://wss.freedombroker.kz wss://wss.tradernet.kz tradernet.ru admin.tradernet.ru sentry.dev.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.ru ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com v2.zopim.com wss://widget-mediator.zopim.com mc.yandex.com wss://wssdev.tradernet.dev wss://wss.tradernet.dev wss://wss.tfos.com wss://wss.walletsolutions.eu wss://wss.ffin.tr wss://wss.ffin.ae wss://wss.cifra-broker.ru; frame-ancestors 'self' https://*.bankffin.kz https://*.f.bank https://*.freedom24.com https://*.tradernet.com https://bankffin.kz https://freedom24.ru; 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 4 upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 4 frame-ancestors "self" 4 default-src 'self'; script-src https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ 'self'; connect-src 'self'; img-src http://localhost:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src https://www.google.com/recaptcha/ com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://* application://* receiver://* 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://nsgcepa application://*; form-action 'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri 4 default-src 'self' * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io *.lfeeder.com *.leadfeeder.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none'; img-src * 'self' data:; worker-src 'self' data: blob:; 4 upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://lp.thinkproject.com https://snap.licdn.com https://munchkin.marketo.net https://js.storylane.io https://cdn.cookielaw.org https://assets.adoberesources.net https://documentcloud.adobe.com https://www.google-analytics.com https://ajax.cloudflare.com https://cdn.dreamdata.cloud https://cdn.drda.io https://optimizely-cmp-analytics.com https://www.clarity.ms https://*.clarity.ms https://bat.bing.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://lp.thinkproject.com https://*.mktoresp.com https://*.mktoutil.com https://cdn.linkedin.oribi.io https://*.cookielaw.org https://*.onetrust.com *.adobe.io wss://*.adobe.io https://px.ads.linkedin.com https://cdn.dreamdata.cloud https://*.bing.com https://bat.bing.net https://*.clarity.ms;font-src 'self' https://fonts.gstatic.com https://*.typekit.net;frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://lp.thinkproject.com https://app.storylane.io https://play.goconsensus.com https://vimeo.com https://player.vimeo.com https://documentcloud.adobe.com; 4 frame-ancestors https://matomo.druide.com; 4 frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 4 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://www.youtube.com/iframe_api *.google.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:* cdnjs.cloudflare.com https://bat.bing.com *.clarity.ms https://q.clarity.ms/collect https://alemanaseguros1.my.site.com:* web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://dec.azureedge.net tagmanager.google.com https://alemanaseguros1.my.site.com:* web-chat.nativechat.com https://cdn.insight.sitefinity.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl stats.g.doubleclick.net *.google.com *.youtube.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl i.stack.imgur.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudfront.net web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com; frame-src 'self' portal.alemana.cl * *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com https://*.googleapis.com/ app.tuotempo.com www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com https://accounts.spotify.com https://api.spotify.com https://api-js.datadome.co api.usabilla.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:* wss://sofix6xmbk.execute-api.us-east-1.amazonaws.com https://q.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/prod https://alemanaseguros1.my.site.com:* https://alemanaseguros1.my.salesforce-scrt.com:* https://a.clarity.ms:* https://d.clarity.ms/* https://d.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/* https://*.insight.sitefinity.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' blob: www.clinicaalemanatemuco.cl *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/ 4 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 4 frame-ancestors 'self' https://www.facebook.com 4 default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval'; 4 frame-ancestors https://next.ritr.eu https://www.alfagames.sk https://alfagames.sk; 4 default-src * 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/ https://*.googleapis.com/ https://bat.bing.com/ https://*.quantummetric.com/ https://*.osano.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com https://*.google.co.uk https://js.stripe.com/ blob: 'unsafe-inline' 'unsafe-eval' 'self'; frame-ancestors 'self'; form-action *; font-src https://fonts.gstatic.com/ https://*.acsbapp.com 'self' data:; img-src www.googletagmanager.com https://*.acsbapp.com https://www.facebook.com https://*.bing.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://*.google.rs https://*.doubleclick.net https://bat.bing.com https://*.google-analytics.com https://*.google.co.in https://*.cibt.com/ https://*.cibtvisas.com https://cibtvisas.com 'self' data: blob:; connect-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.acsbapp.com https://acsbapp.com https://*.cibt.com https://*.api.osano.com/ https://google.com https://google.co.uk https://google.co.in https://google.rs https://*.cibtvisas.com https://*.*.osano.com *.amazonaws.com; 4 frame-ancestors 'self' https://training.lynxbroker.de 4 connect-src 'self'; 4 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.squarecdn.com data: *.fontawesome.com *.survicate.com/ *.accessibly.app/ *.oct8ne.com/ *.hotjar.com/ *.modo.com.ar/ *.readysize.ai/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com widgets.sandbox.afterpay.com *.cash.app cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.despegar.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.cash.app cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.despegar.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mookie1.com/ *.adnxs.com/ *.google.com/ *.bing.com/ *.doubleclick.net/ *.google.com.ar/ *.carocuore.com.ar/ https://mcprod.carocuore.com/ *.groovinads.com/ *.accessibly.app/ *.qrserver.com/ *.oct8ne.com/ *.e-planning.net/ *.facebook.net/ https://www.em.rapsodia.com/ https://www.em.babycottons.com/ *.carocuore.com/ *.clarity.ms/ *.herolens.com/ *.rapsodia.com.ar/ *.rapsodia.cl/ *.rapsodia.com.co/ *.carocuore.com.uy/ *.babycottons.com.ar/ *.babycottons.com/ *.babycottons.com.pe/ *.rapsodia.com.uy/ *.babycottons.mx/ *.modo.com.ar/ *.cloudfront.net/ *.readysize.ai/ *.icommkt.online data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.cash.app cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.despegar.com/ *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.hotjar.com/ *.adnxs.com/ *.tiktok.com/ *.getblue.io/ *.inspectlet.com/ *.bing.com/ *.clarity.ms/ *.naiz.fit/ *.survicate.com/ *.crazyegg.com/ *.embluemail.com/ *.icommarketing.com/ *.accessibly.app/ *.pinimg.com/ *.pinterest.com/ *.cloudfront.net/ *.oct8ne.com/ *.modo.com.ar/ *.readysize.ai/ *.fitprenda.com/ https://rapsodia.my.site.com/ https://scripts.icommkt.online/ *.icommkt.online 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com static.afterpay.com/ *.squarecdn.com *.cash.app cdn.dnky.co *.fontawesome.com assets.braintreegateway.com *.googletagmanager.com *.cookielaw.org *.survicate.com/ https://rapsodia.my.salesforce-scrt.com/ https://rapsodia.my.site.com/ *.icommkt.online 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://mcprod.carocuore.com/ *.icommkt.online 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.cash.app api.lab.amplitude.com maps.googleapis.com api.comapi.com bam.nr-data.net *.despegar.com/ *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.cookielaw.org *.tiktok.com/ *.clarity.ms/ *.naiz.fit/ *.run.app/ *.bing.com/ *.doubleclick.net *.accessiblyapp.com/ *.pinterest.com/ https://track-icommkt.com/ https://notifications-icommkt.com/ *.accessibly.app *.inspectlet.com/ *.oct8ne.com/ wss://ws.hotjar.com/ *.hotjar.io/ https://server-side-tagging-f3nc3owz5a-uc.a.run.app/ *.facebook.com/ *.playdigital.com.ar/ *.amplitude.com/ *.modo.com.ar/ *.readysize.ai/ https://rapsodia.my.salesforce-scrt.com/ *.icommkt.online/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 frame-ancestors 'self' dampsoft.de *.dampsoft.de wordpress.p683160.webspaceconfig.de 4 default-src 'self' gap: 'unsafe-inline'; script-src 'self' data: https://cdn.amcharts.com data: https://c.mql5.com/ data: https://cdn.ampproject.org/ data: https://content.mql5.com/ data: https://connect.facebook.net/ data: https://ifccd.net data: code.jquery.com data: *.ifcmarkets.com data: *.ifcmiran.asia data: *.tradeifcm.asia data: https://apis.google.com data: www.google-analytics.com data: www.googleadservices.com data: www.googletagmanager.com data: https://www.google.com/ data: www.googleapis.com/ data: cse.google.com/ data: clients1.google.com/ data: https://www.gstatic.com/ data: https://www.googleadservices.com data: trade.mql5.com data: https://ipinfo.io data: https://ajax.cloudflare.com data: https://yastatic.net/share2/share.js data: https://mc.yandex.ru/metrika/tag.js data: https://dsp-media.eskimi.com data: https://ssl.pstatic.net data: wcs.naver.net data: *.bing.com data: *.twitter.com data: *.adroll.com data: widget.trustpilot.com data: connect.facebook.net data: https://www.aparat.com data: https://www.aparat.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' data: *.trustpilot.com data: *.google.com data: https://*.adroll.com data: https://component.autochartist.com data: *.ifcm-invest.com data: https://www.tradays.com data: https://www.mql5.com data: https://www.youtube.com data: https://chat.ifcmtz.com data: https://chat.ifctr.asia data: https://chat.fxifcm.asia data: https://chat.ifcmfx.com data: https://chat.ifcmfx.cn data: https://chat.ifcm.co.uk data: https://chat.ifcmarkets.tw data: https://chat.ifcmarkets.my data: https://chat.ifcmarkets.net data: https://chat.ifcmarkets.hk data: https://chat.ifcmarkets.mx data: https://chat.ifcmarkets.com.br data: https://chat.ifcmarkets.co.id data: https://chat.ifcmarkets.co.in data: https://chat.ifcmarkets.co data: https://chat.ifcmarkets.ae data: https://trade.mql5.com data: https://td.doubleclick.net data: *.googletagmanager.com data: *.ifcmarkets.com data: *.ifcmiran.asia data: *.tradeifcm.asia data: *.ifcmarkets.co.za data: https://*.facebook.com data: https://www.aparat.com data: https://ifccd.net; media-src * data: https://www.ifcmarkets.com/downloads/video/; object-src *; style-src 'self' data: *.ifcmarkets.com data: *.ifcmiran.asia data: https://ifccd.net data: https://pr.ifccd.net data: https://www.google.com data: https://fonts.googleapis.com 'unsafe-inline'; img-src * data: http://www.w3.org/; font-src 'self' data: *.ifcmiran.asia data: https://ifccd.net data: https://fonts.gstatic.com data: https://fonts.googleapis.com data: https://pr.ifccd.net; connect-src *; manifest-src 'self' data: https://ifccd.net data: https://be1.ifcmfar.com data: *.ifcmiran.asia 4 frame-ancestors 'self' *.arcgis.com *.esri.com learn.esri.ca 4 img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 4 frame-ancestors 'self' pages.sitecorecloud.io; 4 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob:; 4 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline';connect-src * 'unsafe-inline'; frame-src * 4 default-src 'self' *.visualwebsiteoptimizer.com app.vwo.com www.youtube.com www.youtube-nocookie.com *.gstatic.com *.google.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.hsappstatic.net *.hubspot.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.googleoptimize.com *.googletagmanager.com *.zoho.eu *.maillist-manage.eu maillist-manage.eu; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.googletagmanager.com https://fonts.googleapis.com; frame-src app-eu1.hubspot.com *.hsforms.net *.hsforms.com youtube.com www.youtube.com *.google.com *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' *.hubapi.com *.hscollectedforms.net *.hsforms.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com region1.google-analytics.com *.google.com; img-src 'self' *.hsforms.net *.hsforms.com *.visualwebsiteoptimizer.com *.googletagmanager.com app.vwo.com useruploads.vwo.io api.media.atlassian.com uwzorgonline.atlassian.net data: *.uwzorgonline.nl uwzorgonline.nl *.gravatar.com *.google-analytics.com; font-src 'self' data: *.gstatic.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'none'; child-src *.hsforms.com 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: 4 frame-ancestors 'self' https://www.youtube.com; 4 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; 4 frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://sdk.dcmn.io https://www.facebook.com https://sibautomation.com https://ad4m.at https://hal9000.redintelligence.net *.ad-srv.net https://googleanalytics.com https://google-analytics.com https://googleoptimize.com *.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://widget.trustpilot.com *.studentbeans.com https://ct.pinterest.com https://*.cdn.optimizely.com https://just-russel.campaign.playable.com td.doubleclick.net *.clarity.ms *.justrussel.com *.justrussel.nl *.justrussel.be *.justrussel.de *.justrussel.fr 4 font-src https: data:; img-src https: data:; 4 default-src 'self' *.amazonaws.com;media-src 'self' *.amazonaws.com data: *.ace.teliacompany.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;style-src 'self' 'unsafe-inline' *.teliacompany.com *.google.com *.humany.net *.googleapis.com *.gstatic.com *.amazonaws.com;connect-src 'self' *.google-analytics.com *.linkedin.com *.googletagmanager.com *.amazonaws.com *.humany.net *.google.com *.google.se *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi *.resurs.com *.integration.resurs.com *.doubleclick.net *.googleapis.com *.amplitude.com *.teliacompany.net *.resurs.loc *.ellos.resursbank.24hr.se wss://*.resurs.se wss://*.resurs.fi wss://*.resurs.dk wss://*.resurs.no *.hotjar.io *.hotjar.com wss://*.hotjar.com wss://*.hotjar.io widget.datablocks.se *.taboola.com *.bing.com *.bing.net *.mfn.se *.googlesyndication.com;form-action 'self';frame-ancestors 'self';frame-src 'self' *.youtube.com player.vimeo.com *.google.com *.teliacompany.com resurs.onfluid.dk *.doubleclick.net *.office365.com *.googletagmanager.com *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi;child-src 'self';font-src * data:;object-src 'none';manifest-src 'self' 'unsafe-inline' data:;upgrade-insecure-requests 4 default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 4 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 base-uri 'self'; font-src 'self' https: data:; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com cdn.rudderlabs.com https://*.rudderstack.com; upgrade-insecure-requests; worker-src 'self' blob:; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' pagead2.googlesyndication.com api.ipify.org px.ads.linkedin.com *.outbrain.com *.akamaihd.net *.akstat.io *.analytics.google.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com cdn.linkedin.oribi.io s.yimg.com *.report.gbss.io cdn.gbqofs.com api.fundpress.io api-uk.kurtosys.app assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net geolocation.onetrust.com mandg.scene7.com privacyportal-de.onetrust.com search-api.swiftype.com smetrics.mandg.com stats.g.doubleclick.net prudentialdistributi.tt.omtrdc.net policylookup.mandg.com pdx-col.eum-appdynamics.com api.pru.co.uk www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat analytics.google.com adservice.google.com prudential.distribution.team.prudential.co.uk cas.zma.gs c.zmags.com fml-x.com *.fundslibrary.net dc.services.visualstudio.com *.googlesyndication.com; font-src 'self' data: api.fundpress.io fonts.gstatic.com use.typekit.net at.alicdn.com images.getfastr.com; form-action 'self' wwwx.pruadviser.co.uk; frame-ancestors 'self' mypru.pru.co.uk www.mymandg.co.uk *.fundslibrary.co.uk www.platformservices.co.uk www.mandg.com; frame-src 'self' www.mandg.com interactive.mandg.com *.demdex.net *.pruadviser.co.uk www.brighttalk.com digitalsecure.mandg.com forms.mymandg.co.uk securedigital.wealth.mandg.com securedigital.pru.mandg.com securedigital.prudential.co.uk secure.digital.mandg.com www.google.com irpages2.equitystory.com insight.adsrvr.org infogram.com e.infogram.com match.adsrvr.org mandg.fidainformatica.it mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co recaptcha.google.com assets.ceros.com media.ceros.com view.ceros.com www.youtube-nocookie.com igccharges.mandg.com *.doubleclick.net adclick.g.doubleclick.net sustainabilityprofiletool.mandg.com api.pru.co.uk digital-api.dg.pru.co.uk open.spotify.com wwwx.pruadviser.co.uk flo.uri.sh contentcontrol.api.zmags.com cas.zma.gs *.t.eloqua.com *.googletagmanager.com; img-src 'self' data: googleads.g.doubleclick.net prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com *.akstat.io *.demdex.net *.google-analytics.com *.googletagmanager.com ad.doubleclick.net api.fundpress.io api-uk.kurtosys.app adservice.google.com assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net www.google.com www.google.co.uk i.ytimg.com mandg.scene7.com smetrics.mandg.com ttcontacts.com 797110.global.siteimproveanalytics.io insight.adsrvr.org *.wealth.mandg.com lantern9.mandg.com lanternmg.mandg.com sp.analytics.yahoo.com www.facebook.com px.ads.linkedin.com www.google.co.in www.linkedin.com privacy-digital.mandg.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat wwwx.pruadviser.co.uk public.flourish.studio img.creator-prod.zmags.com cas.zma.gs images.getfastr.com getfastr.com zmags.com c.zmags.com mypru.pru.co.uk analytics.twitter.com fonts.gstatic.com mandg.videomarketingplatform.co report.23video.com delivery.twentythree.com www.fundslibrary.co.uk fcscdn.broadridge.com; media-src data: blob: mandg.scene7.com mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteintercept.qualtrics.com *.outbrain.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com connect.facebook.net img.en25.com snap.licdn.com fml-x.com assets.ceros.com media.ceros.com view.ceros.com www.mandg.com; script-src-elem 'self' 'unsafe-inline' pagead2.googlesyndication.com prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com img.en25.com connect.facebook.net snap.licdn.com s.yimg.com assets.ceros.com media.ceros.com view.ceros.com privacy-digital.mandg.com infogram.com prudential.distribution.team.prudential.co.uk public.flourish.studio cas.zma.gs getfastr.com zmags.com tr.outbrain.com wave.outbrain.com amplify.outbrain.com static.ads-twitter.com mandg.videomarketingplatform.co fml-x.com www.mandg.com fcscdn.broadridge.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mandg.scene7.com; style-src-elem 'self' 'unsafe-inline' prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com mandg.scene7.com use.typekit.net p.typekit.net prudential.distribution.team.prudential.co.uk cas.zma.gs mandg.videomarketingplatform.co fcscdn.broadridge.com; worker-src 'self' blob:; base-uri 'self'; upgrade-insecure-requests; report-uri /csp/log 4 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gammagroup.co *.leadinfo.net *.messengerpeople.com *.clarity.ms *.jsdelivr.net ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.cosoft.co.uk *.sopro.io *.cookiebot.com *.teads.tv teads.tv *.adnxs.com *.fullstory.com *.zi-scripts.com gstatic.com www.gstatic.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com wpmudev.com *.metadata.io metadata.io *.6sc.co *.wpengine.com *.youtube.com *.vimeo.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscta.net *.hs-analytics.net *.wistia.com *.wistia.net *.cloudfront.net *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.co.uk *.google.dk *.google.com *.googlesyndication.com *.doubleclick.net *.hotjar.com *.facebook.net *.twitter.com *.twimg.com *.litix.io *.yoast.com yoast.com *.clicktale.net *.cloudflare.com *.helpforsmartphone.com *.usemessages.com *.licdn.com *.linkedin.com *.pardot.com *.gamma.co.uk *.luckyorange.net *.luckyorange.com *.qualified.com *.ampproject.org *.bing.com *.nitrocdn.com nitropack.io nitroscripts.com *.mutinycdn.com *.adroll.com *.zoominfo.com *.clickagy.com; connect-src 'self' 'unsafe-inline' *.leadinfo.com *.leadinfo.net *.messengerpeople.com *.sinch.com *.msgp.pl api.ipify.org ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.clickagy.com *.clarity.ms *.bing.com *.bing.net facebook.com *.sopro.io *.googlesyndication.com *.cookiebot.com *.metadata.io metadata.io *.teads.tv teads.tv *.zi-scripts.com google.com noembed.com *.plyr.io *.linkedin.com *.sleeknote.com cdnjs.cloudflare.com fonts.googleapis.com images.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com wpmudev.com *.6sc.co *.fullstory.com *.mutinycdn.com *.mutinyhq.io *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.com *.google.co.uk *.google.fi *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.net *.litix.io *.yoast.com yoast.com ws.zoominfo.com wss://*.luckyorange.net wss://*.luckyorange.com *.luckyorange.net *.luckyorange.com wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ *.visitors.live *.socket.io *.qualified.com wss://*.qualified.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.apps.gamma.co.uk *.ampproject.org wss://*.visitors.live *.adnxs.com *.nitrocdn.com *.getnitropack.com nitropack.io nitroscripts.com; style-src 'self' 'unsafe-inline' data: sleeknotestaticcontent.sleeknote.com *.jsdelivr.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.twitter.com *.twimg.com *.qualified.com *.typekit.net *.nitrocdn.com; font-src 'self' data: fonts.gstatic.com sleeknotestaticcontent.sleeknote.com *.mutinycdn.com *.wpengine.com *.bootstrapcdn.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.slideshare.net *.slidesharecdn.com *.qualified.com *.typekit.net *.gamma.co.uk *.wearegamma.co.uk *.nitrocdn.com *.adroll.com; frame-src 'self' blob: data: 'unsafe-inline' clarity.microsoft.com *.googletagmanager.com *.statuspage.io *.gammagroup.co *.office.com *.circleloop.com *.cookiebot.com *.teads.tv *.maptive.com *.linkedin.com *.wpengine.com *.hsforms.com *.hsforms.net *.vimeo.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.twitter.com *.slideshare.net *.helpforsmartphone.com *.googlesyndication.com *.google.se *.google.com *.youtube.com *.hubspot.com *.qualified.com *.mobilethink.net *.instagram.com; child-src 'self' blob: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.slideshare.net *.qualified.com; media-src * blob: *.wpengine.com *.bing.net *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.akamaihd.net *.qualified.com *.sleeknote *.nitrocdn.com; object-src 'self' *.cloudfront.net; img-src 'self' data: blob: 'unsafe-inline' *.cookiebot.com *.clarity.ms *.clickagy.com claritystatic.blob.core.windows.net *.youtube.com i.ytimg.com *.teads.tv teads.tv *.adxns.com *.edkt.io sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com *.6sc.co *.mutinycdn.com *.wpengine.com *.wp.com *.yoast.com yoast.com *.cloudfront.net *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com google.com *.google.co.uk *.google.se *.google.ae *.google.nl *.google.es *.google.ie *.google.lv *.googleapis.com *.wpmudev.org *.adroll.com *.doubleclick.net *.hotjar.com *.akamaihd.net *.rubiconproject.com *.advertising.com *.facebook.com *.twitter.com *.twimg.com *.casalemedia.com *.outbrain.net *.outbrain.com *.pubmatic.net *.pubmatic.com *.taboola.net *.taboola.com *.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.digitru.st *.3lift.com *.adsymptotic.com *.rundsp.com *.bidr.io *.w55c.net *.adsrvr.org *.placelocal.com *.demdex.net *.nexac.com *.gravatar.com *.bing.com *.mathtag.com *.yume.com *.liadm.com *.exelator.com *.turn.com *.undertone.com *.tidaltv.com *.w.org *.everesttech.net *.pippio.com *.eyeviewads.com *.mxptint.net *.cardlytics.com *.ml314.com *.crwdcntrl.net *.simpli.fi *.addthis.com *.insightexpressai.com *.entitytag.co.uk *.rfihub.com *.adlucent.com qualified-production.s3.amazonaws.com *.qualified.com *.linkedin.com *.scatec.io *.nitrocdn.com *.nitropack.io *.getnitropack.com; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src data: *.zettagrid.com fonts.googleapi.com fonts.hsforms.com fonts.gstatic.com; form-action forms.hsforms.com *.zettagrid.com; frame-ancestors 'self' app.hubspot.com; frame-src 'self' 'unsafe-inline' https: zettagrid.com static.hsappstatic.net *.cloudfront.net www.redbubble.com forms.hsforms.com app.hubspot.com www.google.com *.vmware.com *.g.doubleclick.net *.zettagrid.com app.hubspot.com www.youtube.com *.googletagmanager.com; upgrade-insecure-requests 4 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 4 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 4 frame-ancestors 'self' https://cms.nextmedia.com.au; 4 default-src https://www.youtube-nocookie.com https://www.google.com/ https://storage.googleapis.com 'self'; connect-src wss://ws-eu.pusher.com wss://sage.kindly.ai https://ib.adnxs.com https://www.google.com https://f.clarity.ms https://www.clarity.ms https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://adressesok.posten.no https://cdn.jsdelivr.net https://in3.taskanalytics.com https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://utility.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://geocode.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://livestats.kaltura.com https://pagead2.googlesyndication.com https://klive.kaltura.com https://chat.kindlycdn.com https://bot.kindly.ai https://sage.kindly.ai https://ws-eu.pusher.com https://sockjs-eu.pusher.com https://storage.googleapis.com https://api.uxsignals.com 'self'; base-uri 'self'; form-action https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://sporing.posten.no https://tracking.qa.bring.com https://tracking.qa.bring.dk https://tracking.qa.bring.se https://sporing.qa.bring.no https://sporing.qa.posten.no wss://ws-eu.pusher.com wss://sage.kindly.ai 'self'; script-src https://f.clarity.ms https://www.clarity.ms https://unpkg.com https://cdnapisec.kaltura.com https://in3.taskanalytics.com https://cdnapi.kaltura.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://widget.trustpilot.com https://www.youtube.com https://chat.kindlycdn.com https://widget.uxsignals.com 'unsafe-inline' 'unsafe-eval' 'self'; frame-src https://www.google.com https://www.googletagmanager.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://www.gstatic.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com https://widget.trustpilot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com; object-src 'none'; img-src * data: blob:; style-src 'unsafe-inline' * ; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com https://storage.googleapis.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.fr https://www.google.es https://www.google.it https://www.google.nl https://www.google.com.au https://www.google.com.br https://www.google.co.jp https://www.google.co.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.hsforms.net https://cdnjs.cloudflare.com https://use.typekit.net https://cdn-app.pathfactory.com https://cdn.jsdelivr.net https://fast.wistia.com https://fast.wistia.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://www.googletagmanager.com https://browser.sentry-cdn.com https://bat.bing.com https://www.clarity.ms https://www.brighttalk.com https://js.qualified.com https://tracking.g2crowd.com https://static.oktopost.com https://js.adsrvr.org https://okt.to https://js.hubspot.com https://static.hsappstatic.net https://cdn.cookielaw.org https://snap.licdn.com https://a.quora.com https://www.redditstatic.com https://nitroscripts.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://connect.facebook.net https://j.6sc.co https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://cdn.dreamdata.cloud https://cdn.drda.io https://platform.twitter.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: blob: data: https://fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://p.typekit.net https://js.hs-analytics.net https://browser.sentry-cdn.com https://fast.wistia.com https://app.cdn.lookbookhq.com https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io/ https://job-boards.greenhouse.io/ fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: data: https://p.typekit.net https://cdnjs.cloudflare.com https://fast.wistia.com https://secure.gravatar.com https://forms.hsforms.com https://q.quora.com https://alb.reddit.com https://px.ads.linkedin.com https://forms-na1.hsforms.com https://cdn.cookielaw.org https://c.clarity.ms https://*.bing.com https://www.linkedin.com https://embed-ssl.wistia.com https://app.cdn.lookbookhq.com https://fast.wistia.net https://track.hubspot.com https://dev.visualwebsiteoptimizer.com https://plugin-updates.wpengine.com https://b.6sc.co https://www.facebook.com https://www.keyfactor.com https://px4.ads.linkedin.com https://s.w.org https://r4.visualwebsiteoptimizer.com https://cdn.pathfactory.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://pipedream.wistia.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://distillery.wistia.com https://fast.wistia.net https://js.hs-banner.com https://forms.hscollectedforms.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://geolocation.onetrust.com https://forms.hubspot.com https://*.clarity.ms https://jukebox.pathfactory.com https://privacyportal.onetrust.com https://fast.wistia.com https://embed-cloudfront.wistia.com https://dev.visualwebsiteoptimizer.com wss://ws.qualified.com https://app.qualified.com https://okt.to https://tracking.g2crowd.com https://tracking-api.g2.com https://exceptions.hubspot.com https://yoast.com https://nitropack.io https://www.google.com https://to.getnitropack.com https://pagead2.googlesyndication.com https://spcollector.pathfactory.com https://epsilon.6sense.com https://bat.bing.com https://connect.facebook.net https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://secure.adnxs.com https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io https://www.recaptcha.net https://js.hsforms.net https://google.com https://cdn.dreamdata.cloud https://r5.visualwebsiteoptimizer.com https://insight.adsrvr.org https://r6.visualwebsiteoptimizer.com wss://ws5.qualified.com https://www.facebook.com https://r4.visualwebsiteoptimizer.com https://fg8vvsvnieiv3ej16jby.litix.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com https://fast.wistia.com https://fast.wistia.net https://cdn-app.pathfactory.com https://cdn.pathfactory.com fonts.gstatic.com fonts.googleapis.com; media-src 'self' blob: https://app.qualified.com; frame-src 'self' https://fast.wistia.net blob: data: https://www.keyfactor.com https://www.brighttalk.com https://insight.adsrvr.org https://match.adsrvr.org https://td.doubleclick.net https://app.qualified.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://app.hubspot.com https://keyfactor.com http://keyfactorstage.wpenginepowered.com https://www.facebook.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; frame-ancestors 'self' ; 4 frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com app.hubspot.com youtube.com *.hsforms.com issuu.com *.typeform.com *.googletagmanager.com; object-src 'none';base-uri 'self' 4 manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 4 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://addtocalendar.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://graph.facebook.com https://www.linkedin.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.google.com.ua https://www.googletagmanager.com; font-src 'self' data: https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://www.google.com/ https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net; object-src 'self'; frame-src 'self' https://www.google.com https://docs.google.com https://youtube.com https://www.youtube.com https://www.facebook.com https://public.tableau.com; frame-ancestors 'none'; worker-src 'none'; form-action 'self'; base-uri 'none' 4 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net https://js.hs-scripts.com https://js.hs-analytics.net https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://script.crazyegg.com/ https://errors-tracking.crazyegg.com https://tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://compare.defaqto.com/ https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io *.bmw-motorrad-insurance.com https://*.bmw-motorrad-insurance.ie/ https://stapecdn.com https://cdnjs.cloudflare.com https://webchat.helpshift.com https://*.webchat.helpshift.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net https://*.youtube.com https://static.zdassets.com https://api.eu-1.smooch.io *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.tiktok.com/embed.js https://www.opinionstage.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://iframely.net/files/tiktok-embed.js https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://assets.adobedtm.com https://app.five9.eu *.cginsurance.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk *.bmw-motorrad-insurance.com *.wisedriving.com *.igo4.com https://cdnjs.cloudflare.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://atlantagroup.zendesk.com www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.lpsnmedia.net https://cdn.prod.uk.five9.net/ https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://bisil.sc.omtrdc.net/ https://app.five9.eu *.cginsurance.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://compare.defaqto.com/ https://webchat.helpshift.com https://*.webchat.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lo.shiftstatus.liveperson.net https://*.youtube.com https://t.maze.co/ https://www.opinionstage.com https://www.google.com https://cdn.prod.uk.five9.net/ https://bisil.demdex.net https://app.five9.eu *.cginsurance.com 'self'; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk *.lloydlatchford.co.uk *.igo4.com https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk *.wisedriving.com https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk wss://lo.msg.liveperson.net https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://ekr.zdassets.com https://mml1.zendesk.com https://bat.bing.com wss://api.eu-1.smooch.io www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://accdn.liveperson.net http://cfg.smct.io https://cdn.prod.uk.five9.net/ https://bisil.sc.omtrdc.net/ https://dpm.demdex.net/ https://bisil.tt.omtrdc.net https://app.five9.eu *.cginsurance.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://cdn.prod.uk.five9.net/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: https://www.google.com https://cdn.prod.uk.five9.net/ 'self' 4 frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: wss: *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: *; img-src * 'unsafe-inline' 'unsafe-eval' data: *; frame-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src * 'unsafe-inline' 'unsafe-eval' data: * 4 default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://www.avisonyoungproperty.co.uk https://cdn.jsdelivr.net https://*.sharplaunch.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com https://*.sharplaunch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net https://www.avisonyoungproperty.co.uk https://sdk.sharplaunch.com https://cdnjs.cloudflare.com https://maps.google.com https://realtyads.com https://www.onelink-edge.com https://link.edgepilot.com https://analytics.sharplaunch.com https://*.sharplaunch.com https://secure.smart-enterprise-52.com; img-src https: data: blob:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net https://app.powerbi.com https://realtyads.com https://api.mapbox.com https://videos.eventsquared.live https://www.googletagmanager.com https://aycamerchantblock.sharplaunch.com https://my.matterport.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io https://sdk.sharplaunch.com https://analytics.sharplaunch.com https://5igwwa7oi7.execute-api.us-east-1.amazonaws.com https://pagead2.googlesyndication.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4 script-src https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; worker-src blob: https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; 4 default-src 'self' 'unsafe-eval' https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://www.naha.ae https://www.gstatic.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com https://tamm.abudhabi https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://unpkg.com https://www.google-analytics.com https://tamm.abudhabi https://www.naha.ae https://naha.ae https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae http://w3.org https://httpbin.org https://directline.botframework.com https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://sandboxadmin.prioticket.com https://static.ads-twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://oc-cdn-ocuae-uae.azureedge.net https://cdn.jsdelivr.net oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://*.screenmeet.com https://edge.screenmeet.com wss://*.screenmeet.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.scrn.mt https://tamm-chatbot-prod.azurewebsites.net https://connect.facebook.net https://analytics.tiktok.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://static.tamm.abudhabi https://app-as.readspeaker.com https://mindrocketsapis.com https://www.gstatic.com https://mindrocketsinc.com https://js.arcgis.com https://translate.google.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://maiyar.qcc.gov.ae https://schdmngr.tamm.abudhabi https://myland.dmt.gov.ae https://recaptcha.net https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi blob:; connect-src 'self' wss://pub-csm-plce-01-t.trouter.skype.com wss://pub-csm-plce-02-t.trouter.skype.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com wss://trouter-azsc-euno-0-a.trouter.skype.com https://trouter-azsc-euno-0-b.trouter.skype.com https://adda-chatbot-r2-prod.azurewebsites.net https://*.omnichannelengagementhub.com https://ProdCRM-APIM.tammcrm.abudhabi.ae/ wss://trouter-azsc-ukwe-0-b.trouter.skype.com wss://trouter-azsc-ukwe-0-a.trouter.skype.com wss://trouter-azsc-euno-0-b.trouter.skype.com wss://trouter-azsc-asse-0-b.trouter.skype.com wss://trouter-azsc-asse-0-a.trouter.skype.com https://adda-bot-preprod.azurewebsites.net/api https://PreprodCRM-APIM.tammcrm.abudhabi.ae https://*.communication.azure.com https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.skype.com/* https://*.trouter.skype.com https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://cdn.botframework.com/botframework-webchat https://ocsdk-prod.azureedge.net8 https://*.service.signalr.net https://ecs.office.com https://browser.pipe.aria.microsoft.com https://oc-cdn-ocprod.azureedge.net/livechatwidget https://cdn.botframework.com/botframework-webchat wss://trouter2-azsc-sece-8-a.trouter.teams.microsoft.com wss://trouter2-azsc-euno-4-b.trouter.teams.microsoft.com wss://trouter2-azsc-euwe-2-a.trouter.teams.microsoft.com https:; 4 object-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 4 default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors 'self' http://localhost:4200 https://cloudplayer.green-solutions.com; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net *.googleoptimize.com cdn.jsdelivr.net static.ads-twitter.com snap.licdn.com *.googleadservices.com *.outbrain.com *.usabilla.com googleads.g.doubleclick.net analytics.twitter.com cdn.hypemarks.com www.gstatic.com unpkg.com cdn.gbqofs.com c.lytics.io cdn.cookielaw.org addtocalendar.com d3js.org *.qualtrics.com *.ckeditor.com *.gigya.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com cdn.jsdelivr.net *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.nestlepurinacareers.com *.nestlejobs.com unpkg.com *.cloudfront.net *.usabilla.com addtocalendar.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com stats.g.doubleclick.net ade.googlesyndication.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com nova.collect.igodigital.com *.facebook.com www.google.co.in *.outbrain.com *.cloudfront.net *.ads.linkedin.com *.googletagmanager.com t.co p.adsymptotic.com analytics.twitter.com cdn.cookielaw.org c.lytics.io *.cloudfront.net *.usabilla.com *.google.com cdn.jsdelivr.net app.bowencraggs.com *.staticflickr.com blob: *.qualtrics.com *.gigya.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.doubleclick.net *.facebook.com *.google.com cdn.hypemarks.com *.cloudfront.net *.usabilla.com *.q4web.com app.tintup.com *.googletagmanager.com *.qualtrics.com *.gigya.com; frame-ancestors 'self'; child-src 'self' blob: static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.cloudfront.net *.usabilla.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com collect.analyze.ly secure-ds.serving-sys.com bam.nr-data.net *.g.doubleclick.net cdnjs.cloudflare.com pagead2.googlesyndication.com *.linkedin.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.cookielaw.org *.nestlepurinacareers.com https://olivia.paradox.ai unpkg.com *.google.com report.nestle.gbqofs.io wss://ws.paradox.ai *.tintup.com *.us-east-1.amazonaws.com *.cloudfront.net *.usabilla.com maps.googleapis.com addtocalendar.com cdn.jsdelivr.net cdns.us1.gigya.com accounts.us1.gigya.com github.com login.es-test.factory.nestle.com endpoint-nestle-dev.cognigy.cloud js.adsrvr.org accounts.eu1.gigya.com login.ar-test.factory.nestle.com *.recaptcha.net *.googletagmanager.com *.googlesyndication.com *.qualtrics.com *.gigya.com; upgrade-insecure-requests 4 frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* http://* data:; style-src 'self' 'unsafe-inline' https://* http://* data:; font-src 'self' https://* http://* data:; object-src 'self'; 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 4 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' blob: data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob: https:; frame-src 'self' https:; child-src 'self' blob: 4 frame-ancestors 'self' https://*.sprxcms.com https://*.tiarccms.co.uk https://*.sparxvr.com https://*.sprxvr.com https://*.web.app; 4 default-src 'self'; script-src 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; img-src 'self' www.google-analytics.com; 4 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; worker-src 'self' blob:; frame-ancestors https://create.netlify.com; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.de https://www.google.fr https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com https://*.googlesyndication.com https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com https://loyal-lyrebird.cloudvent.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://exch.dehaagsehogeschool.nl https://exch.thuas.com; font-src 'self' data: https://script.hotjar.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://fonts.gstatic.com https://exch.dehaagsehogeschool.nl https://exch.thuas.com; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://*.googlesyndication.com https://*.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com https://www.googleadservices.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 4 default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; worker-src blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 frame-ancestors 'self' *.betssongroupaffiliates.com 4 frame-ancestors https://viega.showpad.biz; 4 base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 4 default-src 'self' *.crazyegg.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.salesforce-sites.com *.iesnare.com *.typekit.net https://www.youtube.com/iframe_api https://cdn.jsdelivr.net/npm/ https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.pricespider.com *.mapbox.com *.force.com *.salesforceliveagent.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.cookielaw.org *.doubleclick.net *.crazyegg.com *.trackjs.com *.yimg.com *.bing.com *.amazon-adsystem.com *.adsrvr.org unpkg.com *.youtube.com *.googleoptimize.com *.google.co.in *.pinimg.com *.juicer.io *.cloudflare.com *.commerce-connector.com api.fouanalytics.com *.outbrain.com *.paa-reporting-advertising.amazon *.pinterest.com dnsl4xr6unrmf.cloudfront.net s3.amazonaws.com api.b2c.com cdn.commoninja.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.salesforce-sites.com *.typekit.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.pricespider.com *.mapbox.com *.force.com *.bazaarvoice.com *.salesforce.com *.googletagmanager.com *.typography.com *.cloudfront.net *.myfonts.net *.juicer.io *.crazyegg.com https://cdn.fonts.net cdnjs.cloudflare.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: d3f8e2yx8gxglk.cloudfront.net d1q11op77por1a.cloudfront.net *.azureedge.net *.typekit.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.gpdigital.biz *.pricespider.com *.bazaarvoice.com https://d3f8e2yx8gxglk.cloudfront.net https://d1q11op77por1a.cloudfront.net www.google.com *.yahoo.com *.bing.com *.trackjs.com *.ytimg.com *.googletagmanager.com *.cookielaw.org *.google.co.in *.pinterest.com *.juicer.io juicer.io *.commerce-connector.com https://ad.doubleclick.net fa.aidemsrv.com s3.amazonaws.com *.crazyegg.com *.commoninja.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net *.cloudfront.net *.juicer.io *.pricespider.com cdnjs.cloudflare.com s3.amazonaws.com/com.offerpop.services.media/images/media/66a91bfbcd60f5067090b95a/66b0de2242a5ca055ca49f2a.woff2 s3.amazonaws.com/com.offerpop.services.media/images/media/66a91bfbcd60f5067090b95a/66b0de93358a6d041a745c7b.woff2 s3.amazonaws.com/com.offerpop.services.media/images/media/66a91bfbcd60f5067090b95a/66b0deb748b55005df151455.woff2 s3.amazonaws.com/com.offerpop.services.media/images/media/66a91bfbcd60f5067090b95a/66b0e140492fe104090ceab3.woff2; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.qpleshq.com *.vimeo.com *.youtube.com *.force.com *.mapbox.com *.bazaarvoice.com *.salesforce.com *.pricespider.com *.google-analytics.com *.amazon-adsystem.com *.googletagmanager.com *.adsrvr.org *.facebook.com *.doubleclick.net *.pinterest.com *.crazyegg.com *.commoninja.com *.tiktok.com d3f8e2yx8gxglk.cloudfront.net d1q11op77por1a.cloudfront.net *.performlt.com/; connect-src 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.bazaarvoice.com *.force.com *.pricespider.com *.mapbox.com wss: *.yimg.com *.crazyegg.com *.sitefinity.com *.trackjs.com *.doubleclick.net *.facebook.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.salesforce-sites.com https://*.fouanalytics.com *.bing.com *.googleoptimize.com *.google.co.in *.pinterest.com *.juicer.io *.google.com *.commerce-connector.com *.cpg.gp.com api.fouanalytics.com *.outbrain.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.wyng.com *.commoninja.com; media-src 'self' data: blob: *.azureedge.net https://d3f8e2yx8gxglk.cloudfront.net https://d1q11op77por1a.cloudfront.net https://cpg-qa.sitefinity.cloud https://cpg-aut.sitefinity.cloud https://cpg.sitefinity.cloud https://www.juicer.io; child-src 'self' blob:; frame-ancestors 'self' *.salesforce.com 4 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https:; media-src https:; frame-ancestors 'self' 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://*.ladesk.com https://libs.smartico.ai https://*.cloudfront.net https://*.daktela.com https://*.coworkers.ai https://secure.payu.com/javascript/sdk https://secure.snd.payu.com/javascript/sdk https://*.adform.net undefined; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.smartico.ai https://*.cloudfront.net undefined; font-src 'self' data: https://fonts.gstatic.com https://*.smartico.ai https://*.cloudfront.net undefined; img-src 'self' https: data: http://c.seznam.cz undefined; connect-src 'self' https: wss: undefined; frame-src 'self' https: https://*.smartico.ai https://*.cloudfront.net undefined; object-src 'none'; 4 frame-ancestors 'self'; img-src *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; default-src *.doubleclick.net 'self'; script-src https://*.googletagmanager.com 'self' *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src https://fonts.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; connect-src https://*.googletagmanager.com 'self' *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com https://analytics.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src *.frontify.com *.cloudinary.com 'self'; child-src 'self' *.frontify.com cloudinary.com *.cloudinary.com 4 default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 4 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'self' https://brita-int.ff360.de 4 frame-ancestors self; report-uri /cspvr 4 script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' publish-p53544-e423795.adobeaemcloud.com publish-p53544-e423852.adobeaemcloud.com s7.addthis.com j.6sc.co www.googletagmanager.com secure.ship7oven.com z.moatads.com m.addthis.com player.vimeo.com v1.addthisedge.com go.prounlimited.com documentcloud.adobe.com www.google-analytics.com ajax.cloudflare.com www.google.com www.gstatic.com www.googleadservices.com platform.twitter.com munchkin.marketo.net static.ads-twitter.com static.ads-twitter.com snap.licdn.com cdn.jsdelivr.net documentservices.adobe.com static.hotjar.com script.hotjar.com assets.adoberesource.net assets.adoberesources.net privacyportalde-cdn.onetrust.com *.d41.co tracking.intentsify.io acrobatservices.adobe.com *.rlcdn.com *.onetrust.com *.cookielaw.org *.usbrowserspeed.com 4 frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 4 default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4 frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com; font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com https://*.auth0.com https://*.copayassist-auth.com blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.auth0.com https://*.copayassist-auth.com https://td.doubleclick.net https://www.googletagmanager.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; worker-src 'self' blob: 4 img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 4 child-src 'self' secure.rnstg.com secure.rewardsnetwork.com; connect-src 'self' *.googlesyndication.com *.googleapis.com *.gstatic.com *.googletagservices.com *.googleadservices.com *.google-analytics.com securepubads.g.doubleclick.net stats.g.doubleclick.net wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.stripe.com *.yimg.com; default-src 'self' *.googlesyndication.com; font-src 'self' data: *.gstatic.com *.zopim.com https://*.hotjar.com; form-action 'self'; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com *.google.com *.googlesyndication.com *.googleapis.com *.googletagservices.com *.googleadservices.com *.doubleclick.net https://*.hotjar.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com form.typeform.com youtube.com www.youtube.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com http://localhost capacitor://localhost; img-src 'self' data: media.rewardsnetwork.com https://apple-resources.s3.amazonaws.com *.ggpht.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com cdn.buttercms.com res.cloudinary.com *.doubleclick.net stats.g.doubleclick.net seal-chicago.bbb.org *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com *.facebook.com *.yahoo.com; media-src 'self' cdn.buttercms.com res.cloudinary.com *.zdassets.com ; object-src 'self' media.rewardsnetwork.com res.cloudinary.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com res.cloudinary.com *.doubleclick.net cdn.ampproject.org seal-chicago.bbb.org assets.adobedtm.com assets.zendesk.com *.zopim.com *.zdassets.com https://*.hotjar.com *.facebook.net https://*.js.stripe.com https://js.stripe.com embed.typeform.com *.yimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.hotjar.com cloud.typography.com embed.typeform.com; 4 child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net vimeo.com https: consentcdn.cookiebot.com consent.cookiebot.com; default-src 'self' https:; font-src data: 'self' https: *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https: consentcdn.cookiebot.com consent.cookiebot.com; img-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'wasm-unsafe-eval' 'self' https: www.googletagmanager.com *.hsforms.net vimeo.com *.vimeocdn.com player.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com; style-src data: 'unsafe-inline' 'self' https: *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https:; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 4 default-src https: http: wss: 'self' data: 'unsafe-inline' blob:; 4 frame-ancestors 'self' *.11freunde.de *; 4 default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 4 script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' https://www.googletagmanager.com 'unsafe-inline' https://cdn.moengage.com/ https://www.gstatic.com https://static.hotjar.com https://www.google-analytics.com https://script.hotjar.com https://js.monitor.azure.com 'unsafe-eval' https://www.google.com/ data: https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://cse.google.com/ https://www.googleapis.com https://www.youtube.com https://cdn-apac.onetrust.com/ https://www.instagram.com/ https://www.googleadservices.com/ https://cdnjs.cloudflare.com https://unpkg.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://app-cdn.moengage.com/; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://unpkg.com/flickity@2/dist/flickity.min.css https://unpkg.com/flickity-fade@1/flickity-fade.css https://embed.tawk.to/ https://use.typekit.net https://p.typekit.net/ https://cdn.moengage.com/ https://app-cdn.moengage.com/ https://fonts.bunny.net/; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: https://www.google.com.my https://gleneagles.com.my/ https://www.googletagmanager.com/ https://www.facebook.com/ https://www.google.com/ https://www.google.com.sg https://clients1.google.com/ https://script.hotjar.com/ https://i3.ytimg.com/ https://i.ytimg.com/ https://www.google-analytics.com/ https://ad.doubleclick.net/ https://cdn-apac.onetrust.com/ https://googleads.g.doubleclick.net https://embed.tawk.to/ https://cdn.jsdelivr.net/ https://cdn-assets-eu.frontify.com/ https://gleneagles-staging.vintedge.com/ https://cdn.shopify.com/ https://d15k2d11r6t6rl.cloudfront.net/ https://moe-email-campaigns.s3.amazonaws.com/ https://image.moengage.com/; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' https://ask.hotjar.io https://in.hotjar.com https://analytics.google.com https://sdk-01.moengage.com wss://localhost:44355/IHHHealthcare https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://vc.hotjar.io/ https://gleneagles.com.my/ https://customsearch.googleapis.com/ https://surveystats.hotjar.io/ https://www.youtube.com https://adservice.google.com/ https://cdn-apac.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-apac.onetrust.com/ https://www.google.com/ https://www.google.com.sg https://google.com https://va.tawk.to/ wss://*.tawk.to/ https://embed.tawk.to/ https://upload.tawk.to/ https://api.healthhub.sg https://parkway.fleetnexg.co https://sdk-01.moengage.com/ https://sdk-02.moengage.com/ https://sdk-03.moengage.com/ https://sdk-04.moengage.com/; default-src 'self'; media-src 'self'; font-src data: 'self' https://cdnjs.cloudflare.com/ https://script.hotjar.com/ https://fonts.gstatic.com https://cdn.jsdelivr.net/ https://embed.tawk.to/ https://use.typekit.net/ https://fonts.bunny.net/; frame-src 'self' https://td.doubleclick.net https://hms.gleneagles.hk https://www.google.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.youtube.com/ https://ghk-pilot.hms.local/ https://testserver-2364b.web.app/ https://pantaiproject-db504.web.app/ https://pantai-3d---orthopaedic.web.app/ https://pantai-3d---paediatrics.web.app/ https://pantai-3d---obgyn.web.app https://asiapano.com/vr/hospitals/pcmc/ https://www.insage.com.my/ https://player.vimeo.com/ https://insage.com.my/ https://gleneagles-3d---orthopaedic.web.app/ https://gleneagles-3d---obgyn.web.app/ https://gleneagles-3d---paediatrics.web.app/ https://heartsimulation.web.app/ https://5488992.fls.doubleclick.net/ https://www.instagram.com/ https://simulate-volcano.web.app/ https://www.googletagmanager.com/ https://fast.wistia.net/embed/iframe/50ueave7jo https://youtu.be/ https://parkway-click-to-chat.nubitel.io/ https://pwlabssg-staging.vintedge.com/ https://www.parkwaylabs.com.sg/ https://cdn.moengage.com/ https://ihhmy.listedcompany.com/ 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 4 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://one-time-offer.com https://cashbackprog.completesavings.co.uk 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 4 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 4 'self' *.model-t.cc.commerce.ondemand.com 4 block-all-mixed-content; frame-ancestors 'self' https://bots.getskitickets.com; 4 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://public.flourish.studio/resources/embed.js https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://t.teads.tv https://l.teads.tv https://ade.googlesyndication.com https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com https://public.flourish.studio https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://www.googletagmanager.com https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://flo.uri.sh/ https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://maersk-designsystem.azureedge.net https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://login.microsoftonline.com https://t.teads.tv https://cm.teads.tv https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com https://*.razorpay.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://*.kampyle.com https://*.medallia.eu; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv blob:; 4 default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.trustarc.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' *.juspay.in assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com *.yellowmessenger.com *.limechat.ai tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com *.trustarc.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.primeai4.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com https://c.amazon-adsystem.com/ *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.juspay.in *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net *.limechat.ai wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io https://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.trustarc.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in https://integration.richrelevance.com/* https://integration.richrelevance.com https://recs.richrelevance.com/* https://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in *.limechat.ai *.crazyegg.com *.streamoid.com *.trustarc.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com *.elastic-cloud.com *.scene7.com *.trustarc.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com tr.snapchat.com *.juspay.in *.paytm.in afftracer.g2afse.com *.limechat.ai tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.trustarc.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 default-src 'self' https: ws:; script-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.siteintercept.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.api.cpigateway.com *.creditsystem.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.siteintercept.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.api.cpigateway.com *.creditsystem.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.siteintercept.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.api.cpigateway.com *.creditsystem.com; 4 default-src 'self'; script-src 'self' 'nonce-6cf7eecb-811d-4899-9a13-01a504c8c8cf' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-6cf7eecb-811d-4899-9a13-01a504c8c8cf' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 4 upgrade-insecure-requests;report-to default; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si www.intersport.hr www.intersport.ba www.intersport.rs www.intersport.me intersport.si preview.ssgtm.intersport.si ssgtm.intersport.si appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com apple-pay-gateway.apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr cpx.smind.rs chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com pagead2.googlesyndication.com region1.google-analytics.com td.doubleclick.net cm.g.doubleclick.net firebaseinstallations.googleapis.com rt.udmserve.net cdn.fibbl.com api.fibbl.com m.cdn.fibblar.com i.cdn.fibblar.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 4 frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 4 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: 'self' data: cdn.honey.io www.mheducation.co.uk assets.merci-app.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.bunny.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com shopping.qantas.com www.mhprofessional.com *.wistia.com player.flipsnack.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.mheducation *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.mheducation *.weltpixel.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.vidyard.com *.mheducation.com cloud.3dissue.net player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.hsforms.net *.hsforms.com 'self' data: www.google.de adservice.google.com analytics.twitter.com app-sj01.marketo.com asia-s3-mhe-prod.s3.amazonaws.com cdn.honey.io cdn3.iconfinder.com co1.qualtrics.com covers.mhedu.com ecommerce.payulatam.com fonts.gstatic.com i.pinimg.com info.mheducation.com learn.mheducation.com log-papago.naver.com m.media-amazon.com mheducation-mea.github.io mhp-assets.s3.amazonaws.com px4.ads.linkedin.com region1.google-analytics.com simplesharebuttons.com siteintercept.qualtrics.com spain-s3-mhe-prod.s3.amazonaws.com t.co translate.google.com www-mheducation-ca.ezpminer.urmc.rochester.edu www.accessengineeringlibrary.com www.facebook.com *.google.co.uk www.linkedin.com www.mheducation.ca www.mheducation.com www.mheducation.es asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com canada.p.ctidigital.com cdn.vidyard.com connect.facebook.net image.flaticon.com ir-in.amazon-adsystem.com latam-s3-mhe-prod.s3.eu-west-1.amazonaws.com login.dotomi.com media.msg.dotomi.com mhp-assets.s3.eu-west-1.amazonaws.com play.vidyard.com region1.analytics.google.com static.thenounproject.com ws-in.amazon-adsystem.com ad.doubleclick.net betterresearch.com canada.pre-prod.ctidigital.com ssl.google-analytics.com www.mheducation.co.in www.mhprofessional.com cdn.cookielaw.org cloud.3dissue.net fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com unpkg.com analytics.tiktok.com connect.facebook.net munchkin.marketo.net script.hotjar.com static.hotjar.com tools.luckyorange.com ucads-cdn.ucweb.com app-sj01.marketo.com gateway.zscalerone.net info.mheducation.com learn.mheducation.com nd3n4.m70vee7.com play.vidyard.com siteintercept.qualtrics.com static.ads-twitter.com code.jquery.com sleeknotecustomerscripts.sleeknote.com wsc2e.ez05w7r.com iframely.net www.google.com 4ddons.com 7896543.s3.amazonaws.com cdnjs.cloudflare.com ssl.google-analytics.com www.ili.ir www.mhprofessional.com www.pagespeed-mod.com cdn.cookielaw.org app-sjqe.marketo.com *.siteintercept.qualtrics.com *.payulatam.com *.cloudflare.com fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com tagmanager.google.com app-sj01.marketo.com cdn.honey.io info.mheducation.com learn.mheducation.com fonts.bunny.net www.mhprofessional.com fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; object-src info.mheducation.com player.flipsnack.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com content.studysync.com mhp-assets.s3.amazonaws.com spain-s3-mhe-prod.s3.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com cloud.3dissue.net/14552/14572/14643/88645/index.html fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.payulatam.com 128-sjw-347.mktoresp.com 128-sjw-347.mktoutil.com 303-fkf-702.mktoresp.com 303-fkf-702.mktoutil.com ad.doubleclick.net adservice.google.com api-preview.luckyorange.com centinelapi.cardinalcommerce.com csmetrics.hotjar.com geolocation.onetrust.com gjtrack.ucweb.com kg668dbov0.execute-api.us-east-1.amazonaws.com metrics.hotjar.io play.vidyard.com plugin.ucads.ucweb.com privacyportal.onetrust.com pubsub.googleapis.com region1.analytics.google.com settings.luckyorange.com siteintercept.qualtrics.com translate.googleapis.com vc.hotjar.io wedata.net ws2.hotjar.com www.facebook.com www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com www.google.com.ar www.google.com.au www.google.com.bh www.google.com.co www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.cz www.google.de www.google.es www.google.gr www.google.hn www.google.hr www.google.it www.google.nl www.google.ru www.google.se analytics.tiktok.com cdn.linkedin.oribi.io content.hotjar.io realtime.luckyorange.com writer.cardinalcommerce.com ws.hotjar.com ws25.hotjar.com www.google.com.eg www.google.com.tw www.google.ie www.google.ro subwayblaze.com www.mhprofessional.com cdn.cookielaw.org wss://ws.hotjar.com *.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com play.vidyard.com player.flipsnack.com *.wistia.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net *.worldchangers.reviews *.guildgiving.org wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net *.googletagmanager.com www.gstatic.com *.cherrycreekcolorado.com *.artisanhomeloans.com *.pentrustmortgage.com *.viewmortgage.com *.bellcohomeloans.com *.betterbuiltmortgage.com *.loansbyjohnny.com *.beauknowsmortgages.com *.smartmortgage.com *.wholesale.com; 4 default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 4 frame-ancestors 'self' https://*.ariba.com https://*.in8suite.com https://*.extforms.netsuite.com https://*.jm.com https://*.na.jm.com:44300 https://solutions.sciquest.com https://*.na.jm.com:50001 4 default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: 4 default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 4 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.oct8ne.com https://widgets.trustedshops.com https://fonts.gstatic.com use.fontawesome.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com *.oct8ne.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.googletagmanager.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.etrusted.com *.retailrocket.net *.facebook.net *.facebook.es eu1-doofinderuser.s3.amazonaws.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com cdn.datamanager.arinet.com partstream.arinet.com cdn.doofinder.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.facebook.net *.bing.com *.googlesyndication.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.trustedshops.com/ connect.facebook.net bat.bing.com *.retailrocket.net *.facebook.com *.facebook.es *.klarna.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com services.arinet.com partstream.arinet.com use.fontawesome.com cdn.doofinder.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.etrusted.com *.trustedshops.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://fonts.googleapis.com use.fontawesome.com partstream.arinet.com *.doofinder.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.cookiebot.com *.googlesyndication.com *.bing.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.retailrocket.net *.facebook.net *.facebook.com *.facebook.es *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.doofinder.com wss://*.doofinder.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.snaping.net https://statique.snaping.net https://statique-ca.snaping.net https://static-fr.snaping.net https://static-ca.snaping.net https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.google-analytics.com https://securionpay.com https://optimize.google.com https://*.dplads.com https://*.zdassets.com https://apis.google.com https://js.stripe.com https://cdn.amplitude.com https://js.dev.shift4.com https://api.shift4.com; base-uri 'self'; 4 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 4 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://fonts.gstatic.com *.fontawesome.com *.tawk.to fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors https://*.ebikebatterij.be ebikebatterij.be self https: 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.cookiebot.eu *.googletagmanager.com *.e-bikeaccu.nl *.youtube-nocookie.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com *.tawk.to *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.roeye.com *.bing.com *.bing.net *.clarity.ms *.google-analytics.com *.taggrs.io *.usercentrics.eu www.google.at www.google.be www.google.ch www.google.de www.google.dk www.google.fr www.google.nl https://images.unsplash.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.bing.com *.clarity.ms *.cookiebot.eu *.e-bikeaccu.nl *.hotjar.com https://maps.googleapis.com https://polyfill-fastly.io https://browser.sentry-cdn.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com js.mollie.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.tawk.to 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.doubleclick.net *.googlesyndication.com *.bing.com *.bing.net *.clarity.ms *.cookiebot.eu *.e-bikeaccu.nl google.com https://maps.googleapis.com https://player.vimeo.com https://*.ingest.sentry.io https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ t.elasticsuite.io *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://5de32046-2e48-41d3-a0ae-6c7f33153622.sansec.watch/; report-to report-endpoint; 4 frame-src https: 4 upgrade-insecure-requests; script-src ‘self’; form-action ‘self’; frame-ancestors ‘self’; SameSite=Strict 4 frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 4 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 4 default-src * data: mediastream: blob: wss: 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'none' 4 frame-ancestors https://dgbuilder.io http://dgbuilder.io 4 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https: https://rp-static.com https://r.rp-static.com; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; connect-src 'self' https: wss: https://rp-static.com https://r.rp-static.com; default-src 'self'; frame-src 'self' https:; media-src 'self' https:; worker-src 'self' blob: https:; 4 default-src * data: 'unsafe-inline' blob:; frame-ancestors 'self' https://goflo.nl; img-src * data: blob: 4 frame-ancestors https://lk.udpauto.ru https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4 base-uri 'self'; default-src 'self'; img-src 'self' https://api.ingmarkets.com https://cdn.ingmarkets.nl www.googletagmanager.com matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com data: www.ingwb.com abmfn.com ingsprinters01.wt-eu02.net fbc.wcfbc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com responder.wt-safetag.com matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; connect-src ws: 'self' https://api.ingmarkets.com http://cms-service:5001/graphql https://ingfm-quoteproxy.v-i.nl https://www.ingmarkets.nl matomo.ing.cloudops.it *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self'; frame-ancestors 'self'; frame-src 'self' www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; report-to https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; worker-src blob: 'self'; upgrade-insecure-requests; 4 frame-ancestors 'self' https://school.novakidschool.com 4 frame-ancestors *; report-uri /log/csp-violation 4 default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4 'self' https://ajax.googleapis.com 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' * 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval' cdn.kustomerapp.com ; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net:* https://connect.facebook.net:* https://cdn.userway.org:* https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com:* https://cdn.gtranslate.net:* https://static.hotjar.com:* https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/jquery.inputmask.bundle.js https://wchat.freshchat.com/js/widget.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://code.jquery.com/ui/1.11.0/jquery-ui.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/inputmask/phone-codes/phone.js *.google.com *.gstatic.com https://code.jquery.com/jquery-1.8.3.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/jquery-ui.min.js https://www.google-analytics.com/analytics.js *.googletagmanager.com cdn.kustomerapp.com ; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fonts.googleapis.com *.bootstrapcdn.com:* *.fonts.googleapis.com:* https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://rawgit.com https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css cdn.kustomerapp.com https://*.gstatic.com:* https://cdn.userway.org:*; object-src 'self' cdn.kustomerapp.com ; base-uri 'self' cdn.kustomerapp.com ; connect-src * 'self' data: cdn.kustomerapp.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com cdn.kustomerapp.com https://cdn.userway.org:*; frame-src * 'self' https://vars.hotjar.com https://maps.google.com/ https://app.powerbi.com/ https://www.youtube.com/ cdn.kustomerapp.com *.google.com; img-src 'self' https://cdn.userway.org:* cdn.kustomerhostedcontent.com https://www.google-analytics.com:* https://cdn.gtranslate.net:* https://www.facebook.com:* https://connect.facebook.net:* https://script.hotjar.com:* data: cdn.kustomerapp.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; manifest-src 'self' cdn.kustomerapp.com https://cdn.userway.org:*; media-src * 'self' 4 frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 4 font-src portal.bulkgate.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com youtu.be *.vimeo.com *.addthis.com *.meetanshi.com www.googletagmanager.com *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io portal.bulkgate.com https://files.zakeke.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: https://firebasestorage.googleapis.com https://www.magezon.com meetanshi.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com cdn.r2.zakeke.com im9.cz *.foxentry.cz *.cloudfront.net *.clarity.ms *.vsetkonamobil.sk *.google.sk *.bing.com *.emjcd.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.meetanshi.com connect.facebook.net *.googletagmanager.com *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com *.foxentry.cz *.im9.cz *.freshchat.com *.freshworks.com *.mczbf.com *.clarity.ms *.luigisbox.com *.cloudfront.net *.bing.com *.tiktok.com *.seznam.cz www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.foxentry.cz *.freshworks.com *.luigisbox.com *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com static.cloudflareinsights.com *.foxentry.cz *.freshchat.com *.freshworks.com *.mczbf.com *.luigisbox.com *.clarity.ms *.jsdelivr.net *.doubleclick.net *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src zbozi.cz *.zbozi.cz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.cloudsend.pro https://api.customer-core.sky-services.cc https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 4 report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' apis.roblox.com roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com; img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com; connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com; 3 default-src 'none'; script-src 'self' 'sha256-qcMXZ/ErgDG9p2Htysz9era6iflv8JXya41zOY0slSc=' 'sha256-ydM8qJ+T0Nd7adK8t34/cs0GvvCG0JBujCWzV3uML8E=' 'sha256-TzTXRDJBcbY1qVQheGb/4iSGqKPqCg6XVoerYf5BYMY=' embed.cloudflarestream.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; font-src fonts.gstatic.com; connect-src 'self' 1.1.1.1 1.0.0.1 *.cloudflare-dns.com *.help.every1dns.net; frame-src embed.cloudflarestream.com; manifest-src 'self' 3 default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com https://www.google-analytics.com ; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com http://localhost:* https: https://applovin.com *.hubspot.com *.hsforms.net *.hubspotusercontent.com; style-src * 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https: https://applovin.com *.fonts.net; img-src 'self' data: blob: https: http: *.hubspotusercontent.com *.hubspotusercontent-na1.net * https://applovin.com https://storage.googleapis.com; font-src 'self' data: https: * https://applovin.com; connect-src 'self' https: http: ws: wss: *.hubspot.com *.hsforms.com; media-src 'self' blob: https: *.hubspotusercontent-na1.net; frame-ancestors 'self' https://*.al-array.com https://*.arrayengine.com; frame-src 'self' https: *.hsforms.com; form-action 'self' https:; base-uri 'self'; worker-src 'self' blob:; object-src 'self' https: data: *.hubspotusercontent-na1.net https://storage.googleapis.com; 3 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 3 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://checkout.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 3 default-src 'self'; object-src 'self' *.cdn.datatables.net cdn.datatables.net; connect-src 'self' *.mikrotik.com *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com chatwith.tools; style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com; img-src 'self' data: *.mikrotik.com *.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com; frame-src 'self' *.mikrotik.com *.mt.lv youtu.be youtube.com www.youtube.com www.google.com chatwith.tools; font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; frame-ancestors 'self' *.mt.lv; 3 frame-ancestors 'self' *.grammarly.com 3 frame-ancestors 'self' *.cnbc.com https://cnbc.zendesk.com; 3 frame-ancestors https://pam.mcafee.com 3 frame-ancestors 'self' https://partner.tp-link.com https://partner-test.tp-link.com https://www.tapo.com https://*.store.tapo.com https://store.omadanetworks.com https://*.store.tp-link.com https://clarity.microsoft.com https://*.shopifypreview.com https://*.shopify.com https://*.myshopify.com https://*.shopifyapps.com 3 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/BgcMiscSites/cspreport/allowlist;worker-src blob: 'self' 3 frame-ancestors 'self' https://*.t-online.de; 3 block-all-mixed-content; default-src https://loc.gov/ https://*.loc.gov/ ; media-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ blob:; worker-src https://loc.gov/ https://*.loc.gov/ blob:; font-src https://loc.gov/ https://*.loc.gov/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ data:; img-src https://loc.gov/ https://*.loc.gov/ https://congress.gov/ https://*.congress.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://*.ssa.gov/ https://dpm.demdex.net/ https://cm.everesttech.net/ https://*.amazonaws.com data: blob:; connect-src https://loc.gov/ https://*.loc.gov/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://chat-us.libanswers.com/ https://thelibraryofcongress.tt.omtrdc.net/ https://dpm.demdex.net/ https://d3c605m4lmznjl.cloudfront.net/ https://*.s3.us-east-1.amazonaws.com/; style-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ https://assets.adobedtm.com/ https://*.ssa.gov/ 'unsafe-inline' blob:; script-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.arcgis.com/ https://*.arcgisonline.com/ https://webapps-cdn.esri.com/ https://ssl.p.jwpcdn.com/ https://assets.adobedtm.com/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://ajax.googleapis.com/ajax/libs/jquery/ https://*.ssa.gov/ https://s.ytimg.com/ 'unsafe-inline' 'unsafe-eval'; frame-src https://loc.gov/ https://*.loc.gov/ https://*.readspeaker.com/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://www.nlstalkingbooks.org/ https://unitedstateslibraryofcongress.demdex.net https://www.youtube-nocookie.com/; frame-ancestors https://loc.gov/ https://*.loc.gov/ https://*.blackbaudcdn.net/ https://*.blackbaud.com/ https://loc.libwizard.com/; report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 3 frame-ancestors 'self' https://aws.amazon.com *.pathfactory.com *.lookbookhq.com *.newrelic.com 3 frame-ancestors 'self' *.cox.net *.cox.com dcv2stg.wpengine.com discovercoxonline.com; 3 report-uri /v1/csplog; block-all-mixed-content 3 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net surveys-web.delighted.com p2a.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com *.cloudflarestream.com code.jquery.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io *.sentry.io browser-update.org *.tiktok.com *.bannerbear.com ads.nextdoor.com flask.nextdoor.com *.maze.co us-central1-niftic-agency.cloudfunctions.net/change-starter-image us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft us-central1-niftic-agency.cloudfunctions.net/openai/generate-image cdn.iframe.ly tiles.openfreemap.org a.tile.openstreetmap.org change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self'; frame-ancestors 'self' 3 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 3 base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://*.clarity.ms https://api-fra.livechatinc.com https://api.mapbox.com https://events.mapbox.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn https://*.synodev.com https://*.synology.com https://api.store-test.synology.com https://api.store.synology.com; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://api.mapbox.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://api.mapbox.com https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://unpkg.com 'nonce-d15e7843961ed4bfa3e08a80b882c74670e9e9347ea55325cbc1be93c7f54edc'; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://cdn.livechat-files.com https://api.mapbox.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3 default-src 'self' https://ara.paa-reporting-advertising.amazon/aat; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src 'self' https://*.netgear.com/; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3 frame-ancestors 'self' https://cms.apnews.com/ 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vercel.live https://vercel.live https://*.vercel-scripts.com https://*.posthog.com https://*.unifyintent.com https://*.cloudfront.net https://pro.ip-api.com https://*.liadm.com https://*.usbrowserspeed.com https://alocdn.com; style-src 'self' 'unsafe-inline' https://vercel.com; img-src 'self' data: https://vercel.com https://*.basehub.earth https://*.basehub.com https://*.workoscdn.com https://*.vercel.live https://vercel.com https://*.vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.posthog.com https://*.cursor.sh https://*.cursor.com https://*.unifyintent.com; font-src 'self' data: https://vercel.live; connect-src 'self' https://*.basehub.earth https://*.basehub.com https://*.workoscdn.com https://*.vercel.live https://vercel.com https://*.vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.posthog.com https://*.cursor.sh https://*.cursor.com https://*.unifyintent.com https://vercel.live https://*.pusher.com wss://*.pusher.com http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:* wss://localhost:* wss://127.0.0.1:* https://*.posthog.com https://unifyintent.com https://browser-intake-us5-datadoghq.com https://*.cloudfront.net https://pro.ip-api.com https://*.liadm.com https://*.usbrowserspeed.com https://alocdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com; media-src 'self' https://*.basehub.earth https://*.basehub.com https://*.workoscdn.com https://*.vercel.live https://vercel.com https://*.vercel-scripts.com https://*.pusher.com wss://*.pusher.com https://*.posthog.com https://*.cursor.sh https://*.cursor.com https://*.unifyintent.com; frame-src https://vercel.live https://www.youtube.com 3 connect-src * 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.cloudinary.com https://www.gstatic.com https://*.doubleclick.net https://*.criteo.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.snapchat.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googlesyndication.com https://*.googlesyndication.com https://akamai.tiqcdn.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' https://*.garmin.cn https://cdn.jsdelivr.net 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.realytics.io https://klear.com https://px.adentifi.com https://cdn-eu.realytics.net https://secure.adnxs.com https://p.teads.tv https://js.adsrvr.org https://tag.rmp.rakuten.com https://s.pinimg.com https://sc-static.net https://*.snapchat.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://members.cj.com http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com;img-src https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://*.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com;frame-src https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://player.bilibili.com https://gum.criteo.com https://static.criteo.net *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://*.googletagmanager.com https://*.doubleclick.net https://*.criteo.com https://insight.adsrvr.org https://*.snapchat.com;frame-ancestors https://pilotweb.garmin.com;default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 3 default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com *.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net *.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com cdn.cookielaw.org dimensions-art.cloudinary.net n902wcigxi.execute-api.us-east-1.amazonaws.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com cdn.cookielaw.org; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com cdn.cookielaw.org epsilon.6sense.com *.6sc.co *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com tracking-api.g2.com n902wcigxi.execute-api.us-east-1.amazonaws.com; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com demo.arcade.software *.googletagmanager.com *.doubleclick.net *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com; object-src 'none' 3 frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3 frame-ancestors https://*.poki.io http://localhost:1234 http://localhost:11001 http://localhost:8080/ 3 upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 3 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* https://*.ecestaticos.com www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org player.h-cdn.com 3 default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* *.facebook.com *.google.com *.gstatic.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com *.bga.li blob:; frame-src 'self' boardgamearena.com *.boardgamearena.com:* *.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com td.doubleclick.net *.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; 3 style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in https://lms.bgauss.com; 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.awin1.com *.clicktale.net *.contentsquare.net *.contentsquare.com *.demdex.net *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.ie *.google-analytics.com *.lpsnmedia.net *.liveperson.net *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.optimizely.com *.qualtrics.com *.snapchat.com *.tvsquared.com *.intercom.io *.intercomcdn.com *.kampyle.com *.medallia.eu *.paa-reporting-advertising.amazon *.yimg.com *.yext-pixel.com *.stripe.com *.taggstar.com aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.twitter.com analytics.tiktok.com answers2-embed.sky.com.pagescdn.com assets.sitescdn.net assets.adobedtm.com bat.bing.com britishskybroadcasti.tt.omtrdc.net cdn-assets-prod.s3.amazonaws.com cdn.co-buying.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.tt.omtrdc.net cdnjs.cloudflare.com connect.facebook.net content.zeotap.com c.amazon-adsystem.com dmp.vfwmrm.net edge.adobedc.net ib.adnxs.com js.smct.co js.smct.io js-cdn.dynatrace.com maps.googleapis.com platform.twitter.com rules.quantcount.com s0.2mdn.net s.pinimg.com sc-static.net secure.quantserve.com secure.adnxs.com servedby.flashtalking.com smct.co smct.io static.ads-twitter.com the.sciencebehindecommerce.com unpkg.com www.dwin1.com *.zenaps.com www.facebook.com *.googletagmanager.com www.googleadservices.com www.gstatic.com yahoo.com cdn.branch.io api2.branch.io api.branch.io app.link players.brightcove.net vjs.zencdn.net c5.adalyser.com tagmanager.google.com lantern.roeyecdn.com https://cdn.prod.uidapi.com https://js.adsrvr.org; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com fonts.googleapis.com assets.sitescdn.net *.kampyle.com *.medallia.eu players.brightcove.net tagmanager.google.com www.googletagmanager.com; font-src 'self' data: *.sky.com fonts.gstatic.com *.skyassets.com use.typekit.net *.google.com *.google.co.uk *.google.ie sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io *.intercomcdn.com *.kampyle.com *.medallia.eu players.brightcove.net; img-src 'self' data: android-webview-video-poster: *.sky.com *.doubleclick.net *.skyassets.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com *.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net *.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net *.zenaps.com connect.facebook.net *.liveperson.net www.gstatic.com *.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com pixel.quantserve.com *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com *.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io maps.gstatic.com maps.googleapis.com *.mktgcdn.com *.yext-pixel.com aax-eu.amazon-adsystem.com *.g.doubleclick.net cms.quantserve.com mwzeom.zeotap.com c.amazon-adsystem.com analytics.tiktok.com *.intercomassets.eu *.intercomassets.com *.intercom.io *.intercomcdn.eu *.intercomcdn.com *.kampyle.com *.medallia.eu cdn.branch.io api2.branch.io api.branch.io app.link players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com ssl.gstatic.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com c5.adalyser.com lantern.roeye.com; connect-src 'self' blob: android-webview-video-poster: *.sky.com aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.tiktok.com api.amplitude.com api.amplitude.com api.iperceptions.com api.taggstar.com assets.adobedtm.com awk.epgsky.com bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com cdn-assets-prod.s3.amazonaws.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.taggstar.com cfg.smct.co cfg.smct.io connect.facebook.net cognito-identity.eu-west-1.amazonaws.com ct.pinterest.com dmp.v.fwmrm.net edge.adobedc.net ep.smct.co ep.smct.io firehose.eu-west-1.amazonaws.com help-search-api-stage.herokuapp.com https://*.google.com ib.adnxs.com ipb.smct.co ipb.smct.io ipl.smct.co ipl.smct.io js.smct.co js.smct.io *.yext.com maps.googleapis.com match.adsrvr.org mwzeom.zeotap.com paa-reporting-advertising.amazon pm.w55c.net poc.idscan.cloud prod.idscan.cloud prod-my-photo-api.herokuapp.com production-retriever.herokuapp.com qa.taggstar.com s0.2mdn.net s.pinimg.com sc-static.net secure.adnxs.com smct.co smct.io spl.zeotap.com the.sciencebehindecommerce.com vip.timezonedb.com wss://*.liveperson.net wss://*.sky.com www.facebook.com www.googleadservices.com *.googletagmanager.com www.gstatic.com www.pinterest.com www.pinterest.co.uk www.zenaps.com *.akstat.io *.assistant.watson.appdomain.cloud *.bf.dynatrace.com *.bskyb.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.googlesyndication.com *.google-analytics.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com *.optimizely.com *.qualtrics.com *.skyassets.com *.snapchat.com *.taggstar.com *.tvsquared.com *.wepowerconnections.com *.yext-pixel.com *.yimg.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.paa-reporting-advertising.amazon *.yextapis.com *.kampyle.com *.medallia.eu cdn.branch.io api2.branch.io api.branch.io app.link *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com faro-collector-prod-eu-west-0.grafana.net *.analytics.google.com *.g.doubleclick.net pagead2.googlesyndication.com ad.doubleclick.net https://*.prod.uidapi.com https://prod.uidapi.com insight.adsrvr.org; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net *.zenaps.com connect.facebook.net *.liveperson.net analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.google-analytics.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com skycustomer.likewizesupport.com sky.likewizesupport.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net *.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com aax-eu.amazon-adsystem.com *.stripe.com answers2-embed.sky.com.pagescdn.com *.awin1.com c.amazon-adsystem.com *.kampyle.com *.medallia.eu paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon cdn.branch.io api2.branch.io api.branch.io app.link www.googletagmanager.com td.doubleclick.net 1580034.fls.doubleclick.net 6993240.fls.doubleclick.net 12660277.fls.doubleclick.net 3662759.fls.doubleclick.net lantern.roeye.com; frame-ancestors 'self'; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob: *.intercom-sheets.com; media-src 'self' data: *.sky.com *.skyassets.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com *.google-analytics.com *.contentsquare.net *.googlesyndication.com *.intercomcdn.com blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; object-src 'self' *.sky.com; form-action *.intercom.io *.intercom.help; report-uri /csp-reports 3 frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 3 frame-ancestors 'self' *.trust-provider.com secure.sectigo.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://*.amazon-adsystem.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://ganon.yahoo.com/ https://geo.yahoo.com/ https://ad.doubleclick.net https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.gumgum.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.creativecdn.com https://*.yellowblue.io https://*.sonobi.com https://taboola.com https://*.1rx.io https://*.cootlogix.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://x.bidswitch.net/sync; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.liadm.com https://console.googletagservices.com https://*.engadget.com http://*.taboola.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://cdn-ssl.vidible.tv/prod https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.engadget.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://*.clean.gg https://*.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://snippet.affilimate.io/ https://snippet.affilimatejs.com https://pub.affilimateapis.com https://pub-eu.affilimateapis.com https://api.assertcom.de https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://guce.oath.com/ https://guce.engadget.com/ https://api.privacy-center.org/v1/locations https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/events https://ep1.adtrafficquality.google/ https://*.kueezrtb.com https://*.pbs.yahoo.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://ads.pubmatic.com https://googleads.g.doubleclick.net; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; upgrade-insecure-requests; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; frame-src 'self' https://ad.doubleclick.net https://console.googletagservices.com https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.criteo.com https://*.gumgum.com https://*.casalemedia.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.creativecdn.com https://*.rubiconproject.com https://*.sharethrough.com https://*.yellowblue.io https://*.sonobi.com https://*.lijit.com https://taboola.com https://*.3lift.com https://*.adsrvr.org https://*.1rx.io https://*.cootlogix.com https://*.yieldmo.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://ep2.adtrafficquality.google https://*.taboola.com https://www.google.com https://*.seedtag.com https://hb.trustedstack.com https://opus.analytics.yahoo.com/ https://*.indexww.com; 3 form-action https:; frame-ancestors https://app.contentful.com https://verkada.teamaligned.com 3 default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 3 frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 3 default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.mparticle.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.mparticle.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.mparticle.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; 3 frame-ancestors 'self' resources.duo.com learn-cloudsecurity.cisco.com; 3 connect-src 'self' https://adservice.google.com global.ketchcdn.com *.calibermind.com *.ketchcdn.com *.ketchjs.com *.google.com *.g2crowd.com *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.marketlinc.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com *.driftt.com *.drift.com wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.sequel.io *.vidyard.com *.youtube.com *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io *.googletagmanager.com; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/ *.vidyard.com; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com *.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self'; 3 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.weborama.com *.adways.com *.adpaths.com; 3 frame-ancestors 'self' http://sproutsocial.lookbookhq.com https://sproutsocial.lookbookhq.com http://sproutsocial.pathfactory.com https://sproutsocial.pathfactory.com https://*.sproutsocial.com https://sproutsocial.com; 3 connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru https://chatwoot.selectel.ru wss://chatwoot.selectel.ru https://statuspal.io/api/v2/status_pages/selectel/summary https://*.mindbox.ru https://selectel.ru https://cdn.selectel.ru https://top-fwz1.mail.ru https://web.popmechanic.ru https://metrics.selectel.ru leads.selectel.ru mc.yandex.ru suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec https://files.selectel.ru https://telegram.org/pxl; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru https://chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com https://rutube.ru/ https://kinescope.io/; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://s.ytimg.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com https://metrics.selectel.ru mc.yandex.ru https://*.mindbox.ru https://widgets.mango-office.ru https://dct.mango-office.ru selectel.ru suggest-maps.yandex.ru www.google.com www.googleadservices.com www.gstatic.com www.youtube.com yastatic.net https://telegram.org/js/pixel.js; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://*.mindbox.ru; upgrade-insecure-requests; 3 default-src 'self' http: https: 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wistia.net wistia.net *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io demandbase.com *.demandbase.com company-target.com *.company-target.com venafi.cloud *.venafi.cloud venafi.eu *.venafi.eu vimeo.com *.vimeo.com data: blob:; upgrade-insecure-requests; 3 frame-ancestors *.oray.com scrm-wx.weiling.cn 3 frame-ancestors https://playersupport.my.salesforce.com 3 default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 3 frame-ancestors 'self' https://webvisor.com 3 frame-ancestors 'self' https://*.adobe.com; 3 frame-ancestors https://*.phoenix.razer.com https://www.razer.com; 3 default-src 'self';base-uri 'self';child-src blob:;connect-src 'self' wss: https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://global.ketchcdn.com/ https://cdn.ketchjs.com/;img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://res.cloudinary.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com https://ct.capterra.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net;form-action https://forms.hsforms.com https://www.facebook.com;frame-ancestors https://app.contentful.com;frame-src https://app.hubspot.com https://start.bitwarden.com https://*.doubleclick.net https://boards.greenhouse.io https://s.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com https://global.ketchcdn.com https://cdn.ketchjs.com/ https://app.contentful.com https://job-boards.greenhouse.io https://hemsync.clickagy.com;manifest-src 'self';object-src 'none';report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub41b0937554d4ab91e35c9ae62433371b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn.jsdelivr.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://global.ketchcdn.com https://cdn.ketchjs.com/ https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://static.xingcdn.com/xingtrk/index.js https://tag.clearbitscripts.com https://cdn.hubilo.com https://tags.clickagy.com https://js.usemessages.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com https://app.contentful.com https://tags.clickagy.com/ https://js.zi-scripts.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://libraries.hund.io https://global.ketchcdn.com https://cdn.ketchjs.com/ https://*.typekit.net;worker-src 'self' blob: https://global.ketchcdn.com https://cdn.ketchjs.com/ 3 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 3 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.cardinalcommerce.com api.cash.app cash.app *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net *.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.tvpixel.com *.monetate.net *.healthroundprince.com blob: apps.byondxr.com acrobatservices.adobe.com ep2.adtrafficquality.google fundingchoicesmessages.google.com mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.adobemc.com *.techlab-cdn.com; worker-src blob:; frame-ancestors *.dickssportinggoods.com *.adobe.com *.experiencecloud.adobe.com *.adobemc.com; child-src *.cj.com *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com api.cash.app cash.app *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.curalate.com *.bambuser.com *.radar.com *.recaptcha.net *.rokt.com sketchfab.com blob: www.googletagmanager.com ep2.adtrafficquality.google *.adobemc.com *.techlab-cdn.com *.healthroundprince.com; 3 frame-ancestors https://www.snowflake.com 3 child-src *.googletagmanager.com *.greenhouse.io *.vimeo.com app.qualified.com; connect-src *.clarity.ms *.6sc.co *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.cookiefirst.com *.google-analytics.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.forethought.ai *.linkedin.com *.vidyard.com *.vimeo.com *.6sense.co *.6sense.com *.d2l.com wss://*.qualified.com lottie.host e.calibermind.com app.navattic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net *.g2.com www.redditstatic.com bam.nr-data.net pagead2.googlesyndication.com secure.adnxs.com www.google.co.in www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.br www.google.com.co www.google.com.mx www.google.ie 'self' 482-pda-858.mktoresp.com 482-pda-858.mktoutil.com app.qualified.com conversions-config.reddit.com data: eps.6sc.co my.yoast.com pixel-config.reddit.com prod.customershome.com region1.analytics.google.com tracking.g2crowd.com translate.googleapis.com www.facebook.com www.google.ca www.googleadservices.com yoast.com vimeo.com; default-src *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.linkedin.com 'self' 'unsafe-inline' *.d2l.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com c.bing.com secure.adnxs.com 482-pda-858.mktoresp.com alb.reddit.com analytics.google.com connect.facebook.net data: googleads.g.doubleclick.net ipv6.6sc.co js.qualified.com munchkin.marketo.net origin.acuityplatform.com pixel-config.reddit.com 'self' tracking.g2crowd.com www.facebook.com www.google.com www.googletagmanager.com www.redditstatic.com www.youtube.com; font-src 'self' data: www.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com fonts.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; form-action 'self' www.facebook.com applications.zoom.us; frame-src *.googletagmanager.com *.greenhouse.io *.vidyard.com *.vimeo.com *.forethought.ai *.d2l.com 'self' capture.navattic.com applications.zoom.us app.qualified.com td.doubleclick.net www.facebook.com www.google.com www.youtube.com www.buzzsprout.com; img-src *.clarity.ms *.6sc.co *.mutinycdn.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.linkedin.com *.vidyard.com *.d2l.com cdn.shortpixel.ai c.navattic.com i.ytimg.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net dl102401s.searchunify.com dl182403p.searchunify.com static.pheedloop.com assets.swoogo.com google.com pagead2.googlesyndication.com consent.cookiefirst.com secure.adnxs.com www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.nz www.google.co.uk www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.bz www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.ly www.google.com.mx www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.ht www.google.hu www.google.ie www.google.it www.google.nl www.google.pt www.google.rs 'self' app.navattic.com c.bing.com alb.reddit.com data: fonts.gstatic.com secure.gravatar.com translate.google.com www.facebook.com www.google.ca blob:; media-src *.vimeo.com *.vimeocdn.com 'self' h5p.com app.qualified.com; object-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinycdn.com *.cookiefirst.com *.greenhouse.io *.forethought.ai *.vidyard.com *.vimeo.com *.d2l.com 'self' 'unsafe-inline' js.navattic.com cdn.shortpixel.ai js.navattic.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net apis.google.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com js.storylane.io munchkin.marketo.net origin.acuityplatform.com cdn.calibermind.com tracking.g2crowd.com unpkg.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yoast.com js.live.net www.dropbox.com www.buzzsprout.com; script-src *.6sc.co *.acuityplatform.com *.mutinycdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.vimeocdn.com *.vimeo.com *.greenhouse.io *.forethought.ai *.d2l.com 'self' 'unsafe-eval' 'unsafe-inline' js.navattic.com pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net consent.cookiefirst.com client-registry.cdn.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com munchkin.marketo.net tracking.g2crowd.com unpkg.com www.clarity.ms www.redditstatic.com; style-src-attr 'unsafe-inline' dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src-elem *.cookiefirst.com *.greenhouse.io *.d2l.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net 'self' 'unsafe-inline' data: fonts.googleapis.com www.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src 'self' 'unsafe-inline' d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net consent.cookiefirst.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; worker-src 'self' blob:; frame-ancestors 'self' *.d2l.com app.mutinyhq.com applications.zoom.us; 3 default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3 frame-ancestors 'self' https://app.contentful.com/spaces/* https://zoominfo.pathfactory.com/* https://pipeline.zoominfo.com/* http://pipeline.zoominfo.com/* 3 default-src 'self' blob: *.wistia.com/ https://embedwistia-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googleadservices.com/ https://ss-consent-or.trustarc.com/ https://googleads.g.doubleclick.net/ https://assets.bugcrowdusercontent.com/ https://bugcrowd.com/ https://j.6sc.co/ https://static.addtoany.com/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://fast.wistia.com/ *.adroll.com/ *.geocomply.net/ *.geocomply.com/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://snap.licdn.com/ https://pi.pardot.com/ https://tracking.g2crowd.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://copytocdn.s3.amazonaws.com/ https://ss-consent-or.trustarc.com/ https://www.google.com/ https://localhost:* https://www.google.de/ https://no-cdn.shortpixel.ai/ *.linkedin.com/ https://p.adsymptotic.com/ https://www.google.com.ua/ https://b.6sc.co/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ *.wistia.com/ https://consent-pref.trustarc.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://ups.analytics.yahoo.com/ *.geocomply.com/ *.geocomply.net/ https://analytics.twitter.com/i/ https://www.google.pl/ https://www.google.ca/ https://www.linkedin.com/px/ https://google.com.ua/ https://t.co/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ads/ https://px.ads.linkedin.com/ data:; style-src 'self' 'unsafe-inline' https://fast.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ https://fonts.googleapis.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/; font-src 'self' https://ss-consent-or.trustarc.com/ https://fast.wistia.com/ https://consent.trustarc.com/ https://fast.wistia.net/ *.geocomply.com/ https://themes.googleusercontent.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' https://td.doubleclick.net/ https://bugcrowd.com/ https://static.addtoany.com/ https://consent-pref.trustarc.com/ https://fast.wistia.net/embed/ https://applications.zoom.us/ *.geocomply.com/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.youtube.com/ https://www.google.com/; frame-ancestors 'self' https://applications.zoom.us/; connect-src 'self' wss://127.0.0.1:* https://v.eps.6sc.co/ https://eps.6sc.co/ https://px.ads.linkedin.com/ www.google.com https://pagead2.googlesyndication.com/ https://ss-consent-or.trustarc.com/ https://consent.trustarc.com/ https://www.g2.com/ https://www.g2.com/ https://consent-reporting.trustarc.com/ https://consent-pref.trustarc.com/ https://www.google.de/ https://epsilon.6sense.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com.ua/ https://www.google.pl https://stats.g.doubleclick.net/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://analytics.google.com/ *.analytics.google.com/ https://embedwistia-a.akamaihd.net/ *.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ *.geocomply.net/ https://www.google-analytics.com/ wss.plc-gc.com:* wss://wss.plc-gc.com:*; object-src 'self' 3 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.southernliving.com; upgrade-insecure-requests; 3 default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; script-src-elem 'self' https://hcaptcha-ws.threema.ch 'unsafe-inline' data:; frame-src 'self' https://hcaptcha-assets.threema.ch; img-src 'self' data: https://static.threema.ch blob: ; media-src 'self' data: blob:; connect-src 'self' wss://threema.com https://hcaptcha-assets.threema.ch https://static.threema.ch https://bugs.threema.ch ; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://threema.com ; base-uri https://threema.com; report-uri https://bugs.threema.ch/api/30/security/?sentry_key=33a83d833904ad024494585d9479b3c4; report-to default 3 default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net *.yobi.ai adobetag.com api-js.mixpanel.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.measureone.com api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.lr-ingest.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com ik.imagekit.io img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com browser-intake-datadoghq.com google.com tags.srv.stackadapt.com nextinsure.com *.nextinsure.com *.save.auto *.supermoney.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 3 child-src blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;default-src 'self' https://*.wistia.com https://*.wistia.net;connect-src analytics.o11.tech www.google.com eps.6sc.co ml314.com insight.adsrvr.org analytics.o11.tech https://td.doubleclick.net/ http://localhost:3000 https://devsite.blueconic.com/ https://stgsite.blueconic.com/ https://blueconic.com/ https://www.blueconic.com/ https://cdn.acsbapp.com px.ads.linkedin.com https://analytics.google.com https://dogfood.blueconic.com https://pl21.blueconic.com https://assets.ctfassets.net https://viewlicense.adobe.io https://ngmrewndgx-dsn.algolia.net https://ngmrewndgx-2.algolianet.com https://ngmrewndgx-3.algolianet.com https://ngmrewndgx-1.algolianet.com https://ngmrewndgx-dsn.algolia.net https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://l.clarity.ms https://*.clarity.ms https://bat.bing.com https://ipv6.6sc.co/ https://c.6sc.co/ https://secure.adnxs.com https://cdn.linkedin.oribi.io https://epsilon.6sense.com https://358-xtm-616.mktoresp.com https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com analytics.o11.tech a.usbrowserspeed.com ml314.com insight.adsrvr.org analytics.o11.tech https://td.doubleclick.net/ https://go.blueconic.com/ unpkg.com https://cdnjs.com https://cdnjs.cloudflare.com https://dogfood.blueconic.com https://li.protechts.net/ https://static.licdn.com/ https://j.6sc.co https://acsbapp.com https://ws.zoominfo.com https://js.zi-scripts.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com https://munchkin.marketo.net https://secure.adnxs.com https://js.zi-scripts.com https://ipv4.d.adroll.com/ https://www.googleanalytics.com google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com www.google-analytics.com www.googletagmanager.com https://pl21.blueconic.com https://code.jquery.com https://cdn.jsdelivr.net https://dogfood.blueconic.com https://fast.wistia.com https://documentcloud.adobe.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://s.adroll.com/j/roundtrip.js https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://s.adroll.com https://d.adroll.com https://www.clarity.ms https://connect.facebook.net https://*.clarity.ms https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://td.doubleclick.net/ https://fast.wistia.com https://pl21.blueconic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com/ https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com;font-src 'self' data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net https://fonts.gstatic.com https://*.wistia.com https://fonts.gstatic.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://fonts.intercomcdn.com;img-src 'self' blob: data: downloads.ctfassets.net https://td.doubleclick.net/ https://x.adroll.com https://ds.reson8.com https://b.6sc.co https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com https://embed-ssl.wistia.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://pl21.blueconic.com pl21.blueconic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://bat.bing.com https://px.ads.linkedin.com https://d.adroll.com https://c.clarity.ms https://*.clarity.ms https://www.facebook.com https://c.bing.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://us-u.openx.net https://image2.pubmatic.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://ib.adnxs.com https://sync.taboola.com https://idsync.rlcdn.com https://image2.pubmatic.com https://px4.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://global.ib-ibi.com https://odr.mookie1.com https://privacy-policy.truste.com https://acsbapp.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com;media-src 'self' blob: data: videos.ctfassets.net downloads.ctfassets.net https://td.doubleclick.net/ https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;worker-src 'self' blob: https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com;frame-src 'self' videos.ctfassets.net analytics.o11.tech https://td.doubleclick.net/ https://x.adroll.com https://go.blueconic.com/ https://get.blueconic.com/ https://dogfood.blueconic.com view.ceros.com https://358-xtm-616.mktoweb.com/ https://li.protechts.net/ li.protechts.net www.linkedin.com https://static.licdn.com/ https://www.linkedin.com https://acsbapp.com http://358-xtm-616.mktoweb.com https://more.blueconic.com https://documentcloud.adobe.com https://fast.wistia.com https://fast.wistia.net https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com;form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io 3 default-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipv6.6sc.co j.6sc.co secure.adnxs.com https://assets.adobedtm.com js.adsrvr.org *.amazon-adsystem.com analytics.bgalytics.com bat.bing.com cdn.bttrack.com https://www.clarity.ms cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com https://*.demdex.net googleads.g.doubleclick.net stats.g.doubleclick.net *.t.eloqua.com img.en25.com https://cm.everesttech.net *.evidon.com connect.facebook.net tracker.gaconnector.com www.google-analytics.com apis.google.com optimize.google.com tagmanager.google.com www.google.com www.googleadservices.com maps.googleapis.com *.googletagmanager.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com js.hs-analytics.net js.hs-scripts.com mpsnare.iesnare.com widget.intercom.io js.intercomcdn.com pnapi.invoca.net solutions.invocacdn.com snap.licdn.com munchkin.marketo.net *.mountain.com apps.mypurecloud.com nifegwy.neustar.biz h.online-metrix.net *.optimizely.com cdn.optimizely.com amplify.outbrain.com s.pinimg.com *.qualtrics.com rules.quantcount.com secure.quantserve.com cdn.ravenjs.com recaptcha.net www.redditstatic.com https://tags.srv.stackadapt.com tags.tiqcdn.com play.vidyard.com *.walkme.com sp.analytics.yahoo.com s.yimg.com www.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d3sbxpiag177w8.cloudfront.net *.clover.com cloverstatic.com dev.cloverstatic.com optimize.google.com tagmanager.google.com chart.googleapis.com fonts.googleapis.com heapanalytics.com *.qualtrics.com tags.srv.stackadapt.com; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net b.6sc.co https://assets.adobedtm.com js.adsrvr.org p.adsymptotic.com data.adxcel-ec2.com mver.agkn.com s.amazon-adsystem.com apintego.com arttrk.com cx.atdmt.com *.bing.com bat.bing.com *.clarity.ms d3sbxpiag177w8.cloudfront.net dxkdvuv3hanyu.cloudfront.net res.cloudinary.com *.clover.com cloverstatic.com dev.cloverstatic.com www.google.co.uk www.google.co.in www.google.co.id www.google.com.pr www.google.com.br www.google.com.co images.contentful.com *.ctfassets.net https://*.demdex.net *.doubleclick.net *.g.doubleclick.net *.t.eloqua.com https://cm.everesttech.net *.evidon.com *.eyeota.net connect.facebook.net www.facebook.com *.ggpht.com *.google-analytics.com *.google.com *.analytics.google.com www.google.ca www.google.de www.google.ie www.google.com *.googleapis.com chart.googleapis.com maps.googleapis.com *.googletagmanager.com www.googletagmanager.com lh3.googleusercontent.com *.gstatic.com heapanalytics.com script.hotjar.com track.hubspot.com static.intercomassets.com *.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com www.linkedin.com *.omtrdc.net *.online-metrix.net *.optimizely.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io s.pinimg.com ct.pinterest.com *.qualtrics.com pixel.quantserve.com recaptcha.net alb.reddit.com www.redditstatic.com *.rfihub.com https://tags.srv.stackadapt.com cdn.vidyard.com play.vidyard.com *.vimeocdn.com *.walkme.com sp.analytics.yahoo.com s.yimg.com; font-src data: 'self' maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.clover.com cloverstatic.com dev.cloverstatic.com use.fontawesome.com fonts.gstatic.com heapanalytics.com script.hotjar.com *.intercomcdn.com js.intercomcdn.com *.qualtrics.com; connect-src 'self' 52.71.121.170 44.238.122.172 34.215.155.61 44.212.189.233 54.156.2.105 18.210.229.244 3.212.39.155 35.160.46.251 52.22.50.55 100.20.58.101 c.6sc.co ipv6.6sc.co 35.85.84.151 44.228.85.26 secure.adnxs.com https://assets.adobedtm.com collection.bgalytics.com bat.bing.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.clarity.ms https://a.clarity.ms *.clover.com wss://*.clover.com cloverstatic.com dev.cloverstatic.com *.contentful.com *.ctfassets.net *.datadoghq.com https://*.demdex.net *.g.doubleclick.net https://cm.everesttech.net *.evidon.com www.facebook.com oamportal.fdvs.com secure.geonames.org *.google-analytics.com www.google-analytics.com *.google.com analytics.google.com apis.google.com www.google.com maps.googleapis.com storage.googleapis.com *.googletagmanager.com *.greenhouse.io heapanalytics.com *.hotjar.com *.hotjar.io vc.hotjar.io wss://*.hotjar.com wss://ws4.hotjar.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com pnapi.invoca.net px.ads.linkedin.com *.mktoresp.com *.mktoutil.com *.tt.omtrdc.net h.online-metrix.net *.optimizely.com cdn.linkedin.oribi.io https://cdn.linkedin.oribi.io *.perka.com ct.pinterest.com *.qualtrics.com recaptcha.net *.reddit.com redditstatic.com www.redditstatic.com sentry.io *.sentry.io collection.sperse.io tags.srv.stackadapt.com api.thelevelup.com s.yimg.com; media-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com *.ctfassets.net commondatastorage.googleapis.com js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com dev.cloverstatic.com h.online-metrix.net vd.vidoplay.com; child-src blob: intercom-sheets.com player.vimeo.com www.youtube.com; frame-src mailto: 'self' tel: *.adsrvr.org insight.adsrvr.org s.amazon-adsystem.com players.brightcove.net *.clover.com cloverstatic.com dev.cloverstatic.com sync-flow.codat.io https://*.demdex.net *.doubleclick.net *.fls.doubleclick.net bid.g.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com maps.googleapis.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.optimizely.com *.cdn.optimizely.com *.perka.com https://ct.pinterest.com *.qualtrics.com play.vidyard.com player.vimeo.com www.youtube.com *.ytimg.com; frame-ancestors *.clover.com cloverstatic.com dev.cloverstatic.com *.optimizely.com *.perka.com; 3 frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 3 child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.livechat.s3.amazonaws.com *.livechat-files.com *.paypal.com *.google.com *.youtube.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com; frame-ancestors 'self' directnic.net; 3 frame-ancestors 'self' https://twitter.com; 3 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.parents.com; upgrade-insecure-requests; 3 default-src 'unsafe-inline' 'self' https: wss: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 3 frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3 frame-ancestors 'self' *.appfolio.com *.appfolioinc.com *.appfolioinvestmentmanagement.com *.folio-guard.com *.storyblok.com 3 frame-ancestors *.getjobber.com getjobber.com 3 frame-ancestors 'self'; // Add other policies on a new line here // And another one here 3 default-src 'self' blob: www.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com https://hbchat.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' data: blob: india-stage.icicibank.adobecqms.net country1.icicibank.adobecqms.net www.icicibank.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' smart-search.senseforth.com players.brightcove.net firebasestorage.googleapis.com fcm.googleapis.com test-securetoken.sandbox.googleapis.com staging-www.sandbox.googleapis.com securetoken.googleapis.com apis.google.com www.googleapis.com securetoken.googleapis.com www.gstatic.com ibot.icicibank.com assets.adobedtm.com *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self' https://region1.analytics.google.com https://region1.google-analytics.com smart-search.senseforth.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com https://icicibank-mkt-stage1.campaign.adobe.com/acxwp/webregisterAndroid.jssp googleads.g.doubleclick.net https://icicibank-mkt-prod4.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mkt-prod4-lb.campaign.adobe.com/ici/webregisterAndroid.jssp icicibank-mid-prod4-all-t.adobe-campaign.com smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://fcm.googleapis.com/fcm/connect/unsubscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://smart-search.senseforth.com/STT/transcribe;img-src 'self' https://smart-search.senseforth.com https://www.google.co.uk ad.doubleclick.net ibot.icicibank.com *.demdex.net cm.everesttech.net wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' https://smart-search.senseforth.com fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com;frame-src 'self' td.doubleclick.net *.demdex.net players.brightcove.net ibotuat.icicibank.com www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com infinity.icicibank.co.in iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net smart-search.senseforth.com; 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.uk.exponea.com https://static.cloudflareinsights.com https://ep2.adtrafficquality.google https://longform.atptour.com/ https://snippet.minute.ly/publishers/90700/mi-1.17.1.220.js https://apv-launcher.minute.ly/api/launcher/MIN-90700.js https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://static.smartframe.io https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com https://*.sf-ads.io https://*.sf-insights.io https://*.sf-logs.io http://*.minute.ly https://*.minute.ly https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me http://*.spoteam.com https://*.spoteam.com;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com http://*.minute.ly https://*.minute.ly https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me http://*.spoteam.com https://*.spoteam.com;worker-src blob: 3 frame-ancestors 'self'; report-uri https://www.ge.com/report-uri/enforce 3 frame-src 'self'; 3 frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 3 report-uri https://sentry-v2.staticimg.co/api/80/security/?sentry_key=638f6869a787409b9d5f4edd74db3b66; default-src 'unsafe-eval' 'unsafe-inline' https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://*.staticimg.com https://*.staticimg.co https://*.xcoinsystem.com https://*.pool-x.io https://*.kcsfile.com https://bat.bing.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://t.co https://analytics.twitter.com https://mc.yandex.ru https://www.google.com https://www.google.co.jp https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://storage.googleapis.com https://font.googleapis.com https://www.google-analytics.com https://accounts.google.com https://www.gstatic.cn https://www.gstatic.com https://fonts.gstatic.cn https://fonts.gstatic.com https://scripts.coolretargeting.com https://pixel.coolretargeting.com https://adscool.net; connect-src https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://kucoin.eu.ada.support wss://*.kucoin.com wss://*.kucoin.plus wss://*.kucoin.biz wss://*.kucoin.fit wss://*.kucoin.cloud wss://*.kucoin.work wss://*.kucoinpre.com https://*.staticimg.com https://*.staticimg.co https://*.xcoinsystem.com https://*.pool-x.io https://*.kcsfile.com https://www.google.com https://www.google.co.jp https://www.googleadservices.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://storage.googleapis.com https://font.googleapis.com https://www.google-analytics.com https://accounts.google.com https://www.google.com.hk https://analytics.google.com https://maps.googleapis.com https://www.gstatic.cn https://www.gstatic.com https://fonts.gstatic.cn https://fonts.gstatic.com https://bat.bing.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://mc.yandex.ru; font-src https: data:; img-src https: data: blob:; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net; worker-src 'self' https://*.staticimg.com https://*.staticimg.co; object-src 'none'; frame-ancestors 'self' https://*.kucoin.com https://*.kucoin.plus https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.kucoin.work https://*.kucoinpre.com https://kucoin.eu.ada.support https://*.xcoinsystem.com https://web.telegram.org 3 default-src 'self' *.grubhub.com grubhub.com *.dine.online *.datadog.hq cdn.contentful.com *.forter.com maps.googleapis.com six.cdn-net.com www.cdn-net.com; frame-src 'self' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.tiktok.com analytics.twitter.com analytics.churnzero.com apps.rokt.com everestjs.net *.doubleclick.net accounts.google.com checkout.paypal.com googletagmanager.com www.googletagmanager.com insight.adsrvr.org match.adsrvr.org na.account.amazon.com prod.accdab.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.payments-amazon.com *.tags.tiqcdn.com redditstatic.com js.adsrvr.org *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com *.forter.com *.rokt.com *.cookielaw.org *.everestjs.net six.cdn-net.com www.cdn-net.com https://cdn.prod.uidapi.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.churnzero.net analytics.tiktok.com analytics.twitter.com tags.tiqcdn.com www.google-analytics.com google-analytics.com *.forter.com *.cookielaw.org *.payments-amazon.com platform.twitter.com static.ads-twitter.com www.googletagmanager.com *.cdn-net.com apps.rokt.com maps.googleapis.com cdn.branch.io www.googleadservices.com *.mountain.com app.link googleads.g.doubleclick.net connect.facebook.net assets.loginwithamazon.com accounts.google.com apis.google.com analytics.tiktok.com c.amazon-adsystem.com google-analytics.com google.com googleads.g.doubleclick.net googleadservices.com googletagmanager.com gstatic.com prod.accdab.net redditstatic.com s.pinimg.com everestjs.net d.impactradius-event.com tag.havasedge.com pixel.mathtag.com www.gstatic.com bat.bing.com px.airpr.com www.redditstatic.com js.adsrvr.org ext.chtbl.com www.google.com collector-21091.us.tvsquared.com innovid.com www.everestjs.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; img-src 'self' *.cloudinary.com *.grubhub.com grubhub.com *.cloudfront.net *.pinterest.com *.cookielaw.org cm.everesttech.net t.co www.google-analytics.com google-analytics.com analytics.twitter.com *.doubleclick.net maps.gstatic.com *.googleapis.com www.google.com data: www.facebook.com trkn.us event.havasedge.com grubhubimages-dev.s3.amazonaws.com tags.w55c.net data.adxcel-ec2.com b.videoamp.com ext.chtbl.com bat.bing.com px.airpr.com redditstatic.com js.adsrvr.org adservice.google.com alb.reddit.com b.videoamp.com www.googletagmanager.com insight.adsrvr.org s3.amazonaws.com collector-21091.us.tvsquared.com innovid.com; style-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com accounts.google.com pixel.mathtag.com; style-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com six.cdn-net.com www.cdn-net.com; font-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.gstatic.com; connect-src 'self' *.grubhub.com grubhub.com browser-intake-datadoghq.com *.px-cloud.net preview.connectful.com *.braze.com *.google-analytics.com www.google.com google.com google-analytics.com *.cookielaw.org *.forter.com wss://cdn0.forter.com analytics.tiktok.com geolocation.onetrust.com preview.contentful.com stats.g.doubleclick.net privacyportal.onetrust.com *.googleapis.com sentry.io api2.branch.io *.facebook.com facebook.com bat.bing.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com www.gstatic.com maps.gstatic.com data: cdn.contentful.com collect.tealiumiq.com b.px-cdn.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 prod.accdab.net trkn.us seamless.dcm9zy.net s3.amazonaws.com conversions-config.reddit.com pixel-config.reddit.com www.redditstatic.com web.chtbl.com grubhub.vdcy.net insight.adsrvr.org collector-21091.us.tvsquared.com innovid.com six.cdn-net.com www.cdn-net.com https://*.prod.uidapi.com https://prod.uidapi.com https://api.stripe.com https://maps.googleapis.com *.devcycle.com; 3 frame-ancestors 'self' https://bluebelldigital.com/; report-to default 3 frame-ancestors 'self' https://adobemc.com https://nfcu.experiencecloud.adobe.com https://experience.adobe.com 3 base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3 frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' go.zetaglobal.com https://code.jquery.com https://www.googletagmanager.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://code.jquery.com https://cdn.cookielaw.org https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://munchkin.marketo.net https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js.driftt.com https://cdn.calibermind.com/ go.zetaglobal.com 3 worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 3 frame-ancestors https://*.sanity.studio https://*.complex.com 3 frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 3 frame-ancestors 'self' https://*.tiscali.it 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; object-src 'none'; img-src data: *; worker-src 'self' blob:; 3 frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.pstatic.net https://bat.bing.com https://bat.bing.net https://cta-service-cms2.hubspot.com https://a.quora.com https://api.fraud0.com https://wcs.naver.net https://cdn.segment.com https://js.hubspot.com https://monitor.tapper.ai https://link.edgepilot.com https://www.onelink-edge.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://region1.analytics.google.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://test.salesforce.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com https://js.hsforms.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://wcs.naver.com https://cdn.segment.com https://api.segment.io https://protect.tapper.ai https://cta-service-cms2.hubspot.com https://www.onelink-edge.com https://www.googleadservices.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics-ipv6.tiktokw.us https://api.fraud0.com https://bat.bing.com https://*.tt.omtrdc.net https://www.gstatic.com https://www.google.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://analytics.pangle-ads.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tr.snapchat.com https://kit.fontawesome.com https://test.salesforce.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms-na1.hubspot.com wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-ancestors https://toeflibt-cn-dev.ets.org https://toeflibt-cn-test.ets.org https://toeflibt-cn-stg.ets.org https://toeflibt-cn.ets.org https://toeflibt.ets.org https://toeflibt-dev.ets.org https://toeflibt-test.ets.org https://toeflibt-stg.ets.org https://v2-dev.ereg.ets.org https://v2-tst.ereg.ets.org https://v2-uat.ereg.ets.org https://v2.ereg.ets.org; frame-src 'self' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com https://forms.hsforms.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 3 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; base-uri 'self'; 3 default-src https: wss: blob: 'self' 'unsafe-inline' *.demandbase.com *.foxitesign.foxit.com salesforce.foxitesign.foxit.com *.evergage.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: www.google.com *.google.com www.google-analytics.com *.google-analytics.com optimize.google.com www.googletagmanager.com *.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net *.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com js.chilipiper.com *.gravatar.com secure.gravatar.com *.hotjar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com cdn-cookieyes.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com useruploads.vwo.io www.paypalobjects.com fonts.gstatic.com www.google.com.sg www.googleadservices.com pixel-config.reddit.com conversions-config.reddit.com *.6sc.co *.foxit.com *.g.doubleclick.net google.com *.foxitsoftware.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com *.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.foxitesign.foxit.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com www.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com js.na.chilipiper.com public.profitwell.com st.foxitsoftware.cn *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.foxit.com *.amazon-adsystem.com www.foxit.com ipinfo.io eu1-qa.foxitesign.foxit.com pagead2.googlesyndication.com *.6sc.co 6sc.co *.terminusapp.com player.vwo.me *.cookieyes.com *.foxitsoftware.com cloudflareinsights.com *.microsoft.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com *.googletagmanager.com optimize.google.com *.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.hotjar.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com www.foxit.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com *.hotjar.com foxit.us-6.evergage.com at.alicdn.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; connect-src *.visualwebsiteoptimizer.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.hotjar.com *.hotjar.io *.zoominfo.com wss://ws.hotjar.com *.company-target.com www.google.com.sg *.foxitcloud.com bat.bing.com player.vwo.me *.reddit.com www.redditstatic.com *.linkedin.com *.6sc.co *.evergage.com *.foxitsoftware.com *.paypal.com *.google.com *.connectedpdf.com *.stripe.com www.g2.com *.foxit.com www.facebook.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com google.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.foxitsoftware.com td.doubleclick.net js.driftt.com s.company-target.com js.stripe.com www.sandbox.paypal.com www.recaptcha.net www.youtube.com www.foxit.com www.paypal.com na1.foxitesign.foxit.com www.google.com www.googletagmanager.com eu1-qa.foxitesign.foxit.com *.amazon-adsystem.com player.vwo.me *.stripe.com www.facebook.com *.paypal.com *.foxitcloud.com *.foxit.com; 3 frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com ; 3 upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com 3 frame-ancestors 'self' https://kisanuat.bankofbaroda.co.in https://kisan.bankofbaroda.com https://ams.techmahindra.com;upgrade-insecure-requests; block-all-mixed-content; 3 frame-ancestors https://*.upwave.com 3 frame-ancestors 'self' https://login.mtb.com 3 frame-ancestors 'self' *.springernature.com; 3 img-src 'self' www.technolife.com trustseal.enamad.ir data: www.google-analytics.com *.google.com *.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com https://api.rudderstack.com/* *.rudderstack.com;form-action 'self' https://pay.tara360.ir *.shaparak.ir pay.apsan.co *.sep.ir *.keepa.ir;default-src 'self' blob: 'unsafe-inline' *.google.com https://static.getclicky.com https://in.getclicky.com wss://*.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.doubleclick.net https://www.goftino.com/ https://www.clarity.ms https://c.clarity.ms cdn.yektanet.com *.yektanet.com w3.org https://www.technolife.com phcm.ir *.technolife.com *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ *.google-analytics.com *.analytics.google.com plus.sabavision.com google.com/recaptcha https://www.google.com/recaptcha https://www.google.com/recaptcha/ recaptcha.net https://*.goftino.com https://fcm.googleapis.com https://www.googletagmanager.com https://fcm.googleapis.com/fcm/connect/subscribe https://www.google.com/ads/* https://trustseal.enamad.ir/ https://core.affili.ir/api/v2/clients/conversion https://www.google.com/ads/ga-audiences https://www.aparat.com/ wss://*.goftino.com https://*.clarity.ms https://deemanetwork.com https://if-cdn.com https://player.arvancloud.com *.webengage.com *.webengage.co https://app.raychat.io data: wss://se3.raychat.io https://analytics.takhfifan.com/ https://trk.chavosh.org https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe https://client.crisp.chat https://cdn.parsimap.ir/ https://tracker.chavosh.org/ app.raychat.io cdn.raychat.io https://s.goftino.com https://client.crisp.chat https://api.parsimap.ir/ https://api2.parsimap.ir/ https://*.goftino.com https://*.clarity.ms https://technofestivals.arvanvod.com https://unpkg.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.mouseflow.com *.goftino.com https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com https://api.rudderstack.com/sourceConfig https://api.rudderstack.com/* *.rudderstack.com *.tchno.life https://cdp.tchno.life/;script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com https://in.getclicky.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://www.clarity.ms *.doubleclick.net https://*.goftino.com cdn.yektanet.com *.yektanet.com w3.org https://www.technolife.com phcm.ir shop.technolife.com *.cloudflare.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.googletagmanager.com https://www.google.com/recaptcha https://www.google.com/recaptcha/ https://*.gstatic.com recaptcha.net *.webengage.com *.webengage.co https://app.raychat.io plus.sabavision.com https://unpkg.com/ https://se3.raychat.io https://deemanetwork.com https://trustseal.enamad.ir/ *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://cdn.jsdelivr.net https://yektanet.com https://fcm.googleapis.com https://fcm.googleapis.com/fcm/connect/subscribe app.raychat.io cdn.raychat.io https://*.clarity.ms https://www.aparat.com/ wss://cdn.goftino.com/ https://cdn.parsimap.ir/ https://*.parsimap.ir https://trk.chavosh.org wss://*.goftino.com https://*.goftino.com https://client.crisp.chat https://analytics.takhfifan.com/ https://tracker.chavosh.org/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://*.goftino.com https://*.clarity.ms https://plus.sabavision.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.mouseflow.com *.goftino.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com *.rudderstack.com https://cdn.rudderlabs.com https://cdn.rudderlabs.com/*;style-src 'self' 'unsafe-inline' *.google.com https://www.technolife.com https://in.getclicky.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://ajax.cloudflare.com https://static.cloudflareinsights.com/ w3.org phcm.ir https://*.goftino.com https://cdn.goftino.com/ fonts.googleapis.com https://www.googletagmanager.com *.googletagmanager.com *.cloudflare.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha https://www.google.com/recaptcha recaptcha.net https://app.raychat.io https://cdn.jsdelivr.net https://cdn.parsimap.ir/ https://*.parsimap.ir plus.sabavision.com https://cdn.fontcdn.ir wss://*.goftino.com wss://ws.goftino.com https://*.goftino.com https://if-cdn.com https://player.arvancloud.com https://trustseal.enamad.ir/ https://deemanetwork.com https://analytics.takhfifan.com/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://trk.chavosh.org https://tracker.chavosh.org/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org https://if-cdn.com https://player.arvancloud.com https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://ws6.goftino.com https://unpkg.com/ *.mouseflow.com *.goftino.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com *.rudderstack.com;font-src 'self' 'unsafe-inline' *.google.com https://in.getclicky.com https://www.googletagmanager.com https://www.technolife.com *.cloudflare.com https://static.getclicky.com/js https://*.livechatinc.com https://*.livechat-static.com wss://ws2.goftino.com https://static.cloudflareinsights.com/ https://ajax.cloudflare.com https://www.goftino.com/ data: shop.technolife.com w3.org phcm.ir fonts.googleapis.com *.googletagmanager.com google-analytics.com https://www.google-analytics.com/ google.com/recaptcha recaptcha.net https://cdn.goftino.com/ https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org https://app.raychat.io https://cdn.fontcdn.ir https://fdn.fontcdn.ir wss://cdn.goftino.com/ wss://ws.goftino.com https://*.goftino.com https://deemanetwork.com https://client.crisp.chat https://analytics.takhfifan.com/ https://cdn.parsimap.ir/ https://*.parsimap.ir https://trustseal.enamad.ir/ https://api.parsimap.ir/ https://api2.parsimap.ir/ https://if-cdn.com https://player.arvancloud.com https://trk.chavosh.org https://tracker.chavosh.org/ https://s2.goftino.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com wss://*.goftino.com plus.sabavision.com https://unpkg.com/ *.mouseflow.com *.goftino.com *.webengage.com *.webengage.co *.doubleclick.net https://*.gstatic.com https://adexo.ir https://panel.adexo.ir https://adexofiles.ir https://api.rudderstack.com *.rudderstack.com *.tchno.life https://cdp.tchno.life/;object-src 'none';upgrade-insecure-requests;frame-ancestors https://trustseal.enamad.ir/;connect-src 'self' https://api.rudderstack.com https://api.rudderstack.com/sourceConfig https://api.rudderstack.com/* *.rudderstack.com *.tchno.life https://cdp.tchno.life/ https://cdn.rudderlabs.com https://cdn.rudderlabs.com/* blob: *.google.com https://static.getclicky.com https://in.getclicky.com wss://*.goftino.com https://*.livechatinc.com https://*.livechat-static.com *.doubleclick.net https://www.goftino.com/ https://www.clarity.ms https://c.clarity.ms https://ma-cdn.pegah.tech https://sentry.pegah.tech https://mediacdn.mediaad.org https://s1.mediaad.org https://cdn.mediaffic.ir https://api.mediaad.org *.webengage.com *.webengage.co https://*.goftino.com https://*.clarity.ms https://*.parsimap.ir https://*.yektanet.com *.google-analytics.com;base-uri 'self';script-src-attr 'none' 3 report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 3 base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com cdn.segment.com cdn-segment.pipedrive.com *.pipedrive.com *.pipedriveassets.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.gstatic.cn connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com www.recaptcha.net recaptcha.net js.adsrvr.org secure.adnxs.com acdn.adnxs.com vitals.vercel-insights.com *.contentsquare.net app.contentsquare.com https://rs.eu1.fullstory.com https://static.xingcdn.com s.dpmsrv.com ib.adnxs.com a.dpmsrv.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.cmh-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com www.googletagmanager.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com www.recaptcha.net recaptcha.net *.adsrvr.org *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-uri https://www.pipedrive.com/api/csp-reports 3 frame-ancestors 'self' https://register.sch.gr; 3 frame-ancestors 'none'; form-action 'self'; 3 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 3 frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; report-uri https://www.sunrise.ch/csp-collector 3 frame-ancestors 'self' *.drillisch-online.de *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de *.mouseflow.com *.1und1.cloud; 3 frame-ancestors 'self' https://*.postimees.ee https://*.pmo.ee https://*.tvnet.lv https://*.apollo.lv http://localhost:* 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inno.tech https://privacy-cs.mail.ru https://emd.hybrid.ai https://dss.hybrid.ai https://st.hybrid.ai https://st.top100.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.inet.vtb https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://inno.tech https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://t1-cloud.ru; frame-src 'self' 'unsafe-inline' blob: https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net https://mc.yandex.ru; connect-src 'self' blob: https://api.sendsay.ru https://inno.tech https://api.calc.t1.cloud https://privacy-cs.mail.ru https://yandex.ru https://pagead2.googlesyndication.com https://kraken.rambler.ru https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.corp.dev.vtb:* https://*.inet.vtb https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net https://api.hh.ru/; frame-ancestors 'self' https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://*.vtb.ru:* https://mc.yandex.ru https://metrika.yandex.ru; 3 default-src 'self' https://www.netacad.com data: blob: https://www.netacad.com https://prod.socialgoodplatform.com 'unsafe-inline' 'unsafe-eval' https://code.s4d.io code.s4d.io; img-src 'self' https://caprod.my.salesforce.com https://solutions.brightcove.com https://netacad.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.facebook.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://cisco-tags-stg.cisco.com https://bcbolt446c5271-a.akamaihd.net https://www.cisco.com code.s4d.io cdn.cookielaw.org https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.salesforceliveagent.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.netacad.com 'unsafe-inline' 'unsafe-eval' blob: https://prod.socialgoodplatform.com https://www.netacad.com https://munchkin.marketo.net https://manifest.prod.boltdns.net https://maps.googleapis.com https://tags.tiqcdn.com https://www.googletagmanager.com https://cdn.appdynamics.com https://www.google-analytics.com https://connect.facebook.net https://cdn.appdynamics.com https://www.cisco.com https://players.brightcove.net https://map.brightcove.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn.cookielaw.org https://edge.api.brightcove.com https://api.netacad.com https://geolocation.onetrust.com https://dj5ag5n6bpdxo.cloudfront.net https://code.s4d.io cdn.ckeditor.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.netacad.com 'unsafe-inline' https://cdnjs.cloudflare.com https://prod.socialgoodplatform.com https://players.brightcove.net https://cdnjs.cloudflare.com https://code.s4d.io; frame-src 'self' *.google.com https://fast.wistia.net https://www.netacad.com https://portal.netdevgroup.com https://contenthub.netacad.com https://ole03.yourlearning.ibm.com https://www6.nohold.net https://ssac-backend.netacad.com https://adapt-backend.netacad.com mailto: data: blob: https://3569326.fls.doubleclick.net https://assessment.netacad.com https://www.googletagmanager.com https://auth.netacad.com https://www.facebook.com; connect-src 'self' https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com https://*.googleapis.com *.google.com https://*.gstatic.com *.salesforceliveagent.com data: blob: https://www.netacad.com https://analytics.google.com https://geolocation.onetrust.com https://auth.netacad.com https://059-vfz-834.mktoresp.com https://www.facebook.com https://privacyportal.cisco.com https://pdx-col.eum-appdynamics.com https://edge.api.brightcove.com https://api.netacad.com https://www.google-analytics.com https://cdn.cookielaw.org https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net 'unsafe-inline' *.wbx2.com *.ciscospark.com *.webex.com *.cisco.com code.s4d.io cdn.cookielaw.org wss://*.wbx2.com https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com webexapis.com; font-src 'self' https://fonts.gstatic.com https://www.netacad.com code.s4d.io https://code.s4d.io data: blob: https://prod.socialgoodplatform.com https://cdnjs.cloudflare.com code.s4d.io https://code.s4d.io wss://*.wbx2.com; media-src 'self' https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net code.s4d.io https://code.s4d.io https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com; worker-src https://www.netacad.com blob:; frame-ancestors 'none'; 3 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 3 default-src https: data:; script-src https: *.amplitude.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 3 frame-ancestors https://trustseal.enamad.ir 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms *.termly.io *.googlesyndication.com *.bing.com *.licdn.com *.posthog.com; frame-src 'self' blob: *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me *.termly.io https://*.googletagmanager.com; object-src 'self'; worker-src blob: https://wpml.org; connect-src 'self' *.wpml.org *.posthog.com https://pagead2.googlesyndication.com https://conversions-config.reddit.com https://bat.bing.com https://bat.bing.net https://www.redditstatic.com https://*.doubleclick.net q.quora.com *.linkedin.com *.clarity.ms *.helpscout.net *.wistia.com *.termly.io d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com wss://chat-support.wpml.org https://chat-support.wpml.org wss://activity-tracker.wpml.org https://activity-tracker.wpml.org ams.wpml.org https://google.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 3 frame-ancestors 'self' https://lex.admin.lbr.cloud 3 base-uri self 3 frame-ancestors 'self' https://*.cibc.com https://*.cibc.mobi https://*.simplii.com; 3 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com; upgrade-insecure-requests 3 frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 3 default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com; img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 3 frame-ancestors https://*.ooma.com http://*.ooma.com 3 frame-ancestors *.cas.cn 3 base-uri none; font-src self https: data:; form-action self; frame-ancestors self; object-src none; upgrade-insecure-requests; frame-src self https://www.googletagmanager.com/ https://gum.criteo.com/ https://dynamic.criteo.com/ https://fledge.criteo.com/ https://fledge.us.criteo.com/ https://api.mapbox.com/ https://www.youtube.com/ https://consent.trustarc.com https://consent-pref.trustarc.com https://cdn.segment.com/ https://web.btncdn.com/ https://analytics.ahrefs.com/; 3 frame-ancestors www.red-gate.com; object-src 'none'; 3 frame-ancestors 'self' https://* 3 frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 3 default-src 'self'; connect-src 'self' *.hamburg.de *.contentflow.net www.etracker.de *.dataport.de sgx.geodatenzentrum.de sg.geodatenzentrum.de www.captcha.eu *.stage.bio hamburg.netzwerk-iq.de; script-src 'self' blob: *.stage.bio app.cituro.com www.youtube.com *.hamburg.de eyeable.hamburg.de www.eye-able-cdn.com code.etracker.com www.etracker.de *.contentflow.net iason.hamburg.de *.dataport.de www.captcha.eu hamburg.netzwerk-iq.de 'unsafe-inline'; style-src 'self' *.hamburg.de code.etracker.com www.etracker.de eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de app.cituro.com hamburg.netzwerk-iq.de 'unsafe-inline'; img-src 'self' code.etracker.com www.etracker.de eyeable.hamburg.de static.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de *.stage.bio hamburg.netzwerk-iq.de www.captcha.eu data:; font-src 'self' code.etracker.com www.etracker.de eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de cdn.cituro.com; frame-src *; frame-ancestors *.hamburg.de; media-src 'self' blob: contentflow: *.stage.bio 3 object-src 'none'; frame-ancestors 'self' https://www.qlik.com https://webapps.qlik.com https://www.facebook.com 3 frame-ancestors 'self' https://*.contentstack.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.trendmicro.com *.byspotify.com *.shorthand.com penguinrandomhouseuk.shorthandstories.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com https://www.everestjs.net; object-src 'self'; worker-src blob 'self'; frame-ancestors 'self'; 3 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.de cdn.cookielaw.org www.google.it adservice.google.com *.onetrust.com *.imperva.com www.google.com.et www.google.co.il www.google.com.sa munchkin.marketo.net cdn.bizible.com www.google.pl *.doubleclick.net www.google.com.co www.google.com.np edge.fullstory.com www.google.com.ph www.google.fr www.google-analytics.com www.google.co.th www.google.com.br www.google.es *.mktoresp.com www.brighttalk.com region1.analytics.google.com translate.google.com www.google.com.ua www.google.nl www.google.com.eg *.optimizely.com www.google.com.hk www.youtube.com jscloud.net *.adroll.com www.google.com.pk *.googleapis.com www.google.com.ng rs.fullstory.com *.vimeo.com www.google.com.au www.google.ie www.google.com.gh www.google.co.kr www.google.com.vn www.google.com www.google.se www.google.com.my *.mktoutil.com imperva.piwik.pro www.google.co.in www.googletagmanager.com *.gstatic.com www.google.com.tw imperva.containers.piwik.pro js.driftt.com bam.nr-data.net privacy-policy.truste.com www.google.co.uk www.google.co.il analytics.google.com gc.kis.v2.scr.kaspersky-labs.com www.google.ca cdn.bizibly.com js-agent.newrelic.com *.gravatar.com code.highcharts.com go.imperva.com imperva.substack.com *.vimeocdn.com *.demandbase.com *.company-target.com id.rlcdn.com yoast.com *.hcaptcha.com demostack.app snap.licdn.com *.linkedin.com *.6sense.com *.navattic.com netdna.bootstrapcdn.com *.6sc.co static.oktopost.com *.soundcloud.com *.thalesgroup.com ; form-action 'self' *.salesforce.com ; frame-ancestors 'self' http://thalesgroup.lookbookhq.com https://thalesgroup.lookbookhq.com http://thalesgroup.pathfactory.com https://thalesgroup.pathfactory.com http://hub-cpl.thalesgroup.com https://hub-cpl.thalesgroup.com demostack.app ; 3 base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com nordlayer.com *.nordlayer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googleadservices.com www.google.com www.gstatic.com *.google-analytics.com www.googletagmanager.com https://www.googleanalytics.com https://pagead2.googlesyndication.com nordlayer.com *.nordlayer.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.cookiebot.com:* *.typeform.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://a.quora.com/qevents.js *.redditstatic.com *.alb.reddit.com px.ads.linkedin.com *.oribi.io snap.licdn.com analytics.twitter.com static.ads-twitter.com connect.facebook.net bat.bing.com p.adsymptotic.com sentry.netaltr.com *.wisepops.com *.wisepops.net wisepops.net *.salesloft.com *.6sc.co *.6sense.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.veritonic.com; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com https://pagead2.googlesyndication.com cdn.growthbook.io nordlayer.com *.nordlayer.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com *.typeform.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.redditstatic.com *.alb.reddit.com pixel-config.reddit.com conversions-config.reddit.com www.linkedin.com px.ads.linkedin.com snap.licdn.com connect.facebook.net www.facebook.com p.adsymptotic.com sentry.netaltr.com *.6sc.co *.6sense.com *.wisepops.com *.wisepops.net wisepops.net bat.bing.com *.salesloft.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.veritonicmetrics.com; form-action 'self' webto.salesforce.com https://www.facebook.com/tr *.hsforms.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io www.youtube.com https://www.youtube.com/ www.youtube-nocookie.com https://www.youtube-nocookie.com/ player.vimeo.com https://player.vimeo.com/ https://consentcdn.cookiebot.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.typeform.com *.wisepops.com wisepops.net; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://q.quora.com *.alb.reddit.com px.ads.linkedin.com analytics.twitter.com static.ads-twitter.com *.google-analytics.com stats.g.doubleclick.net www.gstatic.com https://www.googletagmanager.com https://pagead2.googlesyndication.com *.wisepops.com *.wisepops.net wisepops.net *.6sc.co *.6sense.com www.facebook.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.veritonicmetrics.com; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.typeform.com *.6sc.co *.6sense.com https://fonts.googleapis.com; media-src 'self' 'unsafe-inline' videos.ctfassets.net nordlayer.com *.nordlayer.com false https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com; child-src 'self' *.hsforms.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; 3 frame-ancestors https://www.cedars-sinai.org/ https://www-dev.cedars-sinai.org/ https://www-stage.cedars-sinai.org/ https://aodlipsx002188.aws.csmc.edu/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 3 default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://attachuk.imi.chat https://cdn-widget.eu.webexengage.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net https://attachuk.imi.chat; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://attachuk.imi.chat 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://attachuk.imi.chat *.abtasty.com 'unsafe-inline' 3 frame-ancestors 'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com https://www.post.ch/cross-domain-bridge.html 3 object-src 'none'; frame-ancestors https://*.ncrvoyix.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 3 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to csp-violation; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3 frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 3 default-src 'none'; script-src 'self' 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://data.rlp.de; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.rlp.de/; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com; font-src 'self'; manifest-src 'self' 3 frame-ancestors 'self'; report-uri /__csp-report 3 connect-src 'self' ws: wss: https://*.optimizely.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://c.az.contentsquare.net https://chatapps-us.netomi.com https://js.zi-scripts.com https://api.sail-personalize.com https://px.ads.linkedin.com https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://analytics.tiktok.com https://ws.zoominfo.com https://cdn.segment.com https://api.segment.io https://*.hotjar.io https://*.cmp.optimizely.com https://*.google.com https://*.googlesyndication.com https://sso.comptia.org https://*.contentsquare.net https://k-us1.az.contentsquare.net https://stats.g.doubleclick.net https://analytics-ipv6.tiktokw.us https://www.facebook.com; default-src 'self'; font-src 'self' data: https://chatapps-us.netomi.com https://use.typekit.net; frame-ancestors 'self' https://cms.comptia.org https://*.optimizely.com; frame-src https://www.comptia.org https://cms.comptia.org https://forms.comptia.org https://www.youtube.com https://player.vimeo.com https://production-comptiawebsite.azurewebsites.net https://www.verse.com; img-src data: https://www.comptia.org https://images.cmp.optimizely.com https://cdn.cookielaw.org https://c.az.contentsquare.net https://www.facebook.com https://a.usea01.idio.episerver.net https://px.ads.linkedin.com https://api.zaius.com https://px4.ads.linkedin.com https://www.googletagmanager.com https://aistudio-cdata.s3.amazonaws.com https://www.googletagmanager.com https://cms.comptia.org https://*.google.com.br https://optanon.blob.core.windows.net https://*.netomi.com https://*.optimizely.com https://images4.cmp.optimizely.com https://*.cmp.optimizely.com https://www.google.ca https://www.linkedin.com; media-src 'self' https://i.ytimg.com; script-src 'self' https://*.optimizely.com https://*.googleapis.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://code.jquery.com https://unpkg.com https://va.vercel-scripts.com https://player.vimeo.com https://www.youtube.com https://t.contentsquare.net https://connect.facebook.net https://snap.licdn.com https://ak.sail-horizon.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://cdn.wootric.com https://s.usea01.idio.episerver.net https://chatapps-us.netomi.com https://d1igp3oop3iho5.cloudfront.net https://js.zi-scripts.com https://chatapps-us.netomi.com https://api.sail-personalize.com https://js.zi-scripts.com https://cdn.segment.com https://*.hotjar.com https://*.convertflow.co https://*.convertflow.com 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline' https://www.comptia.org https://cms.comptia.org https://chatapps-us.netomi.com https://use.typekit.net https://p.typekit.net; base-uri 'none'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic https: http: blob: data: *.osano.com *.braintreegateway.com;img-src * data: *.activeprospect.com;object-src 'none';base-uri 'none';style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net *.braintreegateway.com; 3 upgrade-insecure-requests; frame-ancestors 'self' https://content.anaconda.com/ 3 connect-src: *.mutinyhq.com, *.mutinyhq.io, *.mutinycdn.com; img-src: *.mutinycdn.com; script-src: *.mutinycdn.com; frame-ancestors: https://app.mutinyhq.com 3 default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; media-src *; frame-ancestors file: cdvfile: 'self'; frame-src * gap://ready data: app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' data: *.google.com *.googleapis.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 3 frame-src 'self' https://*.yimg.com https://*.sandbox.my.site.com https://*.adalyser.com https://*.redditstatic.com https://*.reddit.com https://www.googletagmanager.com https://pcl.satmetrix.com https://*.adsrvr.org https://*.edkt.io https://*.adnxs.com https://*.omniture.com https://*.teads.tv https://*.everesttech.net https://*.everestjs.net https://fledge.teads.tv https://*.adentifi.com https://*.linkedin.com https://*.licdn.com https://*.sojern.com https://*.videoamp.com https://awin1.com https://dwin1.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com https://*.optimizely.com https://*.fullstory.com https://*.paypal.com; frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com https://*.princesspromotions.com https://*.ocean.com https://*.niceincontact.com https://*.adobeaemcloud.com https://*.optimizely.com https://*.fullstory.com https://*.yimg.com https://*.demandware.net https://runtime.commercecloud.com; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:;media-src blob: https:;upgrade-insecure-requests 3 frame-ancestors 'self' https://my.wealthsimple.com 3 frame-ancestors 'self' https://platform.jioretailer.com 3 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 3 frame-ancestors 'self' *.servicetitan.com; 3 default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src 'self' *.crazyegg.com www.main-bvxea6i-okks773k3br2i.eu-3.platformsh.site *.googletagmanager.com www.google.com player.vimeo.com www.youtube.com www.facebook.com www.youtube-nocookie.com open.spotify.com fast.wistia.net express.theroishop.com js.driftt.com td.doubleclick.net; img-src 'self' *.crazyegg.com c.contentsquare.net bat.bing.com bat.bing.net px4.ads.linkedin.com www.main-bvxea6i-okks773k3br2i.eu-3.platformsh.site *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.fr alb.reddit.com agencypartner.platform.sh www.google.com analytics.twitter.com t.co www.facebook.com px.ads.linkedin.com heapanalytics.com i.ytimg.com b.6sc.co cdn.cookielaw.org data:; script-src 'self' 'unsafe-inline' www.clarity.ms *.crazyegg.com static.reo.dev t.contentsquare.net www.gstatic.com www.google.com cdn.cookielaw.org js.driftt.com *.googletagmanager.com cdn.matomo.cloud cdn.heapanalytics.com platformsh.matomo.cloud sdk.us.heap-api.com mt.auryc.com ab-partner-locator.s3-us-west-2.amazonaws.com www.google-analytics.com googleads.g.doubleclick.net ws.zoominfo.com connect.facebook.net munchkin.marketo.net www.redditstatic.com static.ads-twitter.com snap.licdn.com j.6sc.co assets.calendly.com ws-assets.zoominfo.com www.googleadservices.com tracking.g2crowd.com www.youtube.com bat.bing.com cdn.us.heap-api.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.crazyegg.com fonts.googleapis.com assets.calendly.com; connect-src 'self' bat.bing.net *.crazyegg.com c.contentsquare.net *.heap-api.com boards-api.greenhouse.io cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com platformsh.matomo.cloud client-api.auryc.com mt.auryc.com *.google-analytics.com googleads.g.doubleclick.net g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com www.google.com api.allbound.eu c.6sc.co ipv6.6sc.co pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com stats.g.doubleclick.net 232-owy-009.mktoresp.com epsilon.6sense.com ws.zoominfo.com px.ads.linkedin.com assets.calendly.com ws-assets.zoominfo.com google.com www.googleadservices.com tracking.g2crowd.com www.youtube.com tracking-api.g2.com analytics.google.com eps.6sc.co v.eps.6sc.co; 3 frame-ancestors 'self' https://smart-insights.flix360.com 3 default-src 'self' *.jfrog.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jfrog.com https://geoip-js.com https://www.googletagmanager.com https://cdn.cookielaw.org *.nagich.co.il https://www.recaptcha.net https://sec.webeyez.com https://pagead2.googlesyndication.com https://www.gstatic.com https://www.gstatic.cn https://dev.visualwebsiteoptimizer.com https://gtm.jfrog.com https://js.driftt.com https://munchkin.marketo.net *.marketo.com https://static.oktopost.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://www.redditstatic.com *.outbrain.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://okt.to https://www.google-analytics.com blob: https://tracking.g2crowd.com https://platform.twitter.com https://www.google.com *.6sc.co https://cdn.heapanalytics.com *.zuora.com https://256-fnz-187.mktoutil.com https://js-eu1.hsforms.net https://www2.bluesnap.com https://jfrogforms.formtitan.com *.algolia.net *.algolianet.com https://app.vwo.com transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.influ2.com; connect-src 'self' *.jfrog.com https://send.webeyez.com https://ingest.webeyez.com *.nagich.co.il https://cdn.cookielaw.org https://www.gstatic.com https://pagead2.googlesyndication.com *.visualwebsiteoptimizer.com https://gtm.jfrog.com https://www.google.com *.marketo.com https://ws.zoominfo.com https://js.zi-scripts.com https://pixel-config.reddit.com https://www.redditstatic.com *.outbrain.com https://px.ads.linkedin.com https://256-fnz-187.mktoresp.com https://www.google-analytics.com *.6sc.co *.onetrust.com https://tracking.g2crowd.com https://geoip-js.com *.6sense.com https://www.googleapis.com *.g2.com https://heapanalytics.com https://256-fnz-187.mktoutil.com *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com *.hubspot.com https://www.googleadservices.com https://www2.bluesnap.com *.algolia.net *.algolianet.com https://app.vwo.com https://www.recaptcha.net transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.facebook.com https://t.influ2.com/ https://google.com; style-src 'self' 'unsafe-inline' *.jfrog.com https://rtp-static.marketo.com https://fonts.googleapis.com https://access.nagich.co.il https://app.vwo.com *.visualwebsiteoptimizer.com transcend-cdn.com; font-src 'self' *.jfrog.com https://fonts.gstatic.com data:; img-src * blob: data: transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com; media-src 'self' *.jfrog.com; frame-src 'self' *.jfrog.com https://sec.webeyez.com https://www.googletagmanager.com https://www.recaptcha.net https://js.driftt.com https://td.doubleclick.net https://www.google.com https://www.facebook.com https://www.youtube.com *.zuora.com *.hsforms.com https://jfrogforms.formtitan.com https://jfrog.chilipiper.com https://hackerone.com https://jfrog.force.com https://jfrogprm.my.salesforce-sites.com https://app.vwo.com *.visualwebsiteoptimizer.com https://jfrogcpq.formtitan.com; frame-ancestors 'self' https://partners.jfrog.com https://supportjfrog.force.com/; worker-src 'self' *.jfrog.com https://sec.webeyez.com blob: 3 frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:*; 3 frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 3 frame-ancestors 'self' https://sketch.com https://*.sketch.com https://*.netlify.app 3 frame-ancestors 'none'; object-src 'none' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/maps/api/geocode/json https://www.google-analytics.com/analytics.js https://cr.testfreaks.com https://d1le22hyhj2ui8.cloudfront.net https://js.testfreaks.com https://se-content-b.psplugin.com https://w8db611c3.api.esales.apptus.cloud https://wff10df68.api.esales.apptus.cloud https://cdn.esales.apptus.com/api/apptus-esales-api-2.0.1.js https://co1078.clasohlson.se/nl https://co1078.clasohlson.se/webApp https://www.gstatic.com/recaptcha images.clasohlson.com checkout-eu.playground.klarna.com se-content-f.psplugin.com https://www.google.com/recaptcha/api.js www.gstatic.com clasohlson.psplugin.com content.psplugin.com co.clasohlson.com co1078.clasohlson.se 04uatcrmm.clasohlson.com maps.gstatic.com https://www.google-analytics.com fonts.gstatic.com fonts.googleapis.com https://www.googletagmanager.com maps.googleapis.com account.psplugin.com x.klarnacdn.net evt.playground.klarna.com https://*.youtube.com https://js.playground.klarna.com https://eu.playground.klarnaevt.com https://widget.porterbuddy.com https://careoffunctionsuatstor.blob.core.windows.net/rentalscripts/rental.js https://reviews.testfreaks.com/ https://www.google.com https://ds-aksb-a.akamihd.net/aksb.min.js https://api.porterbuddy-test.com/availability https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/id https://adtr.io https://connect.facebook.net https://translate.googleapis.com https://googleads.g.doubleclick.net https://segment.api.useinsider.com https://w76e66a6f.api.esales.apptus.cloud/ https://static.hotjar.com https://in.hotjar.com https://vars.hotjar.com/ https://vc.hotjar.io https://script.hotjar.com https://assets.api.useinsider.com https://stats.g.doubleclick.net https://www.facebook.com https://location.api.useinsider.com https://clasohlson.api.useinsider.com https://hit.api.useinsider.com https://adservice.google.com https://5756990.fls.doubleclick.net https://socialproof.api.useinsider.com https://tpc.googlesyndication.com https://cnv.adt662.net https://unification.useinsider.com https://api.porterbuddy.com https://s2.adform.net https://track.adform.net https://js.klarna.com https://eu.klarnaevt.com https://ds-aksb-a.akamaihd.net https://www.googleadservices.com https://translate.google.com https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.ttf https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.woff https://se-content-a.psplugin.com https://bat.bing.com/ https://*.psplugin.com https://*.hotjar.com https://*.cloudflare.com wss://*.hotjar.com https://optimize.google.com https://rum-static.pingdom.net https://*.pingdom.net https://cert.tryggehandel.se/ wss://*.vergic.com wss://*.psplugin.com https://*.getflowbox.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://cicptqmkej.execute-api.eu-west-1.amazonaws.com https://images.clasohlson.com/fonts/cofonts.css https://10773067.fls.doubleclick.net/ https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Regular.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-RegularItalic.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Medium.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-MediumItalic.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-Bold.woff2 https://images.clasohlson.com/fonts/ClasOhlsonSansWeb-BoldItalic.woff2 cdn.flbx.io https://digitalfeedback.euro.confirmit.com https://survey.euro.confirmit.com/ https://apim-stream00-prod-apim.azure-api.net/ https://cop-order-prod-cdnendpoint.azureedge.net/ https://coporderprodretuistor.blob.core.windows.net/ https://cert.tryggehandel.net/js/script.js?id=a810f736-42fe-49e5-8280-1ace6e8dd290 https://*.plerdy.com/ https://cert.tryggehandel.net/ https://*.smartlook.com https://translate-pa.googleapis.com https://*.smartlook.cloud https://r.testfreaks.com https://analytics.clasohlson.com http://www.bing.com https://*.google-analytics.com https://*.analytics.google.com https://www.analytics.clasohlson.com https://ad.doubleclick.net https://www.google.se https://td.doubleclick.net https://static.clasohlson.se/returns/returns.js https://static.clasohlson.se/dep/deliveryexperience.js https://static.clasohlson.se/co-shared-css/styles.min.css https://static.clasohlson.se/inventory/co-online-inventory.iife.js https://static.clasohlson.se https://pagead2.googlesyndication.com https://*.tiktok.com https://analytics.pangle-ads.com https://*.clarity.ms https://c.bing.com https://livechat-clasohlson.connexone.co.uk https://osm.klarnaservices.com https://*.verbolia.com https://api.clasohlson.se https://*.growthbook.io https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/auto.min.js https://*.sprii.shop https://*.kustom.co https://s.pinimg.com/ https://ct.pinterest.com https://p-eu.brsrvr.com https://cdn.brcdn.com; img-src 'self' data: *; 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 3 default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://*.facebook.com/ https://geolocation.onetrust.com/ https://fpf.org/ https://www.cloudflare.com/ https://vimeo.com/; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/ https://*.typekit.net/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/ https://fpf.org/ https://img.youtube.com/ https://i.vimeocdn.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com https://*.eventbrite.com/ https://player.vimeo.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/ https://*.eventbrite.com/ https://*.youtube.com/ https://fpf.org/ https://player.vimeo.com/ https://*.vimeocdn.com/; worker-src 'self' https://*.youtube.com/ https://*.vimeo.com/ blob:; block-all-mixed-content; 3 default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com/zi-tag.js; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com google-analytics.com googleads.g.doubleclick.net play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com www.google-analytics.com www.googletagmanager.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com cdn-app.pathfactory.com blob: translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.googletagmanager.com go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js cdn-app.pathfactory.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' http://library.forsta.com https://library.forsta.com https://resources.rioseo.com http://resources.rioseo.com https://www.rioseo.com http://www.rioseo.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com ; frame-src www.googletagmanager.com go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com pressganey.wd1.myworkdayjobs.com; object-src 'none'; base-uri 'self'; form-action 'self' www.googletagmanager.com webto.salesforce.com *.forsta.com *.rioseo.com js.zi-scripts.com/zi-tag.js ; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googleapis.com googleapis.com maps.googleapis.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.pathfactory.com *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com/zi-tag.js pipedream.wistia.com www.googleadservices.com tracking-api.production.g2.com tracking-api.g2.com; font-src 'self' data: fonts.gstatic.com www.googletagmanager.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js *.pathfactory.com; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://*.jaggaer.com https://*.sciquest.com https://*sp24.phitr.com https://*sp15.phibred.com 3 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com wss://widget-mediator.zopim.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com pod-28.zendesk.com https://widget-mediator.zopim.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com 3 default-src https: 'self' data: *.demdex.net *.everesttech.net *.omtrdc.net *.sc.omtrdc.net *.tt.omtrdc.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.kouto.co https://*.stripe.com https://*.imagekit.io https://*.bing.com https://*.creativecdn.com https://cloud.e.mandarinoriental.com https://siteintercept.qualtrics.com https://cdnjs.cloudflare.com https://cloud.official.mandarinoriental.com https://zn1z6joka9pfuojsc-mohgcx.siteintercept.qualtrics.com https://www.wepowerconnections.com https://lantern.roeyecdn.com https://tags.creativecdn.com https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.go-mpulse.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://assets.adobedtm.com https://b99.yahoo.co.jp https://commerce.adobedtm.com https://cdn.cookielaw.org https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://p.teads.tv https://recaptcha.net https://snap.licdn.com https://static-exp1.licdn.com https://sc-static.net https://static.tacdn.com https://s.yimg.jp https://tagmanager.google.com https://tr.snapchat.com https://www.clarity.ms https://www.awin1.com https://www.dwin1.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.cn/recaptcha/ https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://linkcenterus.derbysoftsec.com/ https://px.ads.linkedin.com/ https://analytics.tiktok.com https://secde.trivago.com https://js.verygoodvault.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://cloud.e.mandarinoriental.com https://cloud.official.mandarinoriental.com *.licdn.com *.google.com www.googletagmanager.com; img-src 'self' data: https://*; worker-src 'self' blob:; 3 default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb.celum.cloud https://chcloudoebbexportprod.blob.core.windows.net https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.botframework.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io https://*.traumgutscheine.com https://myincert.com https://*.myincert.com https://jrrsxh.obb-italia.com; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://oebb.celum.cloud https://*.playertec.de https://api.siteimprove.com https://directline.botframework.com https://europe.directline.botframework.com wss://europe.directline.botframework.com wss://directline.botframework.com https://powerva.microsoft.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://api.userback.io https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://jrrsxh.obb-italia.com; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://chcloudoebbexportprod.blob.core.windows.net https://*.ytimg.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://*.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at; frame-ancestors 'self' https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; child-src blob: https://*.oebb.at https://www.traumgutscheine.com https://railtours.traumgutscheine.com; worker-src blob: https://*.oebb.at; 3 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.online-metrix.net https://*.parcellab.com https://analytics.google.com https://facebook.com https://fonts.gstatic.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://www.google-analytics.com https://*.lidl.nl https://analytics.tiktok.com data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.ftrace.com https://*.lidl-info.com https://*.lidl-shop.nl https://*.vrxs.de https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://tbs.tradedoubler.com https://www.edge-cdn.net https://*.lidl.nl; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz moz-extension: https://*.advertising.com https://*.adyen.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.stickyadstv.com https://*.taboola.com https://*.tradetracker.net https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://awin1.com https://content.odj.cloud https://contextual.media.net https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://match.sharethrough.com https://play-lh.googleusercontent.com https://sync.outbrain.com https://translate.google.com https://translate.google.com https://visitor.omnitagjs.com https://www.google-analytics.com https://www.lidl-shop.be https://*.lidl.nl https://analytics.tiktok.com data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com https://*.lidl-shop.nl https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.parcellab.com https://*.semtrack.de https://*.tradetracker.net https://ajax.googleapis.com https://cdn.ravenjs.com https://code.etracker.com https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://s.ytimg.com https://www.dwin1.com https://www.google-analytics.com https://track.adform.net https://s2.adform.net https://analytics.tiktok.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.fitanalytics.com https://*.lidl-shop.nl https://*.parcellab.com https://facebook.com https://forms.office.com https://lidl-shop.nl; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io https://beeem.co https://lidl-shop.nl; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 3 default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com https://tracking.g2crowd.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://*.clarity.ms https://api.ipstack.com/check https://cdn.leandata.com https://app.leandata.com https://s15952.pcdn.co; font-src 'self' data: font/woff data: font/woff2 data: font/otf data: font/ttf https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://cdn.leandata.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co https://c.bing.com https://c.clarity.ms; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'self' https://*.google-analytics.com https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com https://js.zi-scripts.com https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://*.clarity.ms https://app.leandata.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; 3 default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; 3 frame-ancestors 'self' *.authorize.net 3 default-src blob: 'self' https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.iovox.com/ http://vimeo.com https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; img-src * blob: data:; 3 default-src 'self' data: blob: *.wien.gv.at *.data.gv.at *.magwien.gv.at sabio.magwien.gv.at *.cookiebot.com *.wien.at *.kavedo.com; connect-src 'self' *.magwien.gv.at *.wien.gv.at *.data.gv.at *.cookiebot.com wien.kavedo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.youtube.com *.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com *.wien.gv.at *.wien.at www.gstatic.com *.kavedo.com npmcdn.com nominatim.openstreetmap.org *.magwien.gv.at unpkg.com fonts.googleapis.com s3-shared.labs.sabio.de maxcdn.bootstrapcdn.com www.apa-fotoservice.at www.ots.at; style-src 'self' 'unsafe-inline' *.data.gv.at *.magwien.gv.at *.wien.gv.at *.kavedo.com npmcdn.com unpkg.com *.sabio.de *.googleapis.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com; img-src 'self' data: blob: *.wien.gv.at *.cookiebot.com *.siteimproveanalytics.io siteimproveanalytics.io *.youtube.com *.ytimg.com *.wien.at *.kavedo.com npmcdn.com *.openstreetmap.org *.magwien.gv.at www.apa-fotoservice.at www.ots.at; frame-src 'self' api-mp.adrom.net basemap.at consentcdn.cookiebot.com *.data.gv.at *.google.com e.issuu.com experience.arcgis.com issuu.com lvg.maps.arcgis.com public.tableau.com vimeo.com *.youtube.com kalender.digital *.wien.at *.wien.gv.at *.youtube-nocookie.com calendar.google.com accounts.google.com *.magwien.gv.at www.apa-fotoservice.at www.ots.at; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com wien.kavedo.com *.wien.gv.at *.magwien.gv.at; 3 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob: https: ; font-src 'self' data: https: ; worker-src 'self' blob: ; 3 frame-src 'self' https://*.zf.com https://zf-chatbot-ithelpbot-fe.azurewebsites.net/ https://*.dynamics.com/ https://embed.neospace.io/ https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: https://*.zf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://cdnapi.kaltura.com https://api.de.kaltura.com https://cdnapisec.kaltura.com https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://vjs.zencdn.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://maps.googleapis.com https://dqm.crownpeak.com; frame-ancestors 'self' https://*.zf.com https://*.zf-world.com https://araiv.com https://www.zffcn.com https://zf-lifetec.com https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://*.crownpeak.com; 3 frame-ancestors 'self' https://www.tubev.sex https://www.tubevinsex.com https://www.tbvsex.com https://www.tubevcn2.com 3 frame-ancestors 'self' ssense.com *.ssense.com 3 frame-ancestors 'self' https://*.contentstack.com; 3 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 3 frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 3 frame-ancestors 'self' app.ynab.com 3 frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.daytondailynews.com https://editions.daytondailynews.com 3 default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nuveen.com cdn.prod.uidapi.com *.brightcove.com tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.omtrdc.net *.tiaa.org tiaa.org apps.nuveen.org *.nuveen.com optimize.google.com *.googleoptimize.com *.googleanalytics.com *.google-analytics.com ad.doubleclick.net *.googlesyndication.com tools.inviteeducation.com *.googletagmanager.com *.gstatic.com maps.googleapis.com cdn.cookielaw.org *.salesforceliveagent.com players.brightcove.net *.qualtrics.com *.google.com cdn.evgnet.com *.evgnet.com *.azurewebsites.net s.go-mpulse.net cdn.polyfill.io cdnjs.cloudflare.com *.morningstar.com *.akamaihd.net *.nuveen.com tag.demandbase.com *.google-analytics.com script.crazyegg.com snap.licdn.com static.ads-twitter.com pi.pardot.com js.adsrvr.org info.nuveen.com action.dstillery.com googleads.g.doubleclick.net *.googleadservices.com api.ipify.org analytics.google.com stats.g.doubleclick.net action.media6degrees.com ajax.googleapis.com *.nuveen.com polyfill.io unpkg.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.broadridge.com *.bing.com *.clarity.ms *.callrail.com *.byspotify.com *.spotify.com *.newrelic.com connect.facebook.net beacon.whitemarbleconsulting.com cdn.matomo.cloud *.crazyegg.com *.vev.design tiaabank.us-4.evergage.com *.infogram.com blob:;style-src 'self' 'unsafe-inline' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net optimize.google.com *.googleoptimize.com fonts.googleapis.com *.morningstar.com *.broadridge.com *.crazyegg.com tiaabank.us-4.evergage.com;img-src data: 'self' api.nuveen.com *.google-analytics.com ad.doubleclick.net d.turn.com *.gstatic.com cdn.cookielaw.org maps.gstatic.com maps.googleapis.com *.b2i.us *.nuveen.com id.rlcdn.com *.morningstar.com *.azurewebsites.net *.googletagmanager.com googleads.g.doubleclick.net *.google.com *.google.co.in *.linkedin.com t.co analytics.twitter.com googleads.g.doubleclick.net segments.company-target.com *.google-analytics.com match.adsrvr.org beacon.krxd.net a.audrte.com stags.bluekai.com idsync.rlcdn.com ib.adnxs.com ce.lijit.com dt-secure.videohub.tv dpm.demdex.net aa.agkn.com us-u.openx.net *.akamaihd.net *.qualtrics.com *.bing.com *.clarity.ms pixel.byspotify.com *.crazyegg.com *.brightcove.com tiaabank.us-4.evergage.com *.boltdns.net *.facebook.com data:;font-src data: 'self' fonts.gstatic.com fonts.googleapis.com optimize.google.com *.morningstar.com tiaabank.us-4.evergage.com;connect-src 'self' *.nuveen.com *.brightcove.com global.prod.uidapi.com mboxedge34.tt.omtrdc.net tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.azurewebsites.net *.googlesyndication.com ad.doubleclick.net bat.bing.com maps.googleapis.com siteintercept.qualtrics.com cdn.cookielaw.org/ tiaabank.us-4.evergage.com *.b2i.us c.go-mpulse.net *.akamaihd.net *.akstat.io *.morningstar.com api.company-target.com script.crazyegg.com *.google-analytics.com stats.g.doubleclick.net *.crazyegg.com analytics.google.com geolocation.onetrust.com privacyportal.onetrust.com cdn.linkedin.oribi.io *.hawkeye.epsilon.com *.fundslibrary.net *.services.visualstudio.com *.clarity.ms *.company-target.com tag-logger.demandbase.com *.callrail.com *.byspotify.com *.linkedin.com *.spotify.com beacon.matomo.cloud bam.nr-data.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.adsrvr.org *.google.com *.vev.page *.infogram.com;media-src 'self' bcbolt446c5271-a.akamaihd.net https://nuv-tts-cdn.azureedge.net house-fastly-signed-us-east-1-prod.brightcovecdn.com *.boltdns.net blob:;object-src 'none' ;child-src 'self' blob:;frame-ancestors 'self' ;frame-src 'self' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net c-pace.greenworkslending.com optimize.google.com *.googleoptimize.com v3.inviteeducation.com players.brightcove.net *.google.com *.adsrvr.org *.doubleclick.net *.nuveen.com *.company-target.com reporting.nuveenglobal.info icx.efrontcloud.com *.googlesyndication.com tiaa2.co1.qualtrics.com www.googletagmanager.com *.infogram.com;form-action 'self' tiaa2.co1.qualtrics.com;manifest-src 'none' ; 3 default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://js-eu1.hubspot.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com https://js-eu1.hsforms.net; 3 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.friendlycaptcha.eu *.frcapi.com *.etermin.net *.googleadservices.com *.g.doubleclick.net *.doubleclick.net wpml.org cdn.wpml.org api.wpml.org api.toolset.com cloudfront.net *.cloudfront.net link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu oribi.io *.oribi.io secure.gravatar.com google-analytics.com *.google-analytics.com youtube-nocookie.com *.youtube-nocookie.com consentmanager.net *.consentmanager.net google.com *.google.com google.de *.google.de linkedin.com *.linkedin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu secure.gravatar.com *.w.org consentmanager.net *.consentmanager.net linkedin.com *.linkedin.com ytimg.com *.ytimg.com google.de *.google.de data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.friendlycaptcha.eu *.frcapi.com *.etermin.net *.doubleclick.net link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu ajax.googleapis.com consentmanager.net *.consentmanager.net licdn.com *.licdn.com linkedin.com *.linkedin.com youtube.com *.youtube.com googletagmanager.com *.googletagmanager.com data: blob:; 3 frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 3 default-src 'self' *.firebaseapp.com *.amazoncognito.com *.adobeaemcloud.com; connect-src 'self' *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.facebook.net *.adobelogin.com booking.flytap.com *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.pt *.google.es *.onetrust.com *.cloudflare.com *.google-analytics.com *.adobeaemcloud.com *.adobe.com cdn.cookielaw.org *.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com wss://wsa1.byside.com wss://eu-live.inside-graph.com *.firebaseapp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.youtube.com *.visualwebsiteoptimizer.com *.facebook.net *.adobe.io *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.pt *.google.es *.cloudflare.com booking.flytap.com *.onetrust.com cdn.cookielaw.org universal-editor-service.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com *.cloudflareinsights.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' universal-editor-service.adobe.io *.visualwebsiteoptimizer.com *.facebook.com *.facebook.net fonts.googleapis.com *.experience.adobe.net *.inside-graph.com *.google.pt *.google.es *.cloudflare.com *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com; img-src 'self' blob: data: *.doubleclick.net *.ytimg.com *.visualwebsiteoptimizer.com *.facebook.com *.facebook.net *.google.pt *.experience.adobe.net *.inside-graph.com *.google.es *.onetrust.com cdn.cookielaw.org *.cloudflare.com *.googletagmanager.com *.adobeaemcloud.com *.adobe.com *.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com; font-src 'self' fonts.gstatic.com *.experience.adobe.net *.inside-graph.com *.cloudflare.com *.coremedia.cloud *.byside.com *.firebaseapp.com data:; frame-src 'self' *.doubleclick.net *.experience.adobe.net *.inside-graph.com *.firebaseapp.com *.cloudflare.com *.youtube.com *.adobeaemcloud.com *.adobe.com *.experiencecloud.live; object-src 'none'; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.adobeaemcloud.com *.adobe.com *.adobe.net *.experiencecloud.live *.amazoncognito.com; upgrade-insecure-requests; 3 default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googlesyndication.com www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://prismic.io https://cookie-cdn.cookiepro.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://va.vercel-scripts.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com *.cookielaw.org; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://www.googletagmanager.com *.tiktok.com *.ttwstatic.com *.onetrust.com *.cookielaw.org 'unsafe-inline'; connect-src 'self' https://*.googlesyndication.com www.googletagmanager.com https://www.facebook.com https://www.google.com/ https://connect.facebook.net https://app-backend.toolsforhumanity.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://player.vimeo.com https://vimeo.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.vimeocdn.com *.gstatic.com *.tiktokw.us *.tiktok.com *.ttwstatic.com *.onetrust.com *.cookielaw.org; img-src 'self' blob: data: www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.gstatic.com *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com *.cookielaw.org; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com *.cookielaw.org; frame-src 'self' https://www.googletagmanager.com/ https://connect.facebook.net https://www.facebook.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.vimeocdn.com *.google.com 3 frame-ancestors https://events.martech.org https://martech.org 3 default-src https: wss://floatbot.ai *.gstatic.com *.googleapis.com data: https://*.zscalerthree.net 'self' https://www.google-analytics.com https://fonts.gstatic.com https://floatbot.ai https://cdn.jsdelivr.net ; script-src https://*.zscalerthree.net https://offerswidget.visa.com https://apis.mapmyindia.com https://www.mappls.com 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com *.googleapis.com https://floatbot.ai *.gstatic.com www.google.com *.google-analytics.com apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://boiweb.bankofindia.co.in/elearning ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net *.googleapis.com *.gstatic.com www.google.com ; frame-ancestors 'self' ; 3 frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 3 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src ct.pinterest.com s.pinimg.com *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel *.dwin1.com lhopa01.custhelp.com rum.hlx.page 'unsafe-inline' 'unsafe-eval'; object-src 'none' ; worker-src blob: *.austrian.com; 3 frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 3 default-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com; connect-src 'self' https://mapsresources-pa.googleapis.com/ https://cdn-ukwest.onetrust.com https://tag-logger.demandbase.com/ https://pagead2.googlesyndication.com/pagead/ https://www.gstatic.com/maps/ https://privacyportal-uk.onetrust.com/request/ https://privacyportaluatde.onetrust.com/request/ https://segments.company-target.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.company-target.com/api/ https://maps.googleapis.com/ https://dpm.demdex.net/id https://barclaysinternational.sc.omtrdc.net/b/ss/ https://barclaysbankplc.tt.omtrdc.net/m2/barclaysbankplc/mbox/ https://cdn.linkedin.oribi.io/partner/ https://www.media.barclays.co.uk/ https://segments.company-target.com/ https://px.ads.linkedin.com/ https://uat-de.onetrust.com/api/ https://app-uk.onetrust.com/api/; img-src 'self' data: https://www.googletagmanager.com https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.co.in/ https://maps.googleapis.com/ https://adservice.google.com/ https://ad.doubleclick.net/ https://id.rlcdn.com/ https://cdn.cookielaw.org/ https://dev.day.com/ https://www.media.barclays.co.uk/assets/ https://px.ads.linkedin.com/ https://cm.everesttech.net/cm/ https://barclaysinternational.sc.omtrdc.net/b/ss/ https://maps.gstatic.com/ https://www.linkedin.com/ https://www.google.com.au https://www.google.co.bw https://www.google.com.br https://www.google.be https://www.google.ca https://www.google.cn https://www.google.com.cy https://www.google.dk https://www.google.com.eg https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gg https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.ie https://www.google.im https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.je https://www.google.co.ke https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.mu https://www.google.com.mx https://www.google.co.mz https://www.google.nl https://www.google.com.ng https://www.google.no https://www.google.com.pk https://www.google.com.ph https://www.google.pt https://www.google.com.pr https://www.google.com.qa https://www.google.ru https://www.google.com.sa https://www.google.sc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.tz https://www.google.com.tr https://www.google.co.th https://www.google.ae https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.co.zm https://www.google.co.zw https://t.co/ https://analytics.twitter.com/ https://cdn-ukwest.onetrust.com https://ad.doubleclick.net/ https://www.ib.barclays/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com https://snap.licdn.com/li.lms-analytics/ https://code.highcharts.com/ https://www.highcharts.com https://platform.twitter.com/widgets.js https://assets.adobedtm.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://static.ads-twitter.com/ https://tag.demandbase.com/ https://www.media.barclays.co.uk/ https://googleads.g.doubleclick.net/ blob:; frame-src 'self' https://platform.twitter.com/ https://www.investmentbank.barclays.com https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://s.company-target.com/ https://barclaysbankplc.demdex.net/ https://td.doubleclick.net/; style-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com 'unsafe-inline' 3 upgrade-insecure-requests; frame-ancestors 'self' https://customer.norwegian.com 3 frame-ancestors 'self' https://dealerexperience.cadillac.com 3 frame-ancestors 'self' https://www.trendhunter.com https://www.jeremygutsche.com https://www.betterandfaster.com https://www.trendreports.com https://www.futurefestival.com https://www.keynotes.org https://www.exploitingchaos.com https://www.trendhunter.ai https://www.createthefuturebook.com https://go.trendhunter.com https://www.surveyfast.com https://www.cleanthesky.com https://www.newshunter.com 3 default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 3 frame-ancestors 'self' https://aniwatch.to https://aniwatchtv.to https://aniwatch.nz https://aniwatch.se https://hianime.to https://hianime.nz https://hianime.mn https://hianime.sx https://hianime.is https://hianime.bz https://hianime.pe https://hianimez.to/ https://hianimez.is/ https://hianime.gs/ https://hianime.cx/ https://9anime.vc https://9anime.se https://9anime.pe https://9animetv.to https://anicrush.to 3 default-src 'self' https://horizon-api.www.myprotein.com https://*.rlcdn.com/; child-src 'self' https://g.ezoic.net/ https://sgtm.myprotein.com/ https://ams.creativecdn.com https://*.ringcentral.com https://*.cloudfront.net https://*.smct.io/ https://*.rlcdn.com/ https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://youtu.be/ https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.dynamicyield.com/ *.ezodn.com *.id-mx.com *.yahoo.com *.ad.gt id-sync.com *.crwdcntrl.net *.adsrvr.org *.rubiconproject.org *.adnxs.com onetag-sys.com *.googlesyndication.com *.adtrafficquality.google https://g.ezoic.net/ https://*.seroundprince.com/ https://ams.creativecdn.com wss://*.ringcentral.com https://*.ringcentral.com https://*.amazonaws.com/ https://*.smct.io https://*.snapchat.com/ https://*.rlcdn.com/ https://*.contentsquare.net https://click.prod.mplat-ppcprotect.com https://*.listrakbi.com/ https://www.wepowerconnections.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.myprotein.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://sgtm.myprotein.com; font-src 'self' data: https://*.dynamicyield.com/ https://*.smct.io/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.com https://m.myprotein.com https://checkout.myprotein.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com https://youtu.be/; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.dynamicyield.com/ *.id5-sync.com id-sync.com https://www.ezojs.com/ https://go.ezodn.com/ https://g.ezoic.net/ https://*.seroundprince.com/ https://tags.creativecdn.com/ https://*.ringcentral.com/ https://*.smct.io https://smct.co/ https://*.smct.co/ https://ct.pinterest.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://*.contentsquare.net https://app.contentsquare.com https://*.listrakbi.com/ https://s.pinimg.com/ https://*.listrakbi.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://youtu.be/ https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.com; frame-ancestors 'self' https://www.instagram.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.smct.io/ https://*.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 3 upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' *.puzzel.com yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl yourhosting.freshchat.com https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net https://*.googletagmanager.com; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.analytics.google.com *.linkedin.com *.puzzel.com *.argeweb.nl argeweb.netwerkstatus.nl *.google-analytics.com https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://analytics.google.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3 frame-ancestors https://*.phoenixcontact.com http://*.phoenixcontact.com https://*.phoenixcontact.com.cn http://*.phoenixcontact.com.cn https://phoenixcontact.custhelp.com https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch/de https://topjobs.ch https://*.ariba.com https://*.coupa.com https://phoenix.enterprise.punchcommerce.de https://dev-phoenixcontact.one.punchcommerce.de https://uit02.jaggaer.com https://app02.jaggaer.com https://*.phoenixcontact.coremedia.cloud https://*.operations.eu.dynamics.com https://*.openordering.de https://*.wiredminds.de 3 frame-ancestors 'self' *.orange.ro 3 frame-src 'self' https://www.floridahealth.gov https://www.youtube.com https://www.google.com https://forms.office.com https://fdoh.maps.arcgis.com https://www.facebook.com https://web.facebook.com https://www.twitter.com https://platform.twitter.com https://analytics.analytics-egain.com https://qlik.floridahealth.gov https://maps.google.com 3 default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 3 default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com acsbapp.com ws.zoominfo.com *.hubspot.com *.driftt.com *.crazyegg.com blob: *.googleapis.com *.gstatic.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com *.drift.com *.driftt.com *.adroll.com *.crazyegg.com *.google.com theorthoshow.com *.cohostpodcasting.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com *.googlesyndication.com *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.taboola.com *.3lift.com *.company-target.com *.facebook.com *.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com *.drift.com *.driftt.com *.crazyegg.com *.contextweb.com *.hubspot.com connect.facebook.net blob: 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com *.crazyegg.com; 3 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blueimp.github.io *.jquery.com *.toast.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com https://snap.licdn.com *.linkedin.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.toast.com *.linkedin.com *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' *.linkedin.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 3 default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:; style-src 'self' 'unsafe-inline' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.genetec.com https://*.marketo.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; media-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.genetec.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://youtu.be https://static.cloudflareinsights.com; frame-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://bid.g.doubleclick.net www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bloomreach.cloud https://*.doubleclick.net https://*.facebook.com https://*.genetec.com https://*.geneteccloud.com https://*.google.com https://*.livechatinc.com https://*.marketo.com https://*.podbean.com https://*.powerappsportals.com https://*.youtube.com https://static.addtoany.com https://oc-cdn-public.azureedge.net genetec.involve.me https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; img-src 'self' 'unsafe-inline' data: *; connect-src 'self' *; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://static.addtoany.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://oc-cdn-public.azureedge.net https://www.redditstatic.com genetec.involve.me https://www.redditstatic.com ajax.googleapis.com https://maps.googleapis.com https://js.navattic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; font-src 'self' 'unsafe-inline' data: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.cdntwrk.com https://*.genetec.com https://static.cloudflareinsights.com https://cdn.livechatinc.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; object-src 'none'; frame-ancestors 'self'; 3 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com https://*.rudderlabs.com https://api.rudderstack.com 3 object-src 'none'; script-src 'unsafe-eval' https://snap.licdn.com/ https://cdn.calibermind.com/ https://a.quora.com/ https://app.cdn.lookbookhq.com/ https://connect.facebook.net/ https://ct.capterra.com/ https://ga.clearbit.com/ https://js.adsrvr.org/ https://munchkin.brightfunnel.com/ https://munchkin.marketo.net/ https://static.ads-twitter.com/ 'unsafe-inline' http://schema.org https://*.cloudfront.net/ https://*.googletagmanager.com https://a.omappapi.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://cdn.abrankings.com https://cdn.abrankings.com/ https://cdn.cookielaw.org/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdn.onesignal.com/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://code.jquery.com/ https://collector-5527.tvsquared.com/ https://fonts.googleapis.com/ https://go.sentinelone.com/ https://googleads.g.doubleclick.net/ https://j.6sc.co/ https://js.maxmind.com/ https://js.qualified.com/ https://onesignal.com/ https://pixel-geo.prfct.co/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://pt.ispot.tv/ https://pubads.g.doubleclick.net/ https://px.spiceworks.com/ https://script.hotjar.com/ https://scripts.demandbase.com/ https://sentinelone.com https://ssl.google-analytics.com https://staging.s1preview.com/ https://static.hotjar.com/ https://tag.marinsm.com/ https://ws.qualified.com/ https://www.clickcease.com/ https://www.google-analytics.com https://www.google-analytics.com/ https://www.google.com/* https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.redditstatic.com/ https://www.vantajs.com/ https://www.youtube.com/ https://yoast.com/ https://www.google.com/ https://qualified.com/ https://www.vantajs.com/ https://js.maxmind.com/ https://cdn.onesignal.com/ https://cdn.datatables.net/ https://platform-api.sharethis.com/ https://yoast.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://js-agent.newrelic.com/ https://www.sentinelone.com/ https://boards.greenhouse.io/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://bam.nr-data.net/ https://cdn.linkedin.oribi.io/ https://fr.sentinelone.com/ https://it.sentinelone.com/ https://jp.sentinelone.com/ https://de.sentinelone.com/ https://it.sentinelone.com/ https://es.sentinelone.com/ https://nl.sentinelone.com/ https://kr.sentinelone.com/ https://www.google.it/ https://www.google.co.jp/ https://www.google.de/ https://ar.sentinelone.com/ https://www.google.es/ https://www.google.fr/ https://www.google.nl/ https://sonix.ai https://bam.nr-data.net/ https://docs.google.com/ https://apis.google.com/js/api.js/ https://accounts.google.com/ https://*.googleapis.com *.google.com https://*.gstatic.com https://sheets.googleapis.com/ https://tags.srv.stackadapt.com/events.js https://js.storylane.io/ https://qvdt3feo.com/ https://javascript.heeet.io/ https://api.brightfunnel.com https://a23gjzphzj.execute-api.us-east-1.amazonaws.com/ https://geolocation.onetrust.com/ https://js-agent.newrelic.com/ https://www.gstatic.com/ https://tag.demandbase.com/ https://cdnjs.com/libraries/Chart.js js.knock-ai.com https://www.clarity.ms https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/ blob: https://ws-assets.zoominfo.com/ https://app.optimizely.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/ https://pagead2.googlesyndication.com/ https://cdn.intellimize.co/ https://mastodon.social/ https://embed.bsky.app/ https://js-agent.newrelic.com/ https://prod.impartner.live https://packages.prmcdn.io https://partners.sentinelone.com https://tracking-api.g2.com; frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost https://a23gjzphzj.execute-api.us-east-1.amazonaws.com/ https://ws-assets.zoominfo.com/ https://partners.sentinelone.com; 3 frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' https:; connect-src 'self' https: wss: wss://*.docsbot.ai; img-src 'self' data: https: blob:; font-src 'self' data: https:; 3 frame-ancestors 'self' https://attivazioni.windtre.it attivazioni.windtre.it https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it buy.shop.windtre.it https://selfcare-pwa-bs.gcp.windtre.it ; 3 frame-ancestors 'self' https://www.spikenow.com https://spikenow.com https://lp.spikenow.com 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;style-src-elem data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 3 frame-ancestors 'self' https://1984.demo-site.is; 3 frame-ancestors https://monotype.mindtickle.com https://admin.mindtickle.com https://support.monotype.com; report-uri /report-csp-violation 3 child-src 'self' https://apps.rokt.com https://sgtm.dermstore.com https://us.creativecdn.com https://dermstore.attn.tv https://creatives.attn.tv https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.bam-x.com https://*.attn.tv https://ln-rules.rewardstyle.com https://cdn.pbbl.co https://www.pinterest.com https://app.qubit.com blob: https://*.awin1.com https://*.zenaps.com https://gum.criteo.com https://*.abtasty.com https://events.release.narrativ.com https://*.powerreviews.com https://ct.pinterest.com https://fledge.eu.criteo.com https://static.criteo.net https://ams.creativecdn.com https://www.provenance.org;connect-src 'self' https://stg.api.bazaarvoice.com https://api.bazaarvoice.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://us.creativecdn.com https://dermstore.attn.tv https://ilarh.dermstore.com https://events.attentivemobile.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://www.emjcd.com https://www.mczbf.com https://www.sjwoe.com https://*.attn.tv https://events.attentivemobile.com https://events.release.narrativ.com https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.dermstore.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://cdn.cookielaw.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://*.abtasty.com data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com https://sgtm.dermstore.com https://w0a7cq3k2e.execute-api.us-west-1.amazonaws.com https://vhw8mjja9e.execute-api.us-west-1.amazonaws.com https://sd7sf8u3fj.execute-api.us-west-1.amazonaws.com https://*.gethumankind.com https://cognito-identity.us-west-1.amazonaws.com https://*.criteo.net https://*.ringcentral.com https://ams.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net;default-src https://*.lpsnmedia.net;font-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://*.ringcentral.com;form-action 'self' https://www.facebook.com https://checkout.dermstore.com https://connect.facebook.net https://tr.snapchat.com;frame-ancestors 'self';img-src 'self' data: https://*.dynamicyield.com/ https://events.attentivemobile.com https://dermstore-us.attn.tv https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https: blob:;media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://media.gethumankind.com;object-src 'self' https://*.thcdn.com https://www.youtube.com;report-uri https://csp.thehut.net/cspReport.txt;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://apps.bazaarvoice.com https://cdn.attn.tv https://ilarh.dermstore.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://us.creativecdn.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://static.narrativ.com https://cdn.attn.tv https://ln-rules.rewardstyle.com https://collector-8550.tvsquared.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://app.contentsquare.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.cookielaw.org blob: https://*.abtasty.com https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com https://sgtm.dermstore.com https://*.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com https://tags.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org;style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://*.powerreviews.com https://assets.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com;upgrade-insecure-requests;report-to csp-endpoint 3 frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net static.cloudflareinsights.com api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me event-verify-test.s3.ap-east-1.amazonaws.com s3.ap-east-1.amazonaws.com *.amazonaws.com viapoolconfig.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; connect-src viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net event-verify-test.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 3 frame-ancestors 'self' https://mail.vodafone.de 3 default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self'; report-uri https://3f88b768f9ca759710ab36a8b6c50c86.report-uri.com/r/d/csp/reportOnly 3 default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 3 img-src 'self' *.marketo.com *.adsrvr.org *.thrtle.com thrtle.com *.demdex.net *.liadm.com *.tapad.com *.stackadapt.com *.adnxs.com *.bidswitch.net *.omappapi.com *.clarity.ms *.pushcrew.com *.rlcdn.com *.clickagy.com *.superpinkday.com *.doubleclick.net *.vimeocdn.com www.alertlogic.com www.google.com *.amazonaws.com *.wpengine.com *.google-analytics.com *.youtube.com *.techtarget.com *.vimeo.com cdn.bizible.com *.visualwebsiteoptimizer.com b.6sc.co secure.gravatar.com www.facebook.com *.linkedin.com t.co *.bing.com *.adsymptotic.com and alertlogic.sc.omtrdc.net cdn.cookielaw.org cdn.bizibly.com okt.to *.techtarget.com www.googletagmanager.com ps.w.org *.quora.com fonts.gstatic.com *.neverbounce.com *.twitter.com *.clearbitjs.com *.trustarc.com *.adroll.com *.fortra.com *.company-target.com *.yahoo.com *.pubmatic.com *.3lift.com *.taboola.com *.openx.net *.outbrain.com *.casalemedia.com *.rubiconproject.com *.reson8.com *.g2crowd.com data: 'unsafe-inline' 'unsafe-eval' data:; 3 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de https://www.slipcase.com https://marketplace.marsh.com; 3 frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 3 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://mc.yandex.ru *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net https://ashotb2b.pbx.mts.am/callback.js?uid=3822cf6b-fe65-4d68-980d-fe4b344ba376 *.googletagmanager.com/gtag/ http://www.viva.am/page-not-found https://api-maps.yandex.ru/2.1/?apikey=855a6e65-595e-4144-a39b-bcac9495ca90&load=Map&lang=en_US& 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/img/flags.png 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ https://www.googletagmanager.com/ *.yandex.com/ https://yandex.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md https://px.ads.linkedin.com/wa/ https://analytics.google.com/ *.googletagmanager.com/gtag/ https://suggest-maps.yandex.ru/v1/suggest?apikey=a84162da-2823-4250-961a-655808c97cca&types=biz%2Cgeo&text=%D0%A8%D0%BE%D0%BA%D0%BE%D0%BB%D0%B0%D0%B4%D0%BD%D0%B8%D1%86%D0%B0&lang=en_US&results=5&origin=jsapi2Geocoder&print_address=1&bbox=44.41558624267572%2C40.130943052328576%2C44.58038116455074%2C40.21561459277751&strict_bounds=0 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 3 default-src 'self' 'unsafe-inline' player.podigee-cdn.net fonts.googleapis.com *.google.at *.google.de *.google.es *.google.ch *.google.com blob:; img-src 'self' cm.everesttech.net secure.gravatar.com i.ytimg.com *.google.at *.google.de *.google.es *.google.ch *.google.com *.axelspringer.com www.googletagmanager.com imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net www.everestjs.net tags.tiqcdn.com cmp.axelspringer.com www.googletagmanager.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com www.googletagmanager.com consent.cookiebot.com ajax.googleapis.com blob:; font-src 'self' player.podigee-cdn.net fonts.gstatic.com data:; frame-ancestors www.axelspringer.com; frame-src open.spotify.com player.podigee-cdn.net www.axelspringer.com cmp.axelspringer.com resources-production.la.welt.de www.youtube.com axelspringerse.demdex.net *.google.at *.google.de *.google.es *.google.ch *.google.com www.googletagmanager.com embed.acast.com consentcdn.cookiebot.com blob:; connect-src 'self' as.axelspringer.com dpm.demdex.net cmp.axelspringer.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com *.google-analytics.com googleads.g.doubleclick.net 3 frame-ancestors 'self' nvc.net jamesvalley.com; 3 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.beuth.de *.dinmedia.de https://blickinsbuch.de/gateway/ https://*.blickinsbuch.de/gateway/ *.podigee-cdn.net *.etracker.com *.etracker.de *.ytimg.com *.hotjar.com *.soundcloud.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.youtube.com/iframe_api https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://code.jquery.com https://public.flourish.studio/resources/embed.js *.freshworks.com *.bing.com siteimproveanalytics.com https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.module.min.js; style-src 'self' 'unsafe-inline' *.podigee-cdn.net https://fonts.googleapis.com *.freshworks.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.freshdesk.com https://beuth.prudsys-rde.de https://flourish-api.com https://public.flourish.studio https://*.hotjar.com https://stats.g.doubleclick.net https://*.hotjar.io *.etracker.de wss://*.hotjar.com *.freshworks.com *.openstreetmap.org *.friendlycaptcha.com; font-src 'self' *.podigee-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' blob: data: https://*.blickinsbuch.de *.soundcloud.com *.podigee-cdn.net https://flourish-api.com https://googleads.g.doubleclick.net https://*.hotjar.com *.google.com *.google.de *.youtube-nocookie.com *.youtube.com https://flo.uri.sh https://www.openstreetmap.org https://cdn.knightlab.com/; img-src * data:; frame-ancestors 'self' *.beuth.de *.dinmedia.de *.din.de *.etracker.com; worker-src 'self' blob:; 3 default-src 'self' *.analytics.google.com *.google.com *.google-analytics.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com 77d8e64489354683a242e226ad9ed96b.svc.dynamics.com www.googletagmanager.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net staticzone.idigitalcontents.com viz.tools.investis.com form.typeform.com matt317952.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com staticcontents.investis.com tagmanager.google.com www.googletagmanager.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net embed.typeform.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net mktdplp102cdn.azureedge.net staticcontents.investis.com js-agent.newrelic.com otp.tools.investis.com staticzone.idigitalcontents.com viz.tools.investis.com *.analytics.google.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com embed.typeform.com; media-src 'self' *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net viz.tools.investis.com; connect-src 'self' *.linkedin.com px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io bam.eu01.nr-data.net *.googlesyndication.com *.analytics.google.com *.google.com *.doubleclick.net *.google-analytics.com www.google.co.in analytics.google.com www.facebook.com/tr/ in.hotjar.com staticzone.idigitalcontents.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 3 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 3 default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 3 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 3 default-src 'self' style-src 'unsafe-inline' 3 connect-src 'self' *.zohopublic.eu *.googleadservices.com google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com *.limesurvey.org wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org account.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src www.googletagmanager.com *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' *.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 3 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: blob:; img-src * data: blob:; font-src * data:; connect-src *; media-src *; object-src *; frame-src *; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; media-src 'self' https:; frame-src 'self' https: 3 font-src *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ notifications.wisepops.com wisepops.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.clearpay.co.uk *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com *.brandalley.co.uk *.brandalley.fr *.mirakl.net *.google.co.uk *.google.com *.google.ie *.doubleclick.net *.facebook.com *.bing.com *.facebook.net *.cloudflareaccess.com fonts.gstatic.com www.emjcd.com cj.dotomi.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net *.bing.net *.afterpay.com *.clearpay.co.uk *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ d5yoctgpv4cpx.cloudfront.net dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com *.mention-me.com code.jquery.com *.sentry-cdn.com *.klarnaservices.com osm.klarnaservices.com na-library.klarnaservices.com *.cloudflareinsights.com insights.algolia.io *.attn.tv *.bing.com *.pinimg.com *.facebook.net *.emjcd.com *.scarabresearch.com *.facebook.com *.pinterest.com cdn.cookielaw.org/ gtm.brandalley.co.uk *.mczbf.com *.sjwoe.com *.cj.com cdn.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net cdn.rudderlabs.com *.googletagmanager.com tagmanager.google.com *.trustpilot.com *.plugins.emarsys.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net googletagmanager.com *.stripe.network *.stripecdn.com *.amazon.com *.afterpay.com/ *.squarecdn.com *.fontawesome.com tagmanager.google.com fonts.google.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io d5yoctgpv4cpx.cloudfront.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com dev.visualwebsiteoptimizer.com *.onetrust.com *.mention-me.com static.mention-me.com invitejs.trustpilot.com *.brandalley.fr *.brandalley.co.uk analytics-staging.brandalley.fr analytics-staging.brandalley.co.uk analytics.brandalley.fr analytics.brandalley.co.uk *.afterpay.com *.klarnaservices.com *.sentry.io *.doubleclick.net *.pinterest.com pagead2.googlesyndication.com events.attentivemobile.com *.attn.tv *.bing.com *.mczbf.com activity.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net *.bing.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.rudderstack.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.scarabresearch.com *.eservice.emarsys.net api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3 default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.lpsnmedia.net *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com *.twdc.com *.my.site.com *.my.salesforce-scrt.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; connect-src wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com 'self' *.disney.com *.go.com *.demdex.net adobedc.demdex.net edge.adobedc.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net www.googleadservices.com *.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; media-src blob: *.lpsnmedia.net *.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com; font-src * data: fonts.gstatic.com; child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 3 default-src *.demdex.net; frame-src hargreaveslansdown.demdex.net open.spotify.com www.youtube-nocookie.com data: video/mp4 https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' https://www.hl.co.uk open.spotify.com www.youtube-nocookie.com fonts.googleapis.com; font-src 'self' https://www.hl.co.uk https://www.hl.co.uk fonts.gstatic.com fonts.googleapis.com; img-src 'self' https://online.hl.co.uk https://www.hl.co.uk data: images.hl.uk chart.hl.co.uk ssc.hl.co.uk cm.everesttech.net sc.hl.co.uk open.spotify.com www.youtube-nocookie.com dpm.demdex.net www.googletagmanager.com googleads.g.doubleclick.net www.google.co.uk www.google.com *.ytimg.com *.ggpht.com www.facebook.com https://widget.trustpilot.com/ https://www.hl.co.uk cdn-ukwest.onetrust.com bat.bing.com bat.bing.net; media-src assets.hl.uk videos.hl.uk open.spotify.com *.youtube-nocookie.com; script-src 'self' https://www.hl.co.uk https://online.hl.co.uk assets.adobedtm.com open.spotify.com *.youtube-nocookie.com https://widget.trustpilot.com/ 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com connect.facebook.net tpc.googlesyndication.com online.hl.co.uk cdn-ukwest.onetrust.com *.amplitude.com *.qualtrics.com bat.bing.com; connect-src 'self' https://www.hl.co.uk https://online.hl.co.uk *.demdex.net hargreaveslansdownpl.tt.omtrdc.net open.spotify.com browser-intake-datadoghq.eu www.youtube-nocookie.com ssc.hl.co.uk video.google.com www.hl.co.uk online.hl.co.uk hlsearch.hl.co.uk search.hl.uk content.hl.uk app.launchdarkly.com events.launchdarkly.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onetrust.com *.amplitude.com *.qualtrics.com bat.bing.com bat.bing.net bat.bing-int.com; frame-ancestors none; 3 frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3 default-src 'self';object-src 'self';frame-src 'self' https://app.sli.do/ https://www.youtube-nocookie.com/ https://playout.3qsdn.com/ https://vimeo.com/ https://player.vimeo.com/ https://streaming.multicaster.eu/ https://video-api.comm.consilium.europa.eu/ https://media.video.taxi/ https://start.video-stream-hosting.de/ https://webtv.bundestag.de/ https://handy-helfer.de/ https://newsroom.consilium.europa.eu/embed/261059 https://newsroom.consilium.europa.eu/embed/262947;script-src 'self' 'unsafe-inline' https://player.vimeo.com https://127.0.0.1:8080/ https://127.0.0.1:8081/;worker-src blob:;style-src 'self' 'unsafe-inline' https://127.0.0.1:8080/ https://127.0.0.1:8081/;img-src 'self' data: https://i.vimeocdn.com/ https://i.ytimg.com/;font-src 'self' data:;manifest-src 'self' 3 frame-ancestors 'self' http://*.essilor.com https://*.essilor.com; 3 base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://cloudflarestream.com https://*.creativecdn.com https://*.evergage.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://*.qualtrics.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://visit-server.inmobi-choice.io https://*.weglot.io https://*.clarity.ms https://*.doubleclick.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://*.userway.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt https://analytics-ipv6.tiktokw.us; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://*.evergage.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net; form-action 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self' https://en.meo.pt https://cinema.sapo.pt https://mag.sapo.pt https://hp2025.staging.sapo.pt https://tv.sapo.pt https://www.sapo.pt; frame-src 'self' https://*.meo.pt https://youtu.be https://*.engagement.coremedia.cloud https://stags.bluekai.com https://*.byside.com https://*.creativecdn.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.doubleclick.net https://*.userway.org https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' blob: data: https://*.meo.pt; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.creativecdn.com https://*.evergage.com https://cdn.evgnet.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hcaptcha.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://*.qualtrics.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://quantcast.mgr.consensu.org https://*.userway.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://s3.amazonaws.com https://*.byside.com https://*.evergage.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://*.userway.org https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 3 media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 3 frame-ancestors 'self'; block-all-mixed-content 3 frame-ancestors 'self'; default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-inline' blob: cdn.lvvwd.com *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com *.onelink-edge.com *.youtube.com talkdeskchatsdk.talkdeskapp.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com *.onelink-edge.com api.talkdeskapp.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com *.googletagmanager.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com talkdeskchatsdk.talkdeskapp.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3 frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 3 frame-ancestors 'self' *.ironmountain.com; 3 default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.secure.force.com https://atriumhealthbotv4windows.azurewebsites.net https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://use.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.us-7.evergage.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://r.bing.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; 3 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://maps.googleapis.com https://googleads.g.doubleclick.net https://s.ytimg.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://www.youtube.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport/allowlist 3 connect-src 'self' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com *.pathfactory.com *.6sc.co *.6sense.com *.adnxs.com https://images.ctfassets.net https://assets.ctfassets.net https://adservice.google.com js.zi-scripts.com ws.zoominfo.com *.pusher.com https://idx.liadm.com/idex https://775-trd-708.mktoresp.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://*.algolia.net https://www.google.com https://google.com https://api.consentjs.datagrail.io https://api.contentful.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com www.google.com https://vercel.live *.pathfactory.com https://www2.ncino.com *.6sc.co cdn.sendergen.com js.zi-scripts.com ws-assets.zoominfo.com *.pusher.com va.vercel-scripts.com/v1/speed-insights/script.debug.js cdn.bizible.com munchkin.marketo.net *.doubleclick.net https://secure.detailsinventivegroup.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.sentry-cdn.com https://api.consentjs.datagrail.io https://www.googleadservices.com; img-src 'self' *.linkedin.com https://www.google.com data: images.ctfassets.net www.googletagmanager.com *.google-analytics.com assets.vercel.com *.wistia.com *.6sc.co *.pathfactory.com d2iiunr5ws5ch1.cloudfront.net https://cdn.bizible.com https://cdn.bizibly.com https://googleads.g.doubleclick.net; child-src *.wistia.net www.google.com https://vercel.live; style-src 'self' 'unsafe-inline' *.pathfactory.com https://info.ncino.com https://fast.wistia.com https://fast.wistia.net; font-src 'self' data: *.pathfactory.com https://fast.wistia.com https://fast.wistia.net; object-src 'none'; frame-src *.wistia.net www.google.com explore.ncino.com https://vercel.live *.pathfactory.com *.doubleclick.net https://www.googletagmanager.com https://fast.wistia.com https://fast.wistia.net https://info.ncino.com; frame-ancestors 'self' *.wistia.net bankr.cloudforce.com *.ncino.com https://vercel.live https://ncino-fe-preview.vercel.app https://ncino-fe-dev.vercel.app https://app.contentful.com *.salesforce.com *.pathfactory.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; worker-src blob: https:; connect-src ws: wss: https:; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com fonts.googleapis.com *.walkme.com *.cloudfront.net *.tolunastart.com data:; 3 frame-ancestors 'none'; report-uri https://prod-plk-csp-service.rbictg.com/csp; report-to csp-endpoint 3 default-src 'self' data: gap: ws: wss: blob: https://api-js.datadome.co https://*.google-analytics.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.gstatic.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.optimizely.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.typekit.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.quadpay.com https://*.shopperapproved.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.adobeaemcloud.com https://*.smartystreets.com https://*.smarty.com https://*.microsoft.com https://*.wistia.com https://*.wistia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nr-data.net https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://connect.facebook.net https://*.clarity.ms https://d-ipv6.mmapiws.com https://*.sharpen.cx https://*.sharpencx.com https://*.fortawesome.com https://*.newrelic.com https://*.googleusercontent.com https://*.bing.com https://*.mmapiws.com https://*.posthog.com https://m1.openfpcdn.io https://*.ssl.cf2.rackcdn.com https://js.captcha-display.com https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://*.salecycle.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.tt.omtrdc.net https://*.omnitagjs.com https://*.adgrx.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.listrakbi.com https://*.emjcd.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rakuten.com https://omnicard.com https://www.omnicard.com https://*.rd.linksynergy.com https://www.google.co.in https://t.lt02.net https://cdn.listrakbi.com https://intljs.rmtag.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.kore.ai https://*.shareasale.com https://*.niceincontact.com https://cdn.jsdelivr.net https://*.adyen.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' nonce-l-NjL0Hm00yqhriGLLlf8w data: gap: ws: wss: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://device.maxmind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.microsoft.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://unpkg.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://gsap.com https://*.google-analytics.com https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.smartystreets.com https://*.smarty.com https://*.shopperapproved.com https://*.wistia.com https://*.wistia.net https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://greensock.com https://connect.facebook.net https://*.clarity.ms https://*.sharpen.cx https://use.fonticons.com https://*.newrelic.com https://*.posthog.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.xg4ken.com https://*.listrakbi.co https://*.sentry-cdn.com https://*.rd.linksynergy.com https://*.googleadservices.com https://*.doubleclick.net https://*.listrakbi.com https://*.googlesyndication.com https://t.lt02.net https://intljs.rmtag.com https://analytics.tiktok.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://js.sentry-cdn.com https://*.gstatic.com https://*.shareasale.com https://*.niceincontact.com https://*.wisepops.net https://*.kore.ai https://*.adyen.com https://*.klarna.com;img-src 'self' data: blob: https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.shopperapproved.com https://*.gstatic.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://*.day.com https://greensock.com https://*.clarity.ms https://*.googleusercontent.com https://*.bing.com https://*.cloudflare.com https://*.ssl.cf2.rackcdn.com https://*.google-analytics.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://data.adxcel-ec2.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.listrakbi.com https://*.bidswitch.net https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io https://*.adingo.jp https://*.360yield.com https://*.media.net https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.ad.smaato.net https://*.clmbtech.com https://*.3lift.com https://*.1rx.io https://*.adnxs.com https://*.teads.tv https://*.ads.yieldmo.com https://sync.aralego.com https://cdn.aralego.net https://sync.ad-stir.com https://ad.as.amanad.adtdp.com https://*.send.microad.jp https://*.bluekai.com https://creativecdn.com https://sync.targeting.unrulymedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.omnitagjs.com https://*.adgrx.com https://cm.g.doubleclick.net https://sync.srv.stackadapt.com https://sync-tm.everesttech.net https://*.adform.net https://*.simpli.fi https://*.ybp.yahoo.com https://*.turn.com https://*.analytics.yahoo.com https://*.dotomi.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rd.linksynergy.com https://bh.contextweb.com https://sync.crwdcntrl.net https://*.v.fwmrm.net https://ws.rgtrk.eu https://www.google.co.in https://thrtle.com https://a.usbrowserspeed.com https://match.prod.bidr.io https://he.lijit.com https://email.traversedlp.com https://cdn.listrakbi.com https://pixel-config.reddit.com https://alb.reddit.com https://pm.w55c.net https://p.rfihub.com https://pippio.com https://sync.graph.bluecava.com https://*.thebrighttag.com https://mid.rkdms.com https://*.redinuid.imrworldwide.com https://*.disqus.com https://*.lijit.com https://*.springserve.com https://*.kore.ai https://*.shareasale.com https://*.nimbledeals.com https://*.adyen.com https://*.klarna.com;frame-ancestors 'self' https://*.paypal.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.adobedtm.com https://*.giftcardsstage.com;style-src 'self' data: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.googleapis.com https://*.googletagmanager.com https://google.com https://*.google.com https://*.typekit.net https://*.gstatic.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.shopperapproved.com https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://*.sharpen.cx https://use.fonticons.com https://*.fortawesome.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.googleadservices.com https://*.doubleclick.net https://cdn.listrakbi.com https://*.niceincontact.com https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net 'unsafe-inline';frame-src 'self' https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nsureapi.com https://api.sardine.ai https://api.sandbox.sardine.ai https://pay.google.com https://collect.giftcards.com https://*.wistia.com https://*.wistia.net https://*.adobeaemcloud.com https://consent-pref.trustarc.com https://*.google.com https://google.com https://connect.facebook.net https://*.sharpen.cx https://*.paypalobjects.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.salecycle.com https://*.adsrvr.org https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.linksynergy.com https://*.criteo.com https://*.criteo.net https://*.rokt.com https://*.googleadservices.com https://*.doubleclick.net https://*.emjcd.com https://fpt.dfp.microsoft.com https://*.googletagmanager.com https://*.adyen.com https://*.klarna.com data: blob:;worker-src 'self' https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.adyen.com https://*.klarna.com data: blob:;object-src 'none';base-uri 'self'; 3 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com; style-src 'unsafe-inline' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com; img-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net api.qrserver.com *.comcarde.com *.paypal.com; connect-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com 3 base-uri 'self'; default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' blob: data:; frame-ancestors 'self' https://*.alignedup.com https://*.teamaligned.com https://help.letsdeel.com https://help.deel.com; 3 child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3 default-src 'self'; script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline'; font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com; img-src 'self' data: *; connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731; frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 3 frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 3 default-src 'self' *.hadev.co.za *.hostafrica.ke *.hostafrica.com *.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.semrush.com cdn.simplesat.io https://maillist-manage.com *.maillist-manage.com *.mxpnl.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.clarity.ms *.jsdelivr.net *.typekit.net *.fontawesome.com *.google.com *.twitter.com *.tawk.to *.google-analytics.com *.doubleclick.net *.youtube.com https://tally.so; style-src 'self' 'unsafe-inline' *.typekit.net cdn.simplesat.io *.googletagmanager.com *.googleadservices.com *.gstatic.com *.tawk.to *.jsdelivr.net *.fontawesome.com *.googleapis.com; img-src 'self' * *.hadev.co.za *.hostafrica.ke *.hostafrica.com data: *.google.com *.google.co.za *.googletagmanager.com *.bing.com *.clarity.ms *.gstatic.com *.google-analytics.com *.tawk.to *.doubleclick.net; font-src 'self' data: *.gstatic.com *.tawk.to *.fontawesome.com *.typekit.net *.gstatic.com; connect-src 'self' wss://*.semrush.com api.simplesat.io *.semrush.com api.amplitude.com *.hostafrica.com *.mixpanel.com *.maillist-manage.com *.googlesyndication.com *.google.com *.fontawesome.com wss://*.tawk.to *.tawk.to *.googletagmanager.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.googleadservices.com; frame-src 'self' blob: *.semrush.com *.groovefunnels.com *.groove.cm *.doubleclick.net *.gstatic.com *.twitter.com *.youtube.com *.tawk.to *.google.com *.googleadservices.com https://tally.so https://www.googletagmanager.com; frame-ancestors 'self'; worker-src 'self' blob:; 3 object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 3 frame-ancestors https://*.etracker.com; 3 default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com 'unsafe-inline' https://pagead2.googlesyndication.com 'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.gr *.youtube.com *.unpkg.com ;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' blob: data: easy.gr *.easy.gr 'unsafe-inline' https://quickchart.io ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net tawk.link s3.amazonaws.com *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.google.nl *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.gstatic.com *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to *.lottiefiles.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com *.googlesyndication.com ; frame-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.paypal.com *.paypalobjects.com *.googletagmanager.com *.doubleclick.net *.cookiebot.com *.tawk.to ; 3 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 3 block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au static.hotjar.com script.hotjar.com yourir.info *.airnewzealand.co.nz musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js cdn-au.onetrust.com; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data: *.cdn.office.net; media-src 'self' p-airnz.com data:; frame-src 'self' *.google.com auth.identity.airnewzealand.com identity.airnewzealand.com au-connect.authsignal.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com *.airnewzealand.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com hotels.airnewzealand.co.nz oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info muscula.herokuapp.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/ unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com; object-src 'none'; frame-ancestors 'self' www.airnewzealand.com.au www.airnewzealand.com www.airnewzealand.ca www.airnewzealand.co.uk www.airnewzealand.eu www.airnewzealand.co.jp www.airnewzealand.jp www.airnewzealand.com.sg www.airnewzealand.pf www.airnewzealand.cn www.airnewzealand.com.cn www.airnewzealand.hk www.airnewzealand.com.hk www.airnewzealand.tw www.airnewzealand.com.tw www.airnewzealand.co.kr www.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz govtbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz; report-uri /csp-report 3 object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://secure.paytmpayments.com/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/ https://secure.paytmpayments.com/ https://clients.hostingraja.in/ https://consentcdn.cookiebot.com/; 3 default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; media-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self';worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; connect-src 'self' https: wss://*.hotjar.com; 3 frame-ancestors 'self' *.applytojob.com 3 base-uri 'self';manifest-src 'self' https://myownconference.com https://cdn.myownconference.com;default-src 'self';connect-src 'self' https://cdn.myownconference.com https://client.crisp.chat https://storage.crisp.chat https://sa.searchatlas.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.myownconference.com https://client.crisp.chat https://dashboard.searchatlas.com https://cdn.ampproject.org;img-src 'self' data: https://cdn.myownconference.com https://image.crisp.chat https://secure.gravatar.com https://ps.w.org https://s.w.org;style-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://client.crisp.chat https://fonts.googleapis.com;font-src 'self' data: https://cdn.myownconference.com https://client.crisp.chat https://static2.sharepointonline.com https://fonts.gstatic.com;object-src 'self';frame-src 'self' https://support.myownconference.com;frame-ancestors 'self';form-action 'self';worker-src 'self' blob: https://cdn.myownconference.com;upgrade-insecure-requests 3 frame-ancestors https://*.ntrs.com https://*.northerntrust.com https://*.seismic.com https://*.salesforce.com https://*.force.com https://*.visualforce.com 3 frame-ancestors https://app.contentstack.com/; 3 default-src 'self' https://*.tataplay.com blob:; connect-src 'self' https://*.google.com https://dev.fido.ashieldhub.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ https://assets.juspay.in/ https://tr.outbrain.com/ https://*.bing.com https://*.outbrain.com https://staging.litmusworld.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://helpchat.tataplay.com/ https://public.releases.juspay.in/ https://tr.outbrain.com/ https://wave.outbrain.com/ ; img-src 'self' https://*.videoready.tv/ https://mediaready.videoready.tv/ https://uat.tstatic.videoready.tv/ https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com https://www.googletagmanager.com https://uat.tstatic.videoready.tv/ https://tstatic.videoready.tv/ data: blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' tez: phonepe: paytmmp: upi: bytedance: https://*.googletagmanager.com https://*.juspay.in/ https://td.doubleclick.net https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://uathelpchat.tataplay.com/ https://helpchat.tataplay.com/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ https://staging.litmusworld.com/ https://public.releases.juspay.in/ data: blob:; object-src 'self' https://docs.google.com/ data: blob:; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 3 default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; 3 base-uri 'self';connect-src 'self' portal.dimdi.de *.itzbund.de;frame-ancestors 'self' piwikweb.prod.gsb.service.zivb.net;frame-src icd.who.int https://icdapi-de-prerelease.azurewebsites.net;img-src 'self' data: https://www.youtube.com https://piwik.itzbund.de;media-src 'self' multimedia.gsb.bund.de https://www.youtube.com;object-src 'none' multimedia.gsb.bund.de;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://piwik.itzbund.de https://icdcdn.who.int;style-src 'self' 'unsafe-inline' https://icdcdn.who.int; 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://kofax.lightning.force.com https://www.kofax.com https://www.google.co.in https://www.googleadservices.com https://images.g2crowd.com/ https://nytrng.com https://r3.visualwebsiteoptimizer.com https://www.tungstenautomation.com https://www.tungstenautomation.de https://www.tungstenautomation.fr https://www.gstatic.com https://stagecd.tungstenautomation.com https://stagecd.tungstenautomation.fr https://stagecd.tungstenautomation.de https://app.shop.pe https://addshoppers.s3.amazonaws.com https://shopper.shop.pe https://d2mjzob2nc713b.cloudfront.net https://shop.pe https://r1.visualwebsiteoptimizer.com https://shop.pe/widget https://ws.zoominfo.com https://www.linkedin.com https://ad.doubleclick.net https://ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://apps.sitecore.net https://b.6sc.co https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdn.fontawesome.com https://cdn.vidyard.com https://code.jquery.com https://connect.facebook.net https://d30ia583fbtg8i.cloudfront.net https://dev.visualwebsiteoptimizer.com https://dudodiprj2sv7.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com https://googleads.g.doubleclick.net https://img.en25.com https://insight.adsrvr.org https://ipv6.6sc.co https://j.6sc.co https://js.adsrvr.org https://js.zi-scripts.com/ https://js.driftt.com https://lift-ai-js.marketlinc.com https://match.adsrvr.org https://media.trustradius.com https://play.vidyard.com https://px.ads.linkedin.com https://rc-sc.js.driftt.com https://s2023.t.eloqua.com https://s7.addthis.com https://site-concierge.driftt.com https://snap.licdn.com https://stats.g.doubleclick.net https://td.doubleclick.net https://8054516.fls.doubleclick.net https://use.fontawesome.com https://visitor-scoring-new.marketlinc.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.trustradius.com https://hook.eu1.make.com https://www.visualize-roi.com https://gateway.zscloud.net https://tungstenautomation--prodtest.sandbox.my.site.com https://tungstenautomation--prodtest.sandbox.lightning.force.com https://kofax--simpdev10.sandbox.my.site.com https://www.youtube.com/iframe_api https://i3.ytimg.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.amazonaws.com https://d2d7do8qaecbru.cloudfront.net https://webto.salesforce.com https://kofax.lightning.force.com https://tungstenautomation--qa.sandbox.lightning.force.com https://tungstenautomation--qa.sandbox.my.site.com https://ob.roundprincemusic.com https://obs.roundprincemusic.com https://manage.safeopt.com https://ondemand.registration.eu.goldcast.io https://regbuilder.eu.goldcast.io https://ws-assets.zoominfo.com/formcomplete.js https://analytics.fatmedia.io https://cdn-0.d41.co https://ff.d41.co https://paapi1685.d41.co https://id.rlcdn.com https://ecf.d41.co https://v2.d41.co https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://r4.visualwebsiteoptimizer.com https://r5.visualwebsiteoptimizer.com https://r6.visualwebsiteoptimizer.com https://adservice.google.com https://conversions-config.reddit.com https://pavff7534.d41.co https://www.youtube.com; worker-src 'self' blob: https://www.tungstenautomation.com; upgrade-insecure-requests; block-all-mixed-content 3 frame-ancestors 'self' *.straumann.com *.nuvoimplants.com *.teethtoday.com *.straumanngroup.com portfolio.neodent.com 3 default-src * data: 'unsafe-eval' 'unsafe-inline'; 3 default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.addtoany.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.applicationinsights.microsoft.com *.doubleclick.net *.facebook.com *.facebook.net *.fonts.com *.fonts.net *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.instagram.com *.jsdelivr.net *.klaviyo.com *.moatads.com *.penguin.co.nz *.penguin.com.au *.recaptcha.net *.serving-sys.com *.static.klaviyo.com *.tiktok.com *.typeform.com *.ubembed.com *.youtube.com az416426.vo.msecnd.net cdnjs.cloudflare.com dc.services.visualstudio.com js.monitor.azure.com lf16-tiktok-web.ttwstatic.com penguin-random-house.involve.me rt.services.visualstudio.com ws.hotjar.com; object-src 'none'; img-src 'self' https: data:;upgrade-insecure-requests;report-uri 3 upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://cspabuse.itpays.no 3 upgrade-insecure-requests; frame-ancestors 'self' blaetterkatalog.musicstore.de 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net secure.payu.com script.hotjar.com static.hotjar.com js.stripe.com chat.dropped.net.pl;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 3 default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src * blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 3 frame-ancestors 'self' wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 3 frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 3 frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 3 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.ringcentral.com wss://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.zavvi.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.pndsn.com wss://*.liveperson.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://*.ringcentral.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.zavvi.com https://123vod-adaptive.akamaized.net https://456vod-adaptive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.ads-twitter.com https://analytics.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://cdn.pubnub.com https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 3 frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ https://www.jobs.ch/ 3 default-src 'none'; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; connect-src 'self' https:; media-src *.kaltura.com blob: data:; worker-src blob: 3 img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 3 default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; media-src 'self' blob: data: *; img-src 'self' blob: data: *; font-src 'self' http://*.gstatic.com http://*.civicscience.com; frame-src 'self' *; object-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' http://localhost:* https://*.dev-univision.com https://*.univision.com https://*.tudn.com https://*.mulher.com.br https://*.delicioso.com.br https://*.zappeando.com.br https://*.tasaudavel.com.br https://*.lasestrellas.tv https://*.canal5.com https://*.elnu9ve.com https://*.distritocomedia.com https://*.televisa.com https://*.unicable.tv https://*.telehit.com https://*.losbingers.com https://*.bandamax.tv https://*.lacasadelosfamososmexico.tv http://*.uvn.io http://*.psdops.com https://static.univision.com https://viz.flowics.com https://*.flowics.com https://asset-cdn.flowics.com https://*.lightboxcdn.com https://www.lightboxcdn.com; block-all-mixed-content; 3 frame-ancestors https://opengov.com https://procurement.ogstaging.us http://procurement.ogstaging.us https://*.cartegraphoms.com http://*.cartegraphoms.com 3 frame-ancestors http://*.churchofjesuschrist.org 3 default-src 'self' https://geodis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com unpkg.com *.cloudflare.com cdn.jsdelivr.net *.smart-tribune.com polyfill.io cdn.cookielaw.org tag.aticdn.net *.googleapis.com *.adroll.com snap.licdn.com *.optimonk.com connect.facebook.net *.newrelic.com *.pardot.com bat.bing.com hcaptcha.com crm.geodis.com *.iti-maps.fr lex.33across.com static.hotjar.com script.hotjar.com www.gstatic.com matomojs.trackify.info *.extranet.geodis.org polyfill-fastly.io googleads.g.doubleclick.net www.googleadservices.com analytics.geodis.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.smart-tribune.com https://cdn.jsdelivr.net uloga.github.io www.gstatic.com; img-src * 'self' 'unsafe-inline' https://geodis.com data: www.googletagmanager.com https://geodis.widen.net https://server.arcgisonline.com *.widencdn.net *.xiti.com https://cdn.cookielaw.org https://www.google.com *.smart-tribune.com https://maps.gstatic.com *.ads.linkedin.com www.google.fr *.adroll.com pixel.rubiconproject.com sync.outbrain.com dsum-sec.casalemedia.com image2.pubmatic.com sync.taboola.com eb2.3lift.com www.facebook.com www.google.pl bat.bing.com www.google-analytics.com px.ads.linkedin.com www.google.be; media-src 'self' https://geodis.com https://geodis.widen.net *.widencdn.net; frame-src 'self' https://www.youtube.com geodis.widen.net cf-store.widencdn.net cf-store.widencdn.net newassets.hcaptcha.com *.doubleclick.net x.adroll.com *.googletagmanager.com; frame-ancestors 'self' https://sites-ms.lumapps.com https://dwp.geodis.com https://wishes.geodis.com; font-src 'self' data: *.smart-tribune.com fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com unpkg.com; connect-src 'self' geodis.com *.google.com adservice.google.com *.smart-tribune.com cdn.cookielaw.org www.google-analytics.com *.doubleclick.net *.onetrust.com maps.googleapis.com *.optimonk.com *.analytics.google.com bam.nr-data.net cdn.linkedin.oribi.io *.hcaptcha.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr analytics.google.com www.google.pl *.google.com www.google.ca region1.analytics.google.com *.analytics.google.com www.google.com.mx www.google.co.uk www.google.sk stats.g.doubleclick.net www.google.ae vc.hotjar.io metrics.hotjar.io *.hotjar.io wss://ws.hotjar.com www.google.de www.google.co.nz www.google.bg www.google.es *.extranet.geodis.org google.com unpkg.com region1.google-analytics.com analytics.geodis.com *.googlesyndication.com; upgrade-insecure-requests 3 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.segment.com cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com boards.greenhouse.io *.algolia.io *.algolia.net *.algolianet.com buttons.github.io yastatic.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net js-agent.newrelic.com discover.clickhouse.com munchkin.marketo.net player.vimeo.com connect.facebook.net cdn-prod.securiti.ai cookie-cdn.cookiepro.com www.youtube.com https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://app.clearbit.io https://cdn-prod.securiti.ai marketo.clearbit.com https://widget.kapa.ai https://www.google.com https://www.gstatic.com https://cdn.cr-relay.com https://js.stripe.com https://cdn.redocly.com https://static.ads-twitter.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com discover.clickhouse.com https://cdn-prod.securiti.ai;img-src * 'self' data: https:;object-src 'self' blog-images.clickhouse.com;connect-src 'self' https://boards-api.greenhouse.io/ https://apim.workato.com/ https://api.segment.io/v1/ https://api.segment.io/ https://cdn.segment.com/v1/projects/dZuEnmCPmWqDuSEzCvLUSBBRt8Xrh2el/settings https://cdn.segment.com/v1/projects/pYKX60InlEzX6aI1NeyVhSF3pAIRj4Xo/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* http://clickhouse.com https://www.google.com *.google-analytics.com api.github.com cdn.ampproject.org *.algolia.io *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com bam.nr-data.net *.mktoresp.com *.mktoutil.com yoast.com cdn.segment.com api.vimeo.com cdn-prod.securiti.ai app.securiti.ai cookie-cdn.cookiepro.com geolocation.onetrust.com privacyportal.cookiepro.com *.clickhouse.com https://cdn.plyr.io https://noembed.com https://cdn.linkedin.oribi.io https://app.clearbit.io https://app.clearbit.com https://control-plane-internal.clickhouse.cloud/api/galaxy https://cdn.growthbook.io/ https://ipinfo.io https://px.ads.linkedin.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/proxy/ https://api.cr-relay.com https://analytics.twitter.com https://ads-twitter.com https://www.redditstatic.com/ https://events.redditmedia.com https://pixel.redditmedia.com https://pixel-config.reddit.com https://conversions-config.reddit.com;frame-src 'self' blob: https://www.youtube-nocookie.com www.youtube.com blog-images.clickhouse.com boards.greenhouse.io discover.clickhouse.com webto.salesforce.com bid.g.doubleclick.net app.hex.tech *.clickhouse.com clickhouse.com https://js.driftt.com https://widget.drift.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://js.stripe.com https://player.vimeo.com;font-src 'self' fonts.gstatic.com data:;form-action 'self' webto.salesforce.com;frame-ancestors 'self' https://*.clickhouse.com;worker-src 'self' blob:; 3 upgrade-insecure-requests; default-src https://*.idnet.com https://*.idnet.net 'unsafe-inline' 'unsafe-eval' https://*.licdn.com https://*.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://www.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://widget.trustpilot.com https://fast.fonts.net https://*.stripe.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cdn-cookieyes.com https://*.cookieyes.com data: ; img-src https: data: android-webview-video-poster: ; font-src https: data: ; object-src 'self'; base-uri 'self'; form-action https://www.idnet.com https://idnet.us4.list-manage.com; report-uri https://www.idnet.com/api/csp_receiver.php; 3 default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.adroll.com https://marvel-b2-cdn.bc0a.com https://bat.bing.com https://assets.calendly.com https://www.comparably.com https://cdn.cookielaw.org https://*.demandbase.com https://fonts.googleapis.com https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://security.imprivata.com https://tracking.intentsify.io https://jobs.jobvite.com https://snap.licdn.com https://*.linkedin.com https://src.litix.io https://app-sj13.marketo.com https://munchkin.marketo.net https://scout-cdn.salesloft.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://js.zi-scripts.com https://pagead2.googlesyndication.com https://ws-assets.zoominfo.com https://js.driftt.com https://widget.drift.com; style-src 'self' 'unsafe-inline' blob: https://assets.calendly.com https://fonts.googleapis.com https://security.imprivata.com https://app-sj13.marketo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com; img-src 'self' data: https://*.adroll.com https://bat.bing.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googletagmanager.com https://security.imprivata.com https://px.ads.linkedin.com https://app-sj13.marketo.com https://id.rlcdn.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://i.ytimg.com https://segments.company-target.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://*.youtube.com; frame-src 'self' https://x.adroll.com https://*.podcasts.apple.com https://demo.arcade.software https://calendly.com https://s.company-target.com https://www.comparably.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://security.imprivata.com https://jobs.jobvite.com https://app-sj13.marketo.com https://*.spotify.com https://player.vimeo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com https://fast.wistia.net https://*.youtube.com https://js.driftt.com https://widget.drift.com; frame-ancestors 'self'; child-src 'self' blob: https://*.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.net; connect-src 'self' https://bat.bing.com https://api.company-target.com https://cdn.cookielaw.org https://tag-logger.demandbase.com https://stats.g.doubleclick.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://analytics.google.com https://www.google.com https://px.ads.linkedin.com https://*.litix.io https://geolocation.onetrust.com https://privacyportal.onetrust.com https://scout.salesloft.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://js.zi-scripts.com https://o133414.ingest.us.sentry.io/api/4507454004789248/envelope/; report-uri https://o133414.ingest.us.sentry.io/api/4507454004789248/security/?sentry_key=227a1f1da0ce8dfdc74b1333e0e62a83&sentry_environment=prod; upgrade-insecure-requests 3 font-src *; 3 frame-ancestors 'self' https://buttercms.com; 3 img-src 'self' *.prysmian.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.net px.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com imgsct.cookiebot.com megaphone.imgix.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmian.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com eu.acsbapp.com blob: ; object-src 'self' www.youtube.com; 3 default-src 'self' https://*.dynamicyield.com https://*.dy-api.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://fonts.googleapis.com https://fonts.gstatic.com https://zendesk-eu.my.sentry.io https://web-components-dev.bancadigital.com.co/ https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googleapis.com 'unsafe-eval' blob:; script-src-elem 'self' https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://ekr.zdassets.com https://nequi.zendesk.com https://static.zdassets.com https://web-components-qa.bancadigital.com.co/ https://js-cdn.dynatrace.com/ https://apps.usw2.pure.cloud/ https://web-components.nequi.com.co/ https://*.dynamicyield.com 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/* *.visualwebsiteoptimizer.com app.vwo.com https://web-components-dev.bancadigital.com.co/ https://analytics.tiktok.com/ https://ajax.googleapis.com https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://analytics-ipv6.tiktokw.us/ https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://adservice.google.com/ https://us1.api.clevertap.com/1/counts/profiles.json https://iyl01250.live.dynatrace.com/ wss://websocketchatbot.bancadigital.com.co/ https://bf48591pze.bf.dynatrace.com/ wss://websocketchatbot-qa.bancadigital.com.co/ https://customer-engagement-chatbot-qa.bancadigital.com.co/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://bf64848bdm.bf.dynatrace.com/ https://fileupload.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud/ https://api.usw2.pure.cloud/ https://www.google.com/ https://api-cdn.usw2.pure.cloud/ https://customer-engagement-chatbot.bancadigital.com.co https://*.dynamicyield.com https://*.dy-api.com https://analytics.tiktok.com/ https://web-components-dev.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://px.ads.linkedin.com 'self' https://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io wss://voice-js.roaming.twilio.com wss://api.smooch.io https://sdk.twilio.com https://media.smooch.io https://api.smooch.io https://ekr.zendesk.com *.visualwebsiteoptimizer.com app.vwo.com https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://static.zdassets.com https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com/ https://static.zdassets.com; font-src https://cdn.prod.website-files.com cdn.prod.website-files.com https://assets.website-files.com https://fonts.gstatic.com data:; frame-src https://v2assets.zopim.io https://nequitest.nequi.trustx.com https://apps.usw2.pure.cloud/ https://www.facebook.com/ https://www.googletagmanager.com https://heyzine.com/ https://geo-nequi.puntored.co/ https://public.transacciones.com.co/ app.vwo.com *.visualwebsiteoptimizer.com https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://tracker.metricool.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://adservice.google.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://ad.doubleclick.net 'self' https://widget-mediator.zopim.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://*.zdusercontent.com https://media.smooch.io https://accounts.zendesk.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co https://*.dynamicyield.com data: 3 default-src * http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: portalcloud.oni.pt; frame-ancestors 'self' *.gigas.com portalcloud.oni.pt;img-src data: 'self' 'unsafe-inline' 'unsafe-eval' http: https:; 3 frame-ancestors https://*.randstad.es; 3 frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 3 default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com js-agent.newrelic.com pi.pardot.com *.gstatic.com connect.facebook.net *.googletagmanager.com bam.nr-data.net *.google-analytics.com *.clarity.ms bat.bing.com go.spscommerce.com j.6sc.co/6si.min.js googleads.g.doubleclick.net *.intercom.io js.intercomcdn.com *.youtube.com static.ads-twitter.com snap.licdn.com ws.zoominfo.com tag.demandbase.com *.hotjar.com *.calendly.com *.g2.com *.stackadapt.com *.googleadservices.com *.gaconnector.com acsbapp.com *.6sc.co *.6sense.com *.tfaforms.net *.company-target.com https://google.com *.typeform.com *.intellimize.co tags.srv.stackadapt.com google.com www.google.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com bat.bing.com *.stackadapt.com spscommerce.tfaforms.net stackpath.bootstrapcdn.com *.typeform.com *.intellimize.co fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: ps.w.org *.google.com bat.bing.com b.6sc.co *.facebook.com analytics.twitter.com *.spscommerce.com *.linkedin.com match.prod.bidr.io id.rlcdn.com *.company-target.com t.co *.g2.com *.stackadapt.com *.doubleclick.net *.clarity.ms js.intercomcdn.com *.intercomassets.com *.bing.com blubrry.co google.com www.google.ca www.google.com.ph www.googleadservices.com www.google.com.mx bat.bing.net www.google.com blubrry.com www.google.co.nz www.google.com.tr www.google.com.au www.google.hn cdn.honey.io connect.facebook.net www.google.co.uk www.google.com.pr www.google.fi www.google.be www.google.de www.google.sc www.google.com.pk www.google.nl www.google.ru www.google.co.kr s.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' bat.bing.com bam.nr-data.net stats.g.doubleclick.net google-analytics.com ipv6.6sc.co secure.adnxs.com wss://nexus-websocket-a.intercom.io *.clarity.ms api.company-target.com *.hotjar.io *.facebook.com *.hotjar.com cdn.linkedin.oribi.io c.6sc.co adservice.google.com ws.zoominfo.com *.intercom.io wss://ws47.hotjar.com wss://*.hotjar.com *.stackadapt.com *.demandbase.com *.gaconnector.com *.linkedin.com *.acsbapp.com acsbapp.com *.tfaforms.net *.company-target.com *.google.com *.typeform.com *.intellimize.co google.com yoast.com www.google.com bat.bing.net www.googleadservices.com www.google.ca region1.google-analytics.com www.google.com.ph www.google.com.pk www.g2.com www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.intercomcdn.com at.alicdn.com stackpath.bootstrapcdn.com data: fonts.googleapis.com; object-src * *.stackadapt.com *.tfaforms.net; media-src * js.intercomcdn.com *.clarity.ms; frame-src 'self' maps.googleapis.com *.youtube.com *.google.com *.facebook.com vars.hotjar.com go.spscommerce.com *.calendly.com *.company-target.com *.demandbase.com calendly.com *.getreprise.com go.pardot.com *.iheart.com *.doubleclick.net youtube.com spscommerce.my.site.com player.captivate.fm *.tfaforms.net intercom-sheets.com universal.accessibe.com www.podbean.com *.typeform.com *.intellimize.co 117822509.intellimizeio.com pwm-image.trendmicro.com bat.bing.com demo.spscommerce.com maps.google.com www.googletagmanager.com; child-src 'self' intercom-sheets.com *.intercom-reporting.com *.youtube.com fast.wistia.net player.vimeo.com www.googletagmanager.com; frame-ancestors * spscommerce.my.site.com https://intercom-sheets.com/; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spscommerce.com?gdsih-csp-report; 3 base-uri 'self' https://*.vbrick.com;child-src 'self' https://*.vbrick.com;connect-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel: https://pub.highlight.io https://*.qualtrics.com webpack://*;default-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: mailto: tel:;font-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;form-action 'self' https://*.vbrick.com https://*.bethematch.org;frame-ancestors 'self' https://*.vbrick.com https://*.bethematch.org https: data:;frame-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;img-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;manifest-src 'self';media-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;script-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data: https://*.qualtrics.com;style-src 'self' https://*.vbrick.com 'unsafe-inline' 'unsafe-eval' https: data:;worker-src data: blob:; 3 frame-ancestors 'self' https://*.mncdn.com; 3 frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org https://thearisenetwork.net https://indioumc.org https://sshpumc.org https://www.graceumcmesa.org https://everettumc.org https://unitedchurchofthetford.org https://zionumchurch.com 3 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.flutterflow.io *.run.app; 3 frame-ancestors 'self' https://web.telegram.org 3 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com https://*.petrolplus.ru https://*.gpc-rus.ru https://*.transitcard.ru https://*.resheno.xyz https://*.petrolplus.kz 3 default-src *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.thernovotools.com *.thernovotools-preview.com dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.kameleoon.eu *.kameleoon.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.kameleoon.io *.kameleoon.eu *.kameleoon.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src *.thernovotools.com *.thernovotools-preview.com mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: blob:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.ecorebates.com googleads.g.doubleclick.net www.google.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.buderus.com *.googlesyndication.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com www.facebook.com wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com 3 frame-ancestors https://*.todsgroup.com 3 default-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https://*.adnxs.com https://*.fullstory.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://irxcm.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.google.com https://www.youtube.com https://where-to-buy.co https://tr.snapchat.com https://insight.adsrvr.org https://match.adsrvr.org; img-src 'self' 'unsafe-inline' blob: https://*.monsido.com https://*.adnxs.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://ss.click2cart.com https://maps.googleapis.com https://maps.gstatic.com https://*.amazonaws.com https://*.fullstory.com https://www.googletagmanager.com https://*.wemshowcase.com https://www.google-analytics.com https://*.google.com https://*.cookielaw.org https://*.google.co.in https://expresscapture.datatoolscloud.net.au https://*.bazaarvoice.com https://where-to-buy.co data: https://bat.bing.com https://loadus.exelator.com; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.adnxs.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://maxcdn.bootstrapcdn.com https://ss.click2cart.com https://fonts.googleapis.com https://expresscapture.datatoolscloud.net.au https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.monsido.com https://*.adnxs.com https://*.fullstory.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://service.force.com https://www.surveygizmo.com https://surveys.kccbrands.com https://maps.googleapis.com https://irxcm.com https://mpsnare.iesnare.com https://*.facebook.net https://*.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://*.bazaarvoice.com https://*.cookielaw.org https://expresscapture.datatoolscloud.net.au https://productcatalog.channeladvisor.com https://resources.xg4ken.com https://sc-static.net https://services.xg4ken.com https://js.adsrvr.org https://bat.bing.com https://analytics.tiktok.com https://tr.snapchat.com; connect-src 'self' 'unsafe-inline' blob: https://*.monsido.com https://directline.botframework.com wss://directline.botframework.com https://*.adnxs.com https://*.fullstory.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://maps.googleapis.com https://sc-api.click2cart.com https://www.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.onetrust.com https://*.cookielaw.org https://expresscapture.datatoolscloud.net.au https://*.bazaarvoice.com https://tr.snapchat.com; font-src 'self' 'unsafe-inline' https://*.adnxs.com https://*.documentforce.com https://*.tiktok.com https://www.googleoptimize.com https://*.pinimg.com https://*.equalweb.com https://*.force.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.bazaarvoice.com; media-src 'self' data: blob:*; 3 default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 3 frame-ancestors 'self' https://*.salt.ch; 3 frame-ancestors 'self' https://pdftron.sanity.studio; 3 frame-ancestors 'self' https://m.v12finance.com/; 3 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-scripts.com https://acsbapp.com https://goto.arcserve.com https://forms2.arcserve.com https://app-sj.marketo.com https://consent.trustarc.com https://consent-reporting.trustarc.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://player.vimeo.com https://www.brighttalk.com https://crazyegg.com https://script.crazyegg.com https://www.clarity.ms https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://googleads.g.doubleclick.net https://j.6sc.co https://ipv6.6sc.co https://opps-widget.getwarmly.com https://region1.google-analytics.com https://*.google-analytics.com https://region1.analytics.google.com https://*.clarity.ms https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://prod-assets.sequelvideo.com https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.sequel.io *.google.com https://*.arcserve.com https://*.storagecraft.com https://*.introvoke.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://acsbapp.com https://goto.arcserve.com https://www.googletagmanager.com https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://googleads.g.doubleclick.net https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.sequel.io *.google.com https://*.arcserve.com https://*.storagecraft.com https://*.introvoke.com; img-src 'self' data: https://*.arcserve.com https://www.google-analytics.com https://stats.g.doubleclick.net https://consent.trustarc.com https://px.ads.linkedin.com https://www.facebook.com https://bat.bing.com https://www.gstatic.com https://*.google.com https://*.google.com.bo https://www.linkedin.com https://c.clarity.ms https://consent.truste.com https://c.bing.com https://b.6sc.co https://img.youtube.com https://consent-pref.trustarc.com https://www.googletagmanager.com https://fonts.gstatic.com https://www.google.fr https://bat.bing.net https://*.clarity.ms https://www.google.com https://www.google.com.sg https://www.google.nl https://www.google.co.uk https://www.google.ru https://www.google.co.jp https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://*.ytimg.com https://googleads.g.doubleclick.net https://*.vimeocdn.com https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.sequel.io https://*.arcserve.com https://*.storagecraft.com https://*.introvoke.com; media-src 'self' blob:; frame-src 'self' https://consent.trustarc.com https://consent-pref.trustarc.com/ https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://goto.arcserve.com https://forms2.arcserve.com https://app-sj.marketo.com https://www.google.com https://www.brighttalk.com https://docs.google.com https://partnerzone.storagecraft.com https://asp.storagecraft.com https://region1.google-analytics.com https://*.google-analytics.com https://region1.analytics.google.com https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://googleads.g.doubleclick.net *.sequel.io https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.google.com https://*.arcserve.com https://*.storagecraft.com https://*.introvoke.com; frame-ancestors 'self' https://www.google.com; font-src 'self' *.googleapis.com *.googleusercontent.com *.gstatic.com acsbapp.com data: https://consent.trustarc.com https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://googleads.g.doubleclick.net https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.sequel.io *.google.com https://*.arcserve.com https://*.storagecraft.com https://*.introvoke.com; connect-src 'self' https://*.googleapis.com https://*.googleusercontent.com https://acsbapp.com https://goto.arcserve.com https://forms2.arcserve.com https://app-sj.marketo.com https://431-wbh-895.mktoresp.com https://pagead2.googlesyndication.com https://consent-reporting.trustarc.com https://consent.trustarc.com https://www.google-analytics.com https://px.ads.linkedin.com https://script.crazyegg.com https://www.google.com https://analytics.google.com https://b.clarity.ms/collect https://j.clarity.ms/collect https://stats.g.doubleclick.net https://www.facebook.com https://c.6sc.co https://ipv6.6sc.co http://431-wbh-895.mktoresp.com https://l.clarity.ms https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://bat.bing.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.google-analytics.com https://region1.analytics.google.com https://bat.bing.net https://v.clarity.ms https://*.clarity.ms https://scripts.webeo.com https://secure.insightful-enterprise-247.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com live.whizeoapi.com amazonaws.com data.whizeo.com webcontent.whizeo.com https://cdn.whizeo.com https://services.whizeo.com https://api.whizeo.com *.whizeo.com https://googleads.g.doubleclick.net https://arcserve.my.salesforce.com https://storagecraft.my.salesforce.com https://*.trustarc.com https://*.sequelvideo.com *.sequel.io *.google.com https://*.introvoke.com https://*.arcserve.com https://*.storagecraft.com; upgrade-insecure-requests 3 frame-src 'self' https://player.vimeo.com/ https://fast.wistia.net https://www.youtube.com/ https://www.google.com/ https://forms.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com/ https://scribehow.com/ https://momentivenonprofitstudy.gravitate-nucleus.com https://cbassociationresearch.gravitate-nucleus.com; 3 default-src 'none'; connect-src 'self' https://www.google-analytics.com https://sdk.privacy-center.org https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css agegate.pr-globalcms.com 4q87csmwes-dsn.algolia.net *.didomi.io pernod-ricard-deutschland.mynewsdesk.com px.ads.linkedin.com https://loop.pr-globalcms.com https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com https://www.google.com pernod-ricard-deutschland.mynewsdesk.com https://www.mynewsdesk.com https://live.eventtia.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://sdk.privacy-center.org https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com agegate.pr-globalcms.com pernod-ricard-deutschland.mynewsdesk.com https://loop.pr-globalcms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io https://loop.pr-globalcms.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 3 default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto: blob:; object-src 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3 default-src ‘self’; 3 default-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.google.com *.googleapis.com *.wistia.com api.hubapi.com forms.hubspot.com wss://auntbertha.zendesk.com; script-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-eval' 'unsafe-inline' *.demdex.net *.google.com *.googleapis.com *.gstatic.com *.hcaptcha.com *.statuspage.io *.wistia.com api.rollbar.com assets.adobedtm.com cdn.rollbar.com cdnjs.cloudflare.com/ajax/libs/ connect.facebook.net facebook.com hcaptcha.com https://*.zopim.com https://*.zopim.io https://chat-api.spartez-software.com https://ekr.zdassets.com https://spartezchatfiles.b-cdn.net https://static.zdassets.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js-na1.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com js.usemessages.com static.cloudflareinsights.com track.hubspot.com www.atlassian.com/software/statuspage www.googleadservices.com www.google-analytics.com www.statuspage.com https://cdn.amplitude.com us-central1-searchbertha-hrd.cloudfunctions.net https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; style-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com blob: data: file: filesystem: https://netdna.bootstrapcdn.com https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; img-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hubspot.com *.wistia.com data: https://*.zopim.com https://*.zopim.io https://www.googletagmanager.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/ https://chat-api.spartez-software.com/ https://spartezchatfiles.b-cdn.net https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; font-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.gstatic.com data: https://*.zopim.com https://*.zopim.io https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; frame-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.careunify.com *.google.com *.hcaptcha.com *.periscopedata.com *.statuspage.io *.stripe.com hcaptcha.com app.hubspot.com us-central1-searchbertha-hrd.cloudfunctions.net https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; frame-ancestors *; connect-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.googleapis.com *.hcaptcha.com *.hubapi.com *.hubspot.com *.rollbar.com *.wistia.com auntbertha.zendesk.com ekr.zdassets.com hcaptcha.com wss://*.zopim.com www.google-analytics.com https://api.ipify.org/ https://chat-api.spartez-software.com/ wss://chat-ws.spartez-software.com/ https://api2.amplitude.com/2/httpapi https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; object-src 'none'; media-src 'self' blob: data:; 3 upgrade-insecure-requests;frame-ancestors 'self'; 3 frame-ancestors 'self' https://*.clasquin.com https://clasquin.com 3 child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com https://*.qualified.com; connect-src 'self' *.googlesyndication.com pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' *.doubleclick.net *.google.com blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' *.bing.com *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms https://*.qualified.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org app.qualified.com mediastream:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' tracking.intentsify.io https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self' blob: *.qualified.com; upgrade-insecure-requests; 3 frame-ancestors 'self' https://*.nethealth.com https://*.therapy.nethealth.com 3 frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 3 frame-ancestors 'self' mijn.hosting.nl 3 default-src 'self' *.adtrafficquality.google cdn.jsdelivr.net p.typekit.net use.typekit.net sit.encoded.services live.encoded.services *.hotjar.io *.hotjar.com 'unsafe-inline' *.agendize.com vimeo.com *.vimeo.com *.openstreetmap.org *.instagram.com *.facebook.net www.youtube.com *.youtube.com www.google.com *.google.com googlesyndication.com *.googlesyndication.com *.www.isleofman.com 'unsafe-inline' *.google.com googlesyndication.com *.googlesyndication.com sentry.yabsta.net cdn.ravenjs.com www.google.com *.www.isleofman.com *.gstatic.com www.googletagservices.com www.googletagmanager.com *.google-analytics.com *.twitter.com *.facebook.net *.simpli.fi www.facebook.com *.facebook.com *.twimg.com *.doubleclick.net *.googleapis.com;img-src * data: blob:;font-src * data:;frame-src *; connect-src 'self' *.adtrafficquality.google securepubads.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.facebook.com *.google-analytics.com *.google.com; 3 connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.redditstatic.com px.ads.linkedin.com js.zi-scripts.com stats.g.doubleclick.net login.microsoftonline.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com api-eu1.hubapi.com hubspot-forms-static-embed-eu1.s3.amazonaws.com https://tlkfrontprod.azureedge.net toloka.dev sandbox.toloka.dev https://events.framer.com https://framerusercontent.com https://c.bing.com https://*.clarity.ms https://mindrift.ai pixel-config.reddit.com api.framer.com boards-api.greenhouse.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com bat.bing.com snap.licdn.com www.redditstatic.com js.zi-scripts.com googleads.g.doubleclick.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net https://tlkfrontprod.azureedge.net https://framer.com https://framerusercontent.com https://events.framer.com/script https://c.bing.com https://*.clarity.ms https://ga.jspm.io https://app.framerstatic.com https://edit.framer.com https://challenge.framer.com https://*.framer-components.toloka-test.ai https://framer-components.toloka.cloud https://*.workable.com https://dcvxs6ggqztsa.cloudfront.net static.ads-twitter.com;style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net https://app.framerstatic.com 'unsafe-inline';img-src https: 'self' data: googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net;frame-src 'self' td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com forms-eu1.hsforms.com https://tlkfrontprod.azureedge.net blob: https://apply.workable.com embed.referral-factory.com www.googletagmanager.com tb.toloka.dev https://edit.framer.com https://job-boards.eu.greenhouse.io;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors *.toloka.ai toloka.ai *.toloka-test.ai;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net https://framerusercontent.com https://app.framerstatic.com;media-src 'self' https://tlkfrontprod.azureedge.net https://framerusercontent.com;base-uri 'self';default-src 'none';object-src embed.referral-factory.com;child-src blob:;style-src-attr 'unsafe-inline' 3 frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://api.sail-track.com https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io geolocation.onetrust.com api.sail-personalize.com api.company-target.com www.google-analytics.com *.clarity.ms siteintercept.qualtrics.com cdn.cookielaw.org ak.sail-track.com stats.g.doubleclick.net tag-logger.demandbase.com;default-src 'self';frame-src 'self' js.driftt.com s.company-target.com intercom-sheets.com;script-src 'self' 'unsafe-inline' widget.intercom.io *.intercomcdn.com cdn.heapanalytics.com www.googletagmanager.com static.cloudflareinsights.com tag.demandbase.com www.clarity.ms ak.sail-horizon.com www.google-analytics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com cdn.cookielaw.org js.driftt.com *.clarity.ms;style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com www.google-analytics.com fonts.gstatic.com fast.fonts.net cdn.cookielaw.org heapanalytics.com c.clarity.ms id.rlcdn.com c.bing.com segments.company-target.com www.google.com www.google.com.np www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 3 frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 3 default-src 'self' https://css.page-source.com https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; upgrade-insecure-requests; 3 default-src 'self' https://www.figma.com/ https://cdnjs.cloudflare.com/ https://plugin.handtalk.me https://stats.g.doubleclick.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net http://maps.google.com https://unpkg.com www.googletagmanager.com https://*.cookiebot.com *.ads-twitter.com *.doubleclick.net *.teads.tv *.cdnjs.cloudflare.com plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net *.plugin.handtalk.me https://www.gstatic.com/ https://static.elfsight.com/ https://cdn.curator.io/ https://snap.licdn.com/ https://cdn.commented.io/ https://brand.phinia.com/ *.adform.net https://px.ads.linkedin.com https://js.createsend1.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.curator.io/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://fledge.teads.tv https://cloud.news.borgwarner.com https://brand.phinia.com/ https://open.spotify.com forms.hsforms.com; connect-src accounts.google.com https://*.googleapis.com/ *.mktoresp.com *.visualstudio.com http://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.teads.tv https://api.mypartfinder.com https://webservice.tecalliance.services https://stats.g.doubleclick.net https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br https://*.handtalk.me https://core.service.elfsight.com https://storage.elfsight.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://api.curator.io https://px.ads.linkedin.com https://cdn.dev.commented.io wss://api.commented.io https://functions.commented.io https://cdn-image.commented.io https://api.commented.io https://brand.phinia.com/ https://s3.eu-west-2.amazonaws.com https://createsend.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net https://curatorio.s3.amazonaws.com/; child-src 'self' https://www.figma.com/ https://www.google.com/ *.borgwarner.com borgwarner.com https://*.cookiebot.com https://plugin.handtalk.me phinia.wd5.myworkdayjobs.com configurator.delphiautoparts.com data: 3 frame-ancestors https://www.cwtanalytiqs.com https://int.cwtanalytiqs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.cookielaw.org https://cdnjs.cloudflare.com service.maxymiser.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://img04.en25.com https://connect.facebook.net https://fonts.googleapis.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://bugcrowd.com https://assets.bugcrowdusercontent.com https://geolocation.onetrust.com https://www.youtube.com img04.en25.com/i/elqCfg.min.js https://s.go-mpulse.net siteimproveanalytics.com *.contentsquare.com *.infogram.com *.contentsquare.net *.adobe.com *.turtl.co *.vimeo.com *.joinsherpa.io https://snap.licdn.com https://s2068514591.t.eloqua.com https://www.buzzsprout.com; object-src 'self'; 3 img-src 'self' data: https://www.facebook.com https://px.ads.linkedin.com https://library.elementor.com https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://d.la13-core2.sfdc-lywfpd.salesforceliveagent.com https://d.la1-c2-ord.salesforceliveagent.com https://c.la1-c2-ord.salesforceliveagent.com https://www.googletagmanager.com https://connect.facebook.net https://player.vimeo.com https://snap.licdn.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://c.la1-c2-ord.salesforceliveagent.com https://player.vimeo.com https://snap.licdn.com https://d.la13-core2.sfdc-lywfpd.salesforceliveagent.com https://d.la1-c2-ord.salesforceliveagent.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://player.vimeo.com https://get.purplevrs.com https://library.elementor.com https://get.zpbettertogether.com blob:; connect-src 'self' https://px.ads.linkedin.com https://www.google-analytics.com; frame-ancestors 'self' https://zpconnect.com; upgrade-insecure-requests; 3 frame-ancestors 'self' https://matomo01vp.noris.gr https://analytics.noris.de https://analytics.noris.net https://noris.de https://www.noris.de; 3 frame-ancestors 'self' https://cxagent.nicecxone.com https://max.niceincontact.com https://max.nice-incontact.com 3 default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3 report-uri https://identity.tescobank.com/afm/cspReport/; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.trustpilot.com *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com ; style-src 'self' 'unsafe-inline' *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.googleapis.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.kampyle.com *.medallia.eu ; img-src 'self' data: blob: * ; child-src 'self' blob: ; font-src 'self' data: * ; connect-src 'self' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com bam-cell.nr-data.net *.woopra.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu ; frame-src 'self' *.trustpilot.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net *.vo.msecnd.net service.maxymiser.net p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net ; frame-ancestors 'self' *.tescobank.com ; object-src 'self' *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net; media-src 'self' apps.commbox.io ; 3 default-src 'self' https://backend.sbermed.ai https://*.youtube.com https://sber.pro https://yt3.ggpht.com https://*.ytimg.com https://smartcaptcha.yandexcloud.net https://mddc.ai https://mddc.ru https://www.sbermed.ai https://www.mddc.ru https://www.mddc.ai https://sbermed.ai https://mc.yandex.ru https://yandex.ru https://*.rutube.ru https://*.vk.com https://rutube.ru https://vk.com 'unsafe-inline' data: w3.org/svg 3 upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3 script-src blob: https://*.virginplus.ca https://*.vpc.ca https://*.bell.ca https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://www.googletagmanager.com https://assets.adobedtm.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://solutions.invocacdn.com https://*.google-analytics.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.licdn.com https://sc-static.net https://virgin.know-where.com https://maps.googleapis.com https://bellmaps.korem.com https://*.ss-omtrdc.net https://*.invoca.net https://*.tiktok.com https://*.bing.com https://*.googleadservices.com https://*.clarity.ms https://*.schemaapp.com https://*.medallia.ca https://*.googlesyndication.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.acuityplatform.com https://*.stackadapt.com https://*.outbrain.com https://*.adnxs.com https://*.cluep.com https://*.snapchat.com https://*.cookielaw.org https://cdn.cookielaw.org https://websdk.ujet.co https://www.websdk.ujet.co https://bell-npe-9jnycaz.ca.ccaiplatform.com/log-proxy/log https://cdn.gbqofs.com https://ct.pinterest.com https://*.ccaiplatform.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; frame-ancestors *.bell.ca *.virginplus.ca *.vpc.ca; object-src https://*.virginplus.ca; 3 object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 3 frame-ancestors 'self' https://sysdig.jp https://*.mindtickle.com https://*.mindtickle.app https://sysdig.lightning.force.com https://digdeeper.sysdig.com https://enablement.sysdig.com 3 default-src 'self' mychart.org *.mychart.org; script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com; connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com; style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline'; font-src 'self' mychart.org *.mychart.org fonts.gstatic.com; img-src 'self' blob: mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com epicpublicsitesqa.blob.core.windows.net epicpublicsitesstg.blob.core.windows.net media.epic.com cfvod.kaltura.com; media-src 'self' mychart.org *.mychart.org cdn.epic.com; frame-src 'self' mychart.org *.mychart.org cdnapisec.kaltura.com; 3 default-src 'self' http: https: blob: ws: https://cdn.proactiveinvestors.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdn.proactiveinvestors.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: https://cdn.proactiveinvestors.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: https://cdn.proactiveinvestors.com blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://cdn.proactiveinvestors.com https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3 frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com *.3ds.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.steelhousemedia.com/ https://*.bazaarvoice.com/ https://mpsnare.iesnare.com/ https://bat.bing.com/ https://cdns.brsrvr.com/ https://*.fullstory.com/ 'unsafe-inline' https://*.krxd.net/ https://h.online-metrix.net/ https://*.igodigital.com/ https://*.certcapture.com/ https://*.qualtrics.com/ https://*.kaspersky-labs.com/ https://s.go-mpulse.net/ https://www.youtube.com/ https://ajax.googleapis.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://*.cookiehub.net https://cdn.cookiehub.eu https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://js.zi-scripts.com https://tags.clickagy.com/; 3 default-src *.crazyegg.com *.cognigy.ai *.iubenda.com blob: wss: https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; object-src 'self' blob:; media-src data:; 3 frame-ancestors 'self' https://viestimedia.blueconic.net https://viestimedia.sb.blueconic.net https://*.viestimedia.net; 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://www.googletagmanager.com https://secure.adnxs.com https://web-resources-dyn.offer18a.net https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://readtargeting.com https://secure.datawrkz.com https://connect.facebook.net *.triptease.io https://script.hotjar.com https://static.hotjar.com https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 3 base-uri self; frame-ancestors none 3 default-src 'self' blob: data: mailto: tel: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ca *.googleapis.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.boltdns.net *.demdex.net *.hotjar.com *.twitter.com *.licdn.com *.facebook.net *.zencdn.net *.twitter.com *.go-mpulse.net *.ads-twitter.com *.gstatic.com *.linkedin.com *.hotjor.io *.akstat.io *.customgpt.ai *.botframework.com *.powerplatform.com *.akamaihd.net *.panter.biz *.advancedbionics.com *.salesforce.com *.bing.com *.fonts.net *.doubleclick.net *.salesforceliveagent.com *.salesforce-sites.com *.callrail.com *.microsoft.com *.logwork.com wss://*.botframework.com *.googlesyndication.com *.clarity.ms https://it2v7.interactiv-doc.fr https://acrobatservices.adobe.com https://viewlicense.adobe.io https://logwork.com https://emersya.com https://*.hotjar.io wss://*.hotjar.com https://zingtree.com https://tridimens.ch https://www.google.com https://www.googleadservices.com https://www.phonak.com.seg https://sonova.tt.omtrdc.net *.stackadapt.com *.force.com https://sonova--qas.sandbox.my.site.com https://www.youtube.com https://www.youtube-nocookie.com https://advancedbionics.formstack.com https://static.formstack.com https://js.stripe.com; img-src 'self' data: *.phonak.com *.advancedbionics.com *.cookielaw.org *.day.com *.everesttech.net https://t.co https://www.google.com https://www.google.ca https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com *.twitter.com *.googletagmanager.com *.gstatic.com *.brightcove.com *.customgpt.ai *.googleapis.com *.google-analytics.com *.boltdns.net *.demdex.net *.linkedin.com *.facebook.com *.facebook.net *.bing.com https://sonovahansatonproduction.112.2o7.net *.emersya.com i.ytimg.com; 3 upgrade-insecure-requests; default-src 'self' tngb2cdev.b2clogin.com; frame-src 'self' soundcloud.com w.soundcloud.com vimeo.com *.vimeo.com *.linkedin.com linkedin.com snap.licdn.com *.elfsight.com *.googleapis.com *.lamapoll.de *.microsoftonline.com *.podigee.com *.podigee-cdn.net *.tuv-nord.com *.tuvnordegypt.com *.yammer.com lamapoll.de microsoftonline.com partner.vytal.org www.google.com www.youtube-nocookie.com www.youtube.com yammer.com *.whatchado.com whatchado.com crm.de player.vimeo.com tngb2cdev.b2clogin.com *.facebook.com facebook.com *.hs-sites.com hs-sites.com *.googletagmanager.com googletagmanager.com *.doubleclick.net doubleclick.net *.tuvit-v12.de.local *.production.tuev-nord.de; style-src 'self' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.bing.net *.googleapis.com *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.walkme.com tuev-nord.de www.nord-kurs.de www.youtube.com *.moin.ai tngb2cdev.b2clogin.com *.facebook.com facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.linkedin.com linkedin.com *.consentmanager.net consentmanager.net *.b-cdn.net snap.licdn.com *.amazonaws.com *.assets-yammer.com *.bing.com *.bing.net *.clarity.ms *.cloudfront.net *.doubleclick.net *.elfsight.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.jquery.com *.lamapoll.de *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.userlike.com *.walkme.com assets-yammer.com connect.facebook.net f.vimeocdn.com hs-analytics.net lamapoll.de tuev-nord.de tuvnordvietnam.com.vn *.google-analytics.com www.google-analytics.com targetbox.de *.targetbox.de www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.nord-kurs.de www.youtube.com *.hs-banner.com js-hs-banner.com *.hs-scripts.com hs-scripts.com js.hsleadflows.net js.hsadspixel.net *.createjs.com zingtree.com *.moin.ai tngb2cdev.b2clogin.com *.facebook.com facebook.com *.leady.com leady.com *.jsdelivr.net jsdelivr.net *.hubspot.com hubspot.com blob:; font-src 'self' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.bing.net *.cloudfront.net *.gstatic.com *.podigee.com *.podigee-cdn.net *.tuev-nord.de tuev-nord.de www.nord-kurs.de *.moin.ai tngb2cdev.b2clogin.com *.facebook.com facebook.com data:; connect-src 'self' *.linkedin.com linkedin.com www.google.com *.google.com *.recruitmentplatform.com recruitmentplatform.com *.oribi.io *.hs-banner.com js-hs-banner.com *.hs-scripts.com snap.licdn.com *.amazonaws.com *.bbbserver.de *.bing.com *.bing.net *.clarity.ms *.consentmanager.mgr.consensu.org *.doubleclick.net *.elfsight.com *.googleapis.com *.herokuapp.com *.tuev-nord.de *.tuv-nord.com *.userlike.com targetbox.de *.targetbox.de bbbserver.de tuev-nord.de wss://tuev-academy-chatbot.herokuapp.com wss://umd.userlike.com *.analytics.google.com analytics.google.com *.google-analytics.com www.google-analytics.com www.youtube.com www.nord-kurs.de api.hubapi.com *.hubspot.com hubspot.com *.moin.ai wss://bot.moin.ai tngb2cdev.b2clogin.com *.facebook.com facebook.com *.leady.com leady.com *.rdstation.com.br rdstation.com.br; img-src * data:; media-src * blob:;; frame-ancestors *.tuv-nord.com *.tuev-nord.de *.tuvit-v12.de.local *.production.tuev-nord.de *.production.tuev-nord-group.com *.tuvit.de 3 default-src 'self';style-src 'self' 'unsafe-inline' https://*.cdn.flockler.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;img-src * data:;media-src 'self' https://media-api.flockler.com/ https://dms.licdn.com/;font-src 'self' https://*.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://mktdplp102cdn.azureedge.net/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://unpkg.com/@frontify/ https://*.dynamics.com/ https://tietoevry-ext.boost.ai/ https://tietoevry.piwik.pro/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://www.google.com/pagead/ https://www.googleadservices.com/ https://s.usea01.idio.episerver.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/ https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://player.vimeo.com/ https://plugins.flockler.com/ https://alb.reddit.com/ https://www.redditstatic.com/ https://bat.bing.com/ https://bat.bing.net https://js.monitor.azure.com/ https://*.clarity.ms https://c.bing.com;frame-src 'self' https://dashboard.find.episerver.net/ https://www.googletagmanager.com/ https://maps.google.com/ https://www.google.com/ https://gfx.tools.investis.com/ https://viz.tools.investis.com/ https://irs.tools.investis.com/ https://tietoevry.dfs.investis.com/ https://tools.euroland.com/ https://tools.eurolandir.com/ https://open.spotify.com/ https://*.svc.dynamics.com/ https://www.youtube.com/ https://player.vimeo.com/ https://brand.tietoevry.com/ https://td.doubleclick.net/;connect-src 'self' https://*.svc.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://dc.services.visualstudio.com/ https://brand.tietoevry.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://tietoevry.piwik.pro/ https://api.flockler.app/ https://stats-api.flockler.app/ https://tietoevry-ext.boost.ai/ https://cs.lf-discover.com/ https://www.google.com/ https://ib.adnxs.com/ https://pixel-config.reddit.com/ https://www.redditstatic.com/ https://conversions-config.reddit.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://bat.bing.com/ https://bat.bing.net https://*.clarity.ms;object-src 'none'; 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 3 default-src 'self' liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn *.selective.com *.d41.co tags.srv.stackadapt.com *.imirwin.com px.ads.linkedin.com geo.privacymanager.io cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io *.demandbase.com api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co customer.selective.com www.google.com segments.company-target.com;img-src 'self' data: l.mbs.zip log.pinterest.com translate.google.com www.google.com.jm www.google.co.uk https://survey-images.hotjar.com www.google.com.jm content.selective.com www.google.com.pe www.google.com.mx www.googleadservices.com photos.prnewswire.com c212.net mma.prnewswire.com tags.srv.stackadapt.com analytics.imirwin.com http://www.selective.com googleads.g.doubleclick.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.businesswire.com cts.businesswire.com t.co c.bing.com segments.company-target.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com customer.selective.com blob:;frame-src 'self' data: tel: support.google.com anwebconsole translate.googleapis.com redirect.isolation.zscaler.com login.microsoftonline.com 127.0.0.1 customer.selective.com beuniquelyinsured.selective.com va.shiftstatus.liveperson.net support.google.com va.msghist.liveperson.net va.idp.liveperson.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn selective-qa.hclvoltmx.net i.ytimg.com www.youtube.com *.company-target.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com tags.srv.stackadapt.com https://www.googletagmanager.com http://www.google-analytics.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src 'self' data: croissant-services-data-public-assets-us-east-2-production.s3.us-east-2.amazonaws.com https://script.hotjar.com images.simplycodes.com tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.mountain.com www.selective.com gs.mountain.com px.mountain.com dx.mountain.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; connect-src 'self' surveystats.hotjar.io https://script.hotjar.com ask.hotjar.io surveystats.hotjar.io segments.company-target.com www.googletagmanager.com region1.google-analytics.com kit.fontawesome.com www.googleadservices.com www.facebook.com wss://va.msg.liveperson.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 privacyportal.onetrust.com analytics.imirwin.com ka-p.fontawesome.com www.clarity.ms px.ads.linkedin.com geolocation.onetrust.com cdn.cookielaw.org liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.google.com geo.privacymanager.io api.company-target.com www.google-analytics.com hotjar.com content.hotjar.io tags.srv.stackadapt.com ws.hotjar.com vc.hotjar.io wss://ws.hotjar.com metrics.hotjar.io ads.anura.io script.anura.io; worker-src 'self' selective.com blob:; report-uri https://stageselectiveidx2025.report-uri.com/r/d/csp/reportOnly; style-src-elem 'self' 'unsafe-inline' data: p.typekit.net fonts.googleapis.com www.gstatic.com tags.srv.stackadapt.com; script-src-elem 'self' 'unsafe-inline' data: *.mountain.com www.selective.com gs.mountain.com px.mountain.com dx.mountain.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; child-src blob:; 3 style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://static.searchstax.com https://rtp-static.marketo.com https://use.typekit.net https://static.smartrecruiters.com https://782-qcg-656.mktoweb.com https://p.typekit.net; 3 default-src 'self' http: https: ws: wss: data: blob:; frame-ancestors 'self'; script-src 'strict-dynamic' https: 'self'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; object-src 'none'; media-src 'self' https:; frame-src 'self' https:; base-uri 'self'; form-action 'self'; 3 default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://*.influ2.com https://1752680588.rsc.cdn77.org https://adservice.google.com https://analytics.google.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://app.continual.ly/ https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://content.hotjar.io https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://wss-pr.continual.ly:6001 https://www.google.com.et https://www.google.com.pr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://view.ceros.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://ib.adnxs.com https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.twitter.com *.xactware.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://*.influ2.com https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://view.ceros.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://www.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 3 base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.magnolia-cloud.com https://*.okta.com https://*.smartenterprisewisdom.com https://*.hana.ondemand.com https://*.walkme.com https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com ; img-src 'self' https://* data: blob: ; worker-src 'self' blob: ; child-src 'self' https://*.okta.com https://*.smartenterprisewisdom.com https://*.hana.ondemand.com https://*.walkme.com https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com blob: ; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: ; 3 default-src 'self'; frame-ancestors 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.tawk.to https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://servicios.rnpdigital.com https://www.googletagmanager.com/ https://*.tawk.to https://cdn.jsdelivr.net; frame-src 'self' https://*.tawk.to https://*.doubleclick.net/; font-src 'self' https://*.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://s3.amazonaws.com https://www.google.co.cr https://*.google.com; connect-src 'self' https://servicios.rnpdigital.com https://analytics.google.com https://*.tawk.to wss://*.tawk.to; media-src 'self' https://*.tawk.to; form-action 'self' https://servicios.rnpdigital.com https://*.google.com https://*.tawk.to; 3 script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://js.stripe.com; img-src 'self' data: https://m.nownownow.com; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-src https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 3 default-src 'self'; script-src *.maps.yandex.net *.yandex.ru api-maps.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src yandex.ru api-maps.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru *.1c-bitrix.ru 'self' 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob; 3 default-src 'self' *.springairlines.com *.ch.com wkbrs2.tingyun.com *.growingio.com static.geetest.com;style-src 'self' 'unsafe-inline' *.springairlines.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ch.com *.springairlines.com static.geetest.com beacon.riskified.com assets.giocdn.com; img-src * data:; connect-src 'self' *.springairlines.com *.ch.com wkbrs2.tingyun.com c.riskified.com *.growingio.com;font-src 'self' static.geetest.com *.springairlines.com;worker-src 'self' blob: *.ch.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chatvisor.com *.clic2buy.com *.dynamicyield.com *.ecn-ldr.de *.econda-monitor.de *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hellweg.test *.idealo-partner.com *.jsdelivr.net *.loadbee.com *.payments-amazon.com *.paypal.com *.pay1.de *.searchhub.io *.tp-de.net *.trustedshops.com *.usercentrics.eu; frame-src *.econda-monitor.de *.google.com *.hellweg.test *.hibitaro.de *.idealo-partner.com *.loadbee.com *.paypal.com *.secure.pay1.de *.tp-de.net *.usercentrics.eu *.youtube.com *.youtube-nocookie.com; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src blob:; font-src https: data:; connect-src https: wss://api.eu.residency.elevenlabs.io; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; 3 form-action 'self' https://*.entorno.es; frame-ancestors 'none'; report-uri https://nicdev9.entorno.es/scp-report.php 3 default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors *.zywave.com *.zywave.net; img-src * data:; font-src * data:; media-src * blob:; report-uri zywave.com 3 frame-ancestors 'self' https://teams.microsoft.com ; 3 frame-ancestors 'self'; report-uri /csp-log.php 3 default-src 'self'; font-src 'self' data: https://use.typekit.net https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://widget.rather.chat https://widget.rather.chat/*; img-src 'self' data: https://p.typekit.net https://tawk.link https://tawk.link/* https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://flagcdn.com https://flagcdn.com/*; frame-src 'self' https://www.oldmutual.co.za/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://omdms.oldmutual.com.gh https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://test-payment.oldmutual.com.gh https://interpayafrica.com/interapi/ProcessPayment https://test-payment.oldmutual.com.gh/* https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://prod-dms.oldmutual.com.gh https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://omdms.oldmutual.com.gh https://api.hubspot.com https://payintegrations.oldmutual.com.gh https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.oldmutual.co.ke https://oldmutual.co.ke https://uapoldmutual.co.ug https://*.uapoldmutual.co.ug https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.zoho.com https://*.rather.chat https://*.rather.chat/* https://maps.googleapis.com/maps/* https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://prod-dms.oldmutual.com.gh https://test-payment.oldmutual.com.gh https://googleads.g.doubleclick.net https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.oldmutual.com.gh https://*.loopme.com https://sms.hubtel.com https://*.company-target.com https://widget.rather.chat https://widget.rather.chat/* https://js-cdn.dynatrace.com/jstag/15fc9f135f3/bf62395jrv/a207cbaa8e544abe_complete.js https://js-cdn.dynatrace.com; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://secure.rewards.oldmutual.com.na/ https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com https://test-dms.oldmutual.com.gh https://test.interpayafrica.com https://test-dms.oldmutual.com.gh/* https://test.interpayafrica.com/* 3 frame-ancestors 'self'; frame-src *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 3 frame-ancestors 'self' https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 3 frame-ancestors https://community.activisionblizzard.com 3 upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3 frame-ancestors 'self' https://appgate.lookbookhq.com https://appgate.pathfactory.com https://ww3.appgate.com; 3 default-src http: https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 3 upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be form.vliz.be www.omes-monitoring.be omes-monitoring.be; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.quantserve.com/ https://www.instagram.com/ https://app.termly.io/ https://www.google.com/ https://www.gstatic.com/ http://rules.quantcount.com/ http://cdn.scarabresearch.com/ https://assets.juicer.io/ https://www.googletagmanager.com/ http://cdn.scarabresearch.com/ https://cdn.levelaccess.net/ https://www.google-analytics.com/ https://www.googleadservices.com/ http://pixel.quantserve.com/ http://connect.facebook.net/ https://secure-ds.serving-sys.com/ https://s.pinimg.com/ http://xfqprspx.micpn.com/ https://static.bytedance.com/ http://www.lightboxcdn.com/ http://api.lightboxcdn.com/ https://bs.serving-sys.com/ http://www.juicer.io/ https://js.adsrvr.org/; object-src 'none' 3 default-src 'self' https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://acsbapp.com https://widget.datablocks.se; connect-src 'self' https://plausible.io https://acsbapp.com https://*.acsbapp.com wss://ws-eu.pusher.com https://sockjs-eu.push https://widget.datablocks.se https://*.mfn.se; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://*.graphassets.com blob: data:; media-src 'self' https://*.graphassets.com; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; upgrade-insecure-requests; 3 frame-ancestors https://ads.tiktok.com 3 default-src blob: data: file: 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com https://*.gstatic.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.com https://loco.com https://*.loco.gg https://loco.gg https://*.google.com https://imasdk.googleapis.com https://www.googleadservices.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ http://imasdk.googleapis.com/ https://accounts.google.com/ https://api2.amplitude.com/2/httpapi https://*.googletagmanager.com https://player.stats.live-video.net/ https://otpless.com/ *.live-video.net https://moe-email-campaigns.s3.amazonaws.com/ https://image.moengage.com/ https://cdn.moengage.com/ https://js.stripe.com/ https://sandbox.pagbrasil.com/ https://pagbrasil.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.google.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.getloconow.com https://*.easyvideo.in https://*.loco.com https://loco.com https://*.loco.gg https://loco.gg https://player.live-video.net https://www.googleadservices.com https://cdn.jsdelivr.net https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://cdn-ops.verloop.io/livechat-script/1.1.23/script.min.js https://api2.amplitude.com/2/httpapi https://otpless.com/ *.live-video.net https://cdn.moengage.com/ https://app-cdn.moengage.com/ https://js.stripe.com/ https://sandbox.pagbrasil.com/ https://pagbrasil.com/; connect-src 'self' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://vitals.vercel-insights.com https://www.facebook.com/ https://*.loco.com https://loco.com https://*.loco.gg https://loco.gg https://*.getloconow.com https://*.easyvideo.in https://player.live-video.net/ https://api.amplitude.com https://*.sentry.io wss://*.getloconow.com:9002 wss://cf-mqtt-ws.getloconow.com wss://dev-cf-mqtt-ws.getloconow.com https://*.googleapis.com http://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.pubnubapi.com https://global.poe.live-video.net/ https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://api2.amplitude.com/2/httpapi https://*.ap-south-1.playback.live-video.net/ https://*.sa-east-1.playback.live-video.net/ https://*.us-east-1.playback.live-video.net/ https://player.stats.live-video.net/ *.live-video.net https://graph.facebook.com/ https://*.s3.ap-southeast-1.amazonaws.com https://sdk-01.moengage.com/ https://sdk-02.moengage.com/ https://sdk-03.moengage.com/ https://sdk-04.moengage.com/ https://api.lab.amplitude.com/ https://sandbox.pagbrasil.com/ https://pagbrasil.com; style-src 'self' 'unsafe-inline' https://connect.facebook.net https://api.trafficguard.ai https://tgtag.io/ https://www.facebook.com/ https://*.googleapis.com https://*.getloconow.com https://*.easyvideo.in https://*.google.com https://*.loco.com https://loco.com https://*.loco.gg https://loco.gg https://imasdk.googleapis.com/ https://www.google.co.in/pagead https://www.google.com/pagead https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://partner.googleadservices.com/ https://s0.2mdn.net/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://www.googletagservices.com https://pubads.g.doubleclick.net https://redirector.gvt1.com/ https://*.googlevideo.com/ https://td.doubleclick.net/ https://locoapp.verloop.io/ https://api2.amplitude.com/2/httpapi *.live-video.net https://app-cdn.moengage.com/ https://fonts.bunny.net/ https://*.googletagmanager.com; frame-ancestors 'self' https://*.getloconow.com https://*.easyvideo.in https://*.loco.com https://loco.com https://*.loco.gg https://loco.gg https://liquipedia.net/ *.live-video.net https://cdn.moengage.com/ https://sandbox.pagbrasil.com/ https://pagbrasil.com/; img-src * data: *.live-video.net https://moe-email-campaigns.s3.amazonaws.com/ https://image.moengage.com/; media-src * blob: data: file: *.live-video.net; font-src 'self' data: fonts.gstatic.com https://*.loco.com https://loco.com https://*.getloconow.com https://*.loco.gg https://fonts.bunny.net/ ; object-src 'none'; worker-src * blob: data: file: *.live-video.net; 3 default-src *; style-src * 'unsafe-inline'; worker-src 'self' blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' blob: data: https: wss:; frame-ancestors 'self' *.brighthr.com app.brighthr.ie app.brighthr.com.au *.brightsafe.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pixel.byspotify.com lex.33across.com *.adroll.com *.awin1.com *.bing.com *.cloudflareinsights.com *.convertexperiments.com *.doubleclick.net https://bat.bing-int.com *.driftt.com *.dwin1.com connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googleoptimize.com *.googletagmanager.com *.quantcount.com *.quantserve.com *.gstatic.com *.hotjar.com cdn.landbot.io snap.licdn.com app-lon04.marketo.com cdn.dreamdata.cloud app.vwo.com munchkin.marketo.net *.mplat-ppcprotect.com *.nyltx.com *.onetrust.com qvdt3feo.com *.rakuten.com lantern.roeyecdn.com *.ruleranalytics.com the.sciencebehindecommerce.com smct.co js.smct.co js.smct.io *.stackadapt.com *.stripe.com *.visualwebsiteoptimizer.com *.youtube.com *.clarity.ms px.ads.linkedin.com; style-src 'self' 'unsafe-inline' data: https:; worker-src 'self' blob:; report-uri https://brighthr.report-uri.com/r/d/csp/enforce; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3 worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://embed.cloudflarestream.com *.google.com *.gstatic.com *.googletagmanager.com *.stripe.com *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.vimeo.com *.hs-scripts.com *.sentry.io *.freshworks.com embed.cloudflarestream.com cdn.jsdelivr.net https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-src localhost *.realms.tv youtube.com *.youtube.com twitch.tv *.twitch.tv vimeo.com *.vimeo.com facebook.com *.facebook.com transistor.fm *.transistor.fm apple.com *.apple.com spotify.com *.spotify.com rumble.com *.rumble.com 1a-1791.com *.1a-1791.com *.cloudflarestream.com *.soundslice.com *.google.com *.stripe.com *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com *.freshdesk.com https://www.youtube-nocookie.com/ https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-ancestors 'self' popdaze.com; img-src * data: blob: *.b-cdn.net *.r-cdn.net; 3 default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 3 frame-ancestors 'self' mill3.studio 3 frame-ancestors 'self' temenos.seismic.com 3 default-src 'self'; img-src 'self' *.alphabet.com 10.0.20.57 *.linkedin.com *.adition.com *.vivocha.com https://vivocha-csm.s3.eu-central-1.amazonaws.com/alphabet/* *.facebook.net *.facebook.com *.eloqua.com *.doubleclick.net *.googletagmanager.com *.google.com *.google.de *.google.co.uk *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/react-client-captcha/dist/retry.svg data:; font-src 'self' *.alphabet.com *.gstatic.com *.vivocha.com; script-src 'self' *.alphabet.com *.bmw.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.licdn.com *.facebook.net *.vivocha.com *.en25.com *.adition.com *.hotjar.com 10.0.20.57 *.googleapis.com *.epaas.api.bmw *.criteo.com *.adform.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.alphabet.com 10.0.20.57 *.vivocha.com *.googleapis.com 'unsafe-inline'; connect-src 'self' *.alphabet.com 10.0.20.57 *.bmw.com bmwag.d3.sc.omtrdc.net *.vivocha.com *.hotjar.com *.epaas.api.bmw *.googleapis.com *.aladin.azure.bmw.cloud *.linkedin.oribi.io *.ads.linkedin.com *.google.com *.doubleclick.net; frame-src 'self' *; frame-ancestors 'self' *.alphabet.com 10.0.20.57 *.bmw.com *.wepf.bmwgroup.net; object-src 'none'; base-uri 'self' alpha.alphabet.com 10.0.20.57; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.jsdelivr.net *.cloudflare.com *.googleapis.com *.1worldsync.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.embluemail.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.lacuracao.pe *.efe.com.pe 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.pmbox.cloud *.inconcertcc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.criteo.net *.flixcar.com *.os.tc *.onesignal.com *.doubleclick.net *.vnforapps.com *.online-metrix.net gum.criteo.com fledge.us.criteo.com *.livechatinc.com *.pointandplace.com *.powr.io *.omnitok.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.efe.com.pe *.flixcar.com *.flix360.com https://*.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com.pe *.lacuracao.pe *.doubleclick.net *.emxdgt.com *.bidswitch.net img *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.criteo.com *.bluekai.com *.yahoo.com *.clmbtech.com *.smaato.net *.sharethrough.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.bing.com *.teads.tv *.3lift.com *.omnitagjs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.embluemail.com *.yieldmo.com *.tremorhub.com *.mediavine.com *.liadm.com *.flix360.io *.aralego.com *.criteo.net *.aralego.net *.vnforapps.com *.online-metrix.net *.yahoo.net *.contextweb.com *.demoup.com *.pointandplace.com *.adform.net *.adgrx.com *.powrcdn.com *.1rx.io *.alquimio.cloud *.yandex.com *.yandex.ru *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com *.agkn.com *.unrulymedia.com *.1worldsync.com *.windows.net *.clarity.ms *.hsforms.net *.hsforms.com *.hubspotusercontent-na1.net *.hubspot.com yandex.ru *.hsappstatic.net *.fwmrm.net *.adsrvr.org *.bidr.io *.sitescout.com *.crwdcntrl.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.embluemail.com *.hotjar.com storage.googleapis.com *.flixfacts.com *.flixcar.com *.onesignal.com onesignal.com *.inconcertcc.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.criteo.com *.tiktok.com *.flix360.io *.pointandplace.com *.vnforapps.com *.ccdc02.com *.online-metrix.net *.amazonaws.com *.demoup.com *.livechatinc.com *.powr.io *.omnitok.com infimv.com *.topsort.com *.jsdelivr.net *.yads.tech *.1worldsync.com *.clarity.ms *.hsforms.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com onesignal.com *.flixcar.com *.cloudflare.com *.googleapis.com *.1worldsync.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.culqi.com *.alquimio.cloud *.hotjar.com *.hotjar.io wss://*.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.criteo.com *.doubleclick.net *.embluemail.com onesignal.com google.com.pe *.pointandplace.com *.flixcar.com *.google.com.pe *.vnforapps.com *.tiktok.com *.pangle-ads.com *.demoup.com *.flix360.com *.powr.io *.topsort.com *.yandex.com *.yandex.ru *.yads.tech *.yango.com *.omnitok.com *.psychological.ai *.hsforms.net *.hsforms.com *.amazonaws.com *.hubspot.com *.clarity.ms *.hubapi.com *.hscollectedforms.net/ facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://snap.licdn.com https://*.googlesyndication.com https://img.en25.com https://connect.facebook.net https://static.ads-twitter.com https://ws.zoominfo.com https://*.googleadservices.com https://*.google.com https://*.brightcove.com https://*.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://vjs.zencdn.net https://secure.p04.eloqua.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://*.opendns.com https://opencdn.fpjs.sh https://fpnpmcdn.net https://*.linkedin.com https://*.gartner.com https://cdnjs.cloudflare.com https://openfpcdn.io https://*.adtrafficquality.google https://*.company-target.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.viavisolutions.com https://*.googleapis.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://players.brightcove.net https://www.gartner.com https://*.brightcove.com; img-src 'self' about: blob: data: https://*.viavisolutions.com http://comms.viavisolutions.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://*.clarity.ms https://t.co https://analytics.twitter.com https://*.linkedin.com https://www.facebook.com https://*.brightcove.com https://ws.zoominfo.com https://*.boltdns.net https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tags.srv.stackadapt.com https://stickerly.pstatic.net https://players.brightcove.net https://*.gartner.com https://*.clarity.ms https://*.bing.com; media-src 'self' blob: https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.akamaihd.net https://*.cf.brightcove.com; frame-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://td.doubleclick.net https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com https://www.googletagmanager.com; frame-ancestors 'self' https://*.viavisolutions.com https://viavi.seismic.com; child-src 'self' blob: https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://players.brightcove.net https://*.brightcove.com; connect-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://*.gstatic.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://maps.googleapis.com https://*.g.doubleclick.net https://tags.srv.stackadapt.com https://*.brightcove.com https://ws.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.clarity.ms https://*.boltdns.net https://*.akamaihd.net https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com https://tag-logger.demandbase.com https://*.opendns.com https://px.ads.linkedin.com https://api.fpjs.io https://www.feedrapp.info https://*.adtrafficquality.google https://*.ceros.com https://*.brightcovecdn.com; report-uri /report-csp-violation 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors *; 3 connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.doubleclick.net https://insight.adsrvr.org www.googleadservices.com px.ads.linkedin.com *.facebook.com/ *.6sc.co capig.stape.do wss://*.hotjar.com *.hotjar.io https://*.qualtrics.com;frame-ancestors 'self' ww.google.com;object-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com cdn.jsdelivr.net https://js.adsrvr.org www.buzzsprout.com www.youtube.com connect.facebook.net static.ads-twitter.com snap.licdn.com *.6sc.co *.hotjar.com https://*.qualtrics.com https://cdn.delivr.ai;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com www.internationaltrucks.com; 3 default-src 'self' https://tngr.co https://*.yellow.ai; connect-src 'self' https://develop--whimsical-donut-f2fd99.netlify.app https://uat--whimsical-donut-f2fd99.netlify.app https://uat.tanger.com https://api.tanger.com https://www.tanger.com https://account.tanger.com *.onetrust.com https://cdn.cookielaw.org https://identity.mparticle.com https://jssdks.mparticle.com https://jssdkcdns.mparticle.com https://images.contentstack.io https://d1p5cqqchvbqmy.cloudfront.net https://api-gateway.mappedin.com https://cdn.mappedin.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://js.stripe.com/ https://ingesteer.services-prod.nsvcs.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://www.google.com/recaptcha/api/ https://aw-services.us.vibes.com//api/ https://aw-services.us.vibes.com//authenticate https://aw-services.us.vibes.com//widgets/ wss://*.yellow.ai https://*.yellow.ai https://*.liadm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://d1p5cqqchvbqmy.cloudfront.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.cookielaw.org https://jssdkcdns.mparticle.com https://cdn.vibes.com/aw/widget.js https://connect.facebook.net https://analytics.tiktok.com https://resources.fidel.uk https://js.stripe.com https://js.adsrvr.org siteimproveanalytics.com https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://*.yellowmessenger.com https://b-code.liadm.com; worker-src 'self' blob:; frame-src 'self' https://www.google.com https://resources.fidel.uk https://js.stripe.com/ https://13250566.fls.doubleclick.net https://td.doubleclick.net https://insight.adsrvr.org *.sojern.com *.doubleclick.net *.adnxs.com https://tngr.co https://cdn.tangeroutlet.com/ https://i.liadm.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.googleapis.com https://*.yellowmessenger.com; img-src 'self' blob: https://www.google-analytics.com https://r4.app.yellow.ai https://r4-ym-uploads.s3-us-west-2.amazonaws.com https://r4-ym-confidential.s3.amazonaws.com https://*.yellowmessenger.com https://*.liadm.com data: https://www.tanger.com https://images.contentstack.io https://cdn.cookielaw.org https://cdn.mappedin.com https://www.facebook.com https://ad.ipredictive.com https://ad.doubleclick.net https://ciqtracking.com https://secure.adnxs.com https://adservice.google.com https://insight.adsrvr.org *.siteimproveanalytics.io https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://analytics.tiktok.com/ https://upload.wikimedia.org/wikipedia/commons/6/6f/Tanger_logo.svg https://tngr.co https://cdn.tangeroutlet.com https://d2xs7zaan7w9gl.cloudfront.net; font-src 'self' https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.gstatic.com https://*.yellowmessenger.com; form-action 'self'; manifest-src 'self' 3 frame-ancestors 'self' https://*.castlery.com https://app.storyblok.com 3 default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 3 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 3 default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://app.storylane.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com https://app.storylane.io;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net https://app.storylane.io; child-src blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io; 3 default-src http: https: 'unsafe-inline'; img-src https: 'unsafe-inline' http://wtappscdn.wireless.bell.ca 3 default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; style-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 3 default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at player.vimeo.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 3 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;media-src d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3 script-src 'unsafe-eval' 'unsafe-inline' 'self' global.oktacdn.com static.cloud.coveo.com widgets.getsitecontrol.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com enbridgegas.ca1.qualtrics.com zn1xi1bzr9ed0u8xc-enbridgegas.siteintercept.qualtrics.com www.googletagmanager.com www.google.com kendo.cdn.telerik.com enerline.enbridgegas.com oc-cdn-public.azureedge.net widgets.getsitecontrol.com p.typekit.net github.com fonts.googleapis.com op3static.oktacdn.com www.gstatic.com google.com/recaptcha cdn.jsdelivr.net use.typekit.net homerenorebateapi.parachutesoftware.com homerenovationsavings.ca enbridgegas.com app.usercentrics.eu cdnjs.cloudflare.com code.jquery.com www.w3.org ajax.googleapis.com datatables.net snap.licdn.com googleads.g.doubleclick.net connect.facebook.net player.vimeo.com www.savewithgas.com ws1.postescanada-canadapost.ca widgets.getsitecontrol.com az416426.vo.msecnd.net st.getsitecontrol.com tcservices.uniongas.com enbridgegas.ca1.qualtrics.com; style-src 'unsafe-eval' 'unsafe-inline' 'self' global.oktacdn.com static.cloud.coveo.com widgets.getsitecontrol.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com zn1xi1bzr9ed0u8xc-enbridgegas.siteintercept.qualtrics.com www.googletagmanager.com www.google.com kendo.cdn.telerik.com github.com fonts.googleapis.com op3static.oktacdn.com www.gstatic.com google.com/recaptcha app.usercentrics.eu cdnjs.cloudflare.com tcservices.uniongas.com enerline.enbridgegas.co oc-cdn-public.azureedge.net widgets.getsitecontrol.com cdn.jsdelivr.net use.typekit.net homerenorebateapi.parachutesoftware.com homerenovationsavings.ca enbridgegas.com p.typekit.net ws1.postescanada-canadapost.ca www.w3.org getbootstrap.com enbridgegas.ca1.qualtrics.com; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://webvisor.com https://nic-t.ru https://www.nic-t.ru 3 frame-ancestors 'self' https://www.google.com 3 default-src 'self'; frame-ancestors 'self' https://prod-author.repsol.com/ https://www.todoluzygas.es/ areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es repsol.pt pro.areaclientemultienergia.es *.repsolluzugas.com *.repsol.com; frame-src * ; media-src *; img-src * https://cdn.valuesportal.com https://log.adtraction.fail blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://valuesportal.com https://cdn.adt356.com https://gtm.adt313.net https://cnv.adt632.com *.google-analytics.com *.analytics.google.com *.krxd.net www.google.com d3a.walmeric.com cdn.jsdelivr.net cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com snap.licdn.com stories.adsocy.com 9000468.spxl.socy.es p1.socy.es repsol.my.site.com ai.trk42.net pro.areaclientemultienergia.es adtraction.net kwanko.com img.metaffiliation.com *.adobe.net jswebproduction.com Preciso.net 2trk.info cookieless-data.com sddan.com adnxs.com euob.isstarsbuilding.com c.amazon-adsystem.com obseu.isstarsbuilding.com s.kk-resources.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 3 default-src * data: 'unsafe-inline'; frame-ancestors 'self'; 3 default-src 'self' https://cdn.vargroup.com https://*.gstatic.com https://*.adacto.it https://*.vargroup.it http://*.tidiochat.com https://*.tidiochat.com https://*.dynamics.com https://*.genially.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.vargroup.com https://*.hsforms.net https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.google.com https://*.gstatic.com http://*.hsforms.net https://*.hsforms.net https://*.recaptcha.net https://*.addthis.com https://*.intervieweb.it https://*.azureedge.net https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com http://*.tidio.co https://*.tidio.co http://*.tidiochat.com https://*.tidiochat.com https://*.youtube.com https://*.aspnetcdn.com https://*.dynamics.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://*.hubspot.com https://cdnjs.cloudflare.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com; style-src 'self' 'unsafe-inline' https://cdn.vargroup.com https://*.googleapis.com https://*.azureedge.net https://*.genially.com; img-src * data:; media-src 'self' https://cdn.vargroup.com https://sitecore.vargroup.com https://edge.sitecorecloud.io http://*.tidiochat.com https://*.tidiochat.com https://*.genially.com; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://docs.google.com https://*.google.com https://*.hsforms.com https://*.recaptcha.net https://*.intervieweb.it https://*.dynamics.com https://*.googletagmanager.com https://*.microsoft.com https://*.googleadservices.com https://*.doubleclick.net https://sitecore.vargroup.com https://*.hubspot.com https://player.vimeo.com/ https://go.pardot.com/ https://*.genially.com https://*.powerbi.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://sitecore.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io https://cdn.vargroup.com; frame-ancestors https://sitecore.vargroup.com https://cdn.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io; object-src none; connect-src 'self' https://cdn.vargroup.com https://*.hsforms.com https://www.youtube.com https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.ingest.sentry.io https://*.intervieweb.it https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.doubleclick.net http://*.tidiochat.com https://*.tidiochat.com ws://*.tidio.co wss://*.tidio.co https://*.dynamics.com https://*.azureedge.net https://sitecore.vargroup.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ https://*.hubspot.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com 3 default-src 'none'; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com https://px.ads.linkedin.com https://nagra.matomo.cloud/; font-src 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/; img-src 'self' data: https://px.ads.linkedin.com https://img.youtube.com https://forms.hsforms.com https://forms-na1.hsforms.com; manifest-src 'self'; media-src 'self'; script-src 'self' https://snap.licdn.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://nagra.matomo.cloud https://static.cloudflareinsights.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline' https://nagra.matomo.cloud/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 3 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self' https://storable.my.salesforce.com https://storable.lightning.force.com; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 3 frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2024.5/;, frame-ancestors 'self' https://borisfx.com/documentation/optics-2025/; 3 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 3 default-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://app.hubspot.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://event.getblue.io https://flashapp.com.br https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsforms.net https://js.hubspot.com https://platform.linkedin.com https://platform.twitter.com https://s3.amazonaws.com https://script.hotjar.com https://serve.albacross.com/track.js https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://unpkg.com https://widget.getblue.io https://www.googletagmanager.com https://*.twil.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://s3.amazonaws.com https://static.hsappstatic.net https://unpkg.com; font-src 'self' https://5938567.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://5938567.fs1.hubspotusercontent-na1.net https://analytics.google.com https://api.hubapi.com https://api.reclameaqui.com.br https://bat.bing.com https://c.ba.contentsquare.net https://flashapp.com.br https://forms.hsforms.com https://google.com https://js.hs-banner.com https://new-collect.albacross.com https://px.ads.linkedin.com https://server-side-tagging-4xp5wewwsq-uc.a.run.app https://stats.g.doubleclick.net https://us-central1-flash-site-production.cloudfunctions.net https://vc.hotjar.io https://wci-868355199753.us-central1.run.app https://webchat-serverless-9689-dev.twil.io https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com wss://tsock.us1.twilio.com https://*.hubspot.com; img-src 'self' data: https:; frame-src https://5938567.hs-sites.com https://event.getblue.io https://platform.twitter.com https://play.hubspotvideo.com https://server-side-tagging-4xp5wewwsq-uc.a.run.app https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hsforms.com;; upgrade-insecure-requests 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src https:; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob:; 3 frame-ancestors self vsadmin.badge.nl 3 frame-ancestors *.tostadora.fr *.tostadora.co.uk *.tostadora.com *.tostadora.it *.latostadora.com tostadora.fr tostadora.co.uk tostadora.com tostadora.it latostadora.com www.latostadora.dock:* www.tostadora.fr.dock:* www.tostadora.it.dock:* www.tostadora.co.uk.dock:* www.tostadora.com.dock:* mx.latostadora.dock:*; 3 default-src 'self' https:; style-src 'self' 'unsafe-inline' vytag.humany.net entur.humany.net wds.ace.teliacompany.com tagmanager.google.com fonts.googleapis.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' dd.cloud.vy.no js.api.here.com ct.captcha-delivery.com az416426.vo.msecnd.net wds.ace.teliacompany.com connect.facebook.net *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.hotjar.com bat.bing.com cdn.moengage.com *.openstreetmap.org; connect-src blob: 'self' *.cloud.vy.no *.cloud.vy.se *.adyen.com *.hereapi.com js.api.here.com *.ace.teliacompany.net dc.services.visualstudio.com/v2/track stats.g.doubleclick.net www.facebook.com/tr/ vytag.humany.net entur.humany.net *.hotjar.com *.hotjar.io bat.bing.com www.google.com google.com adservice.google.com api.bring.com cloudflare-dns.com sdk-02.moengage.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com eyx1eny7.apicdn.sanity.io; img-src data: images.vy.no ts.tradetracker.net *.openstreetmap.org js.api.here.com 'self' *.adyen.com cdn.sanity.io view-components.cloud.nsb.no moe-email-campaigns.s3.amazonaws.com image.moengage.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.no googleads.g.doubleclick.net www.google.com bat.bing.com www.facebook.com/tr/ ad.doubleclick.net; font-src 'self' *.vy.no js.api.here.com vytag.humany.net entur.humany.net ace-knowledge-cdn.teliacompany.net fonts.gstatic.com *.hotjar.com; frame-src 'self' *.id.vy.no id.vy.no *.adyen.com geo.captcha-delivery.com wds.ace.teliacompany.com *.hotjar.com *.doubleclick.net www.facebook.com cdn.moengage.com; frame-ancestors 'self' registration.vulog.center; report-uri /web-services/web-logger 3 frame-ancestors 'self' https://www.rhonefm.ch; 3 frame-ancestors 'self' app.contentful.com; upgrade-insecure-requests 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com worldtrader.hsbc.ae *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.traderstation-international.com; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 3 default-src *; style-src 'self' https://p.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://tag.simpli.fi https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org https://maps.googleapis.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; upgrade-insecure-requests; object-src 'none'; form-action 'self'; img-src * data:; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src-attr * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none';frame-src * data: blob:;form-action *;base-uri 'self';object-src 'none' 3 Upgrade-Insecure-Requests; default-src 'self' https: *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net performance.typekit.net *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.coherent.com *.google.com *.osano.com t.co lltrck.com; media-src 'self' blob: https: *.coherent.com; img-src 'self' data: https: *.coherent.com *.scene7.com *.ggpht.com *.ytimg.com *.google.com *.example.com *.linkedin.com *.facebook.com *.youtube.com *.google.com *.google-analytics.com *.imgix.net *.doubleclick.net *.pardot.com *.adsymptotic.com t.co; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; font-src 'self' data: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.typekit.com *.hotjar.com *.hotjar.io *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com *.pardot.com; object-src 'self' *.bioz.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.osano.com *.zoominfo.com *.facebook.net *.hotjar.com *.hotjar.io *.facebook.com *.linkedin.com *.searchcdn.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.coherent.com *.pardot.com *.google-analytics.com *.msecnd.net *.drift.com *.youtube.com *.licdn.com *.twitter.com *.ads-twitter.com *.googleadservices.com *.doubleclick.net *.peopleclick.com *.peopleclick.eu.com *.adsymptotic.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.drift.com *.coherent.com *.pardot.com *.driftt.com *.osano.com *.googletagmanager.com; form-action 'self' https: *.coherent.com *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.google-analytics.com *.google.com *.facebook.net; frame-ancestors 'self' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com t.co *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com lltrck.com; base-uri 'self' 3 default-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://www.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://www.linkedin.com https://feaasstatic.blob.core.windows.net https://siteimproveanalytics.com https://snap.licdn.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://platform.twitter.com https://open.spotify.com https://www.podbean.com;style-src 'self' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://www.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com;img-src 'self' blob: data: https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://googleads.g.doubleclick.net/ https://*.siteimproveanalytics.io https://www.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com;font-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com data:;connect-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://noembed.com https://*.cloudflare.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.passle.net https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com;object-src 'none';base-uri 'self';form-action 'self';frame-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://edge.sitecorecloud.io https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://platform.twitter.com https://open.spotify.com https://www.podbean.com https://youtube.com https://www.youtube.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://www.google.com;block-all-mixed-content;upgrade-insecure-requests; 3 frame-ancestors 'self' travel-dealz.de travel-dealz.com forum.travel-dealz.de kreuzfahrten.travel-dealz.de cruises.travel-dealz.com; 3 child-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.aptrinsic.com/ https://*.cookiereports.com https://*.data-crypt.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.mottmac.com https://*.optimizely.com https://*.shorthand.com https://*.unsplash.com https://dc.services.visualstudio.com; font-src 'self' https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.typekit.net/; frame-src 'self' https://*.blubrry.com https://*.doubleclick.net https://*.idio.episerver.net https://*.optimizely.com https://*.shorthand.com https://*.spotify.com/ https://*.sproutsocial.com https://*.youtube-nocookie.com https://*.youtube.com https://flo.uri.sh/ https://player.vimeo.com https://public.flourish.studio/ https://www.podbean.com/; img-src 'self' data: https://*.analytics.google.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.lfeeder.com https://*.linkedin.com https://*.mottmac.com https://*.optimizely.com https://*.shorthandstories.com https://*.siteimproveanalytics.io https://*.ytimg.com https://maps.gstatic.com https://optimizely-public-design-assets.s3.amazonaws.com; manifest-src 'self'; media-src 'self' https://*.idio.episerver.net https://*.mottmac.com https://*.optimizely.com https://*.shorthandstories.com; script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.data-crypt.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.idio.episerver.net https://*.lfeeder.com https://*.optimizely.com https://*.shorthand.com https://*.shorthandstories.com https://*.youtube.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://code.jquery.com/jquery-3.2.1.slim.min.js https://flo.uri.sh/ https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://news.files.bbci.co.uk https://player.vimeo.com https://siteimproveanalytics.com https://snap.licdn.com https://web-sdk-eu.aptrinsic.com/api/aptrinsic.js; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.googletagmanager.com https://*.idio.episerver.net https://js.monitor.azure.com https://public.flourish.studio/; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.shorthandstories.com https://*.typekit.net/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://web-sdk-eu.aptrinsic.com/style.css; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-attr 'unsafe-inline' https://*.idio.episerver.net; worker-src blob:; 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cookielaw.org https://*.googleapis.com https://cdn.branch.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.trustpilot.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://connect.facebook.net https://static.ads-twitter.com https://*.addthis.com https://app.link https://z.moatads.com https://v1.addthisedge.com https://static.zdassets.com https://use.typekit.net https://activewin.co.uk https://code.jquery.com https://*.quotezone.co.uk https://*.github.io https://*.cloudflare.com https://uicdn.toast.com https://*.google.com https://*.gstatic.com https://assets.pinterest.com https://analytics.tiktok.com https://*.onetrust.com https://*.shareaholic.net https://snap.licdn.com https://*.stackpathcdn.com https://cdn.viglink.com https://partner.shareaholic.com https://www.redditstatic.com https://*.hotjar.com https://dsms0mj1bbhn4.cloudfront.net https://cdn.openshareweb.com https://*.joinnetwork.com https://*.abtasty.com https://*.fullstory.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://*.typekit.net https://*.cloudflare.com https://*.toast.com https://*.hotjar.com https://fonts.bunny.net/ https://cdn.openshareweb.com https://*.joinnetwork.com https://*.abtasty.com; default-src 'self'; font-src 'self' blob: data: https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://*.stackpathcdn.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/ https://dsms0mj1bbhn4.cloudfront.net/v2/ https://fonts.bunny.net/ https://cdn.openshareweb.com https://*.joinnetwork.com https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; connect-src 'self' https://api.exponea.com https://api.network.exponea.com https://*.exponea.com https://stats.g.doubleclick.net https://*.addthis.com https://bat.bing.com https://www.google-analytics.com https://analytics.tiktok.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://*.google.com https://*.google-analytics.com https://*.shareaholic.com https://*.shareaholic.net https://api.viglink.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ads.linkedin.com https://*.redditstatic.com https://*.joinnetwork.com https://*.abtasty.com https://*.fullstory.com https://*.healthservicediscounts.com https://healthservicediscounts.com https://*.discountsforcarers.com https://discountsforcarers.com https://*.discountsforteachers.co.uk https://discountsforteachers.co.uk https://*.charityworkerdiscounts.com https://charityworkerdiscounts.com; frame-src 'self' https://*.addthis.com https://www.googletagmanager.com https://*.quotezone.co.uk https://*.youtube.com https://*.youtube-nocookie.com https://www.pages04.net http://images.healthservicediscounts.com https://images.healthservicediscounts.com https://perk.ee.co.uk https://*.facebook.com https://*.trustpilot.com https://*.google.com https://assets.pinterest.com https://vars.hotjar.com https://*.doubleclick.net https://*.joinnetwork.com https://*.abtasty.com; img-src 'self' data: https://t.co https://*.execute-api.eu-west-1.amazonaws.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://*.healthservicediscounts.com https://healthservicediscounts.com https://*.discountsforteachers.co.uk https://discountsforteachers.co.uk https://*.discountsforcarers.com https://discountsforcarers.com https://*.charityworkerdiscounts.com https://charityworkerdiscounts.com https://*.typekit.net https://*.toast.com https://*.google-analytics.com https://*.googletagmanager.com https://i.pinimg.com https://log.pinterest.com https://www.addthis.com https://*.atdmt.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://*.analytics.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://alb.reddit.com https://*.hotjar.com https://*.twitter.com https://images-static.trustpilot.com https://*.googleapis.com https://*.joinnetwork.com https://*.abtasty.com https://*.amazonaws.com https://gravatar.com 3 frame-ancestors 'self' https://extrawatch.com https://app.extrawatch.com; upgrade-insecure-requests; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 3 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://*.yandex.ru https://*.yandex.com; 3 default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:;frame-ancestors 'self'; 3 font-src 'self' *.gstatic.com *.cloudflare.com *.sfdcstatic.com *.cstatic.co.za data:;img-src 'self' *.commercecloud.salesforce.com *.demandware.net *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za googleadservices.com *.googleadservices.com *.gstatic.com *.tiktok.com *.contentsquare.net *.pixlee.com *.pixlee.co *.edgecastcdn.net *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za purecatamphetamine.github.io *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com data: *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;script-src 'self' 'unsafe-eval' *.googleapis.com *.salesforce.com *.salesforceliveagent.com *.cloudflareinsights.com cloudflareinsights.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com vic-m.co *.vic-m.co *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com unsafe-inline *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;frame-src 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com *.pargo.co.za salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;frame-ancestors 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;script-src-elem 'self' 'unsafe-inline' *.force.com *.lightning.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.secure.force.com *.cloudflareinsights.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com google.com vic-m.co *.vic-m.co *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.cloudflare.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;connect-src 'self' api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.demandware.net *.force.com *.salesforce-sites.com *.secure.force.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.salesforce-sites.com *.turnto.eu *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.turnto.eu *.salesforce-sites.com *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;media-src 'self' *.amplience.net api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.demandware.net *.force.com development-eu01-capeunion.demandware.net *.salesforce-sites.com *.secure.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.media.amplience.net *.static.amplience.net *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;worker-src 'self' *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za blob:;child-src 'self' blob:;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;object-src 'none' 3 frame-ancestors 'self' *.ourbit.com *.ourbit.io *.seebestfirst.com *.seebestsecond.com 3 default-src 'self'; base-uri 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.arla.com cdn.cookielaw.org www.arla.com www.googletagmanager.com www.youtube.com *.pinimg.com sc-static.net analytics.tiktok.com siteimproveanalytics.com *.msecnd.net *.pinterest.com *.clarity.ms *.snapchat.com *.cloudfront.net *.facebook.net *.facebook.com www.arla.ph www.arla.be www.google.com www.gstatic.com www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.doubleclick.net www.googleadservices.com *.foodinfluencersunited.nl *.foodinfluencersunited.com destinilocators.com code.jquery.com *.typekit.net *.aptrinsic.com azsaprmarketingecosystem.z6.web.core.windows.net *.jsdelivr.net; style-src 'self' 'unsafe-inline' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy azsaprmarketingecosystem.z6.web.core.windows.net *.googleapis.com *.gstatic.com *.typekit.net *.aptrinsic.com *.jsdelivr.net; img-src data: 'self' blob: *.arla.com arlamedia.blob.core.windows.net *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.adtrafficquality.google *.google-analytics.com cdn.cookielaw.org *.pinterest.com *.snapchat.com *.siteimproveanalytics.io *.clarity.ms *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua img.youtube.com *.ytimg.com collector.ontame.io www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.streaming.mediakind.com *.foodinfluencersunited.nl *.foodinfluencersunited.com *.turn.com *.tubemogul.com *.everesttech.net *.typekit.net *.bing.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat mnd-assets.mynewsdesk.com; font-src data: 'self' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.googleapis.com *.gstatic.com *.typekit.net *.aptrinsic.com *.cloudfront.net; connect-src 'self' data: *.arla.net *.arla.com cdn.cookielaw.org www.googletagmanager.com www.google.com *.pinterest.com analytics.tiktok.com *.snapchat.com dc.services.visualstudio.com *.onetrust.com *.facebook.com *.facebook.net *.clarity.ms *.doubleclick.net *.google.com www.arla.ph www.youtube.com www.arla.be www.arlafoods.ca www.arla.com.cy *.streaming.mediakind.com *.foodinfluencersunited.nl *.foodinfluencersunited.com *.typekit.net *.aptrinsic.com azsaprmarketingecosystem.z6.web.core.windows.net *.gstatic.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' www.google.com *.arla.com www.youtube.com *.adtrafficquality.google *.googlesyndication.com *.youtube.com *.youtube-nocookie.com app.brandheroes.com www.googletagmanager.com *.googleadservices.com *.doubleclick.net *.pinterest.com *.snapchat.com *.facebook.com *.facebook.net *.foodinfluencersunited.nl *.foodinfluencersunited.com destinilocators.com; media-src 'self' blob: *.mediakind.com; form-action 'self' www.arla.com www.arla.ph www.arla.be www.arlafoods.ca www.arlafoods.de www.arla.com.cy *.facebook.com *.facebook.net; 3 default-src'self' 3 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 3 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' data: *; frame-ancestors 'self' 3 frame-ancestors https://manage.scienceandmedicinegroup.com/ 3 object-src 'self' www.google.com transac.telebec.com google-analytics.com api.google-analytics.com; frame-ancestors 'self'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com:443 https://cdnjs.cloudflare.com:443; font-src 'self' https://fonts.gstatic.com:443 https://cdnjs.cloudflare.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://cdnjs.cloudflare.com:443; connect-src 'self' https://dpm.demdex.net:443; frame-src 'self' https://newsquestdigital.demdex.net:443; img-src 'self' https://dpm.demdex.net:443 https://prime-magazine.co.uk:443/assets/images/PrimeLogoOnWhite.jpg https://www.living-magazines.co.uk:443/assets/images/logo.png https://newsquestdigitalmedia.d2.sc.omtrdc.net:443 https://*:443/resources/images/sitelogo 3 frame-ancestors 'self' embed.eventfrog.ch embed.eventfrog.de embed.eventfrog.at 3 default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.queue.core.windows.net *.cablelink.at *.salzburg-ag.tech px.ads.linkedin.com api.storyblok.com cdn.linkedin.oribi.io *.mouseflow.com https://www.google.com/recaptcha/ *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at *.pinimg.com a.storyblok.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' forms.office.com reglist24.com *.reglist24.com my.matterport.com *.svc.dynamics.com assets-eur.mkt.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 3 object-src 'self'; block-all-mixed-content; upgrade-insecure-requests; 3 base-uri 'self';frame-ancestors 'self'; 3 script-src 'self' blob: *.hcsctest.net *.hcsc.net rum.hlx.page 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-+YZqnAWTPJ9G7/VImu/8MHnpEzn7upBYnPfVF/yMQp4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com cdn.decibelinsight.net, frame-ancestors 'self', worker-src 'self' blob:, upgrade-insecure-requests 3 default-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 3 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 3 frame-ancestors 'self' *.adiglobaldistribution.us; 3 default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap: 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; 3 object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.vacaturesonline.nl https://www.werkzoeken.nl https://www.technicus.nl https://www.ictergezocht.nl; default-src blob: https://cdn.livechatinc.com https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://cdn.sleak.chat; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://connect.facebook.net https://cdn-cookieyes.com https://accounts.google.com https://maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://www.dropbox.com https://apis.google.com https://api.smooch.io https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net https://cdn.sleak.chat; connect-src 'self' https://www.facebook.com https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com http://maps.googleapis.com https://www.google.nl https://api.livechatinc.com https://*.analytics.google.com https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com https://*.vacaturesonline.nl https://*.ads.linkedin.com https://cdn.sleak.chat https://widget.sleak.chat; frame-src 'self' https://secure.livechatinc.com https://*.google.com/ https://www.youtube.com https://vars.hotjar.com https://www.werkzoeken.nl https://www.ictergezocht.nl https://www.technicus.nl https://widget.sleak.chat; font-src 'self' data: https://cdn.livechatinc.com https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com; img-src 'self' blob: data: https://img.youtube.com https://www.facebook.com https://cdn-cookieyes.com https://cdn.livechat-files.com https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.nl https://*.doubleclick.net https://widget.sleak.chat https://sygpwnluwwetrkmwilea.supabase.co https://uploads-ssl.webflow.com/64558916e4efcf5c5355b1d1/ 3 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https: *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com *.salesforceliveagent.com https://secure-test.worldpay.com/shopper/3ds/ddc.html https://seo.mageplaza.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com core.spreedly.com *.vimeo.com *.doubleclick.net https://static.addtoany.com https://map.pargo.co.za *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.contentsquare.net https://pay.google.com https://secure-test.worldpay.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.openpay.mx *.openpay.co https://*.moneris.com/ *.opencontrol.mx *.kaptcha.com *.openpay.pe *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https: data: *.cloudflare.com *.gstatic.com magefan.com cm.magefan.com *.postimg.cc *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal core.spreedly.com *.subscribepro.com *.cookielaw.org *.pcapredict.com *.salesforce.com *.postcodeanywhere.co.uk *.doubleclick.net *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.reviews.co.uk https://static.addtoany.com https://unpkg.com https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://js-agent.newrelic.com *.newrelic.com *.salesforceliveagent.com https://t.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org *.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com https://widgetapi.zoomengage.com *.zoomengage.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.googleoptimize.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com *.avada.io *.mapbox.com https://*.moneris.com/ *.googleapis.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.force.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.subscribepro.com *.fontawesome.com *.postcodeanywhere.co.uk *.prod.marketing.bat.net *.non-prod.marketing.bat.net https://accounts.google.com/gsi/style http://staticw2.yotpo.com/assets/open_sans.css https://staticw2.yotpo.com/assets/open_sans.css http://staticw2.yotpo.com/ https://staticw2.yotpo.com/ *.contentsquare.net *.cloudflare.com *.mapbox.com https://*.moneris.com/ *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.subscribepro.com core.spreedly.com *.cookielaw.org *.google.com *.doubleclick.net *.onetrust.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.secure.paygate.co.za services.postcodeanywhere.co.uk https://maps.googleapis.com/ https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://w2.yotpo.com/ https://ssapi.vuse.com/ *.newrelic.com *.salesforce.com *.salesforceliveagent.com *.contentsquare.net https://q-eu1.az.contentsquare.net https://k-eu1.az.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org https://s2.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com ekr.zdassets.com/ *.openpay.mx *.openpay.co https://get.geojs.io *.avada.io *.openpay.pe webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.net unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com sc.lfeeder.com googleads.g.doubleclick.net www.googletagmanager.com *.posthog.com app.posthog.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk *.vimeocdn.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; connect-src 'self' https://www.facebook.com/tr/ https://analytics.google.com *.hsforms.com *.posthog.com *.amazonaws.com https://www.google.com *.linkedin.com idxjobs-api.connectid.cloud https://signin.ultipro.com *.openweathermap.org stats.reciteme.com api.reciteme.com https://api.weatherapi.com/v1/current.json stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com; base-uri 'none'; form-action 'self' *.hsforms.com; font-src 'self' 'unsafe-inline' *.hsforms.com api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com * data: application; frame-src 'self' *.hsforms.com *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.doubleclick.net adfs.justretirement.com www.googletagmanager.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src 'self' 'unsafe-inline' * data: www.w3.org;; media-src 'self' *.investis.com; 3 frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 3 frame-ancestors 'self' *.zs.com https://zsprize.zs.com/; frame-src https://app.altrulabs.com/ *.surveymonkey.com *.google.com *.ampproject.org *.vimeo.com *.adobe.com *.zs.com *.hotjar.com *.doubleclick.net *.facebook.com *.demdex.net *.youtube.com *.buzzsprout.com *.ceros.com *.company-target.com https://www.googletagmanager.com/; img-src https://tag.simpli.fi/ https://i.vimeocdn.com/ *.zs.com 'self' *.bing.com https://www.googleadservices.com *.clarity.ms *.smassets.net *.twitter.com *.cookielaw.org *.ampproject.org *.scene7.com *.company-target.com https://match.prod.bidr.io *.doubleclick.net *.google.com *.google.co.in *.linkedin.com *.google-analytics.com *.facebook.com https://t.co *.adsymptotic.com *.akamaihd.net https://zs.sc.omtrdc.net *.everesttech.net *.ytimg.com *.googletagmanager.com *.demdex.net *.rlcdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net *.ampproject.org *.buzzsprout.com *.zs.com; font-src 'self' https://cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://player.vimeo.com/ https://code.jquery.com/jquery-3.5.0.min.js https://i.simpli.fi/ https://pixel.byspotify.com/ping.min.js https://tag.simpli.fi/ *.clarity.ms *.bing.com *.googleapis.com https://cdn.jsdelivr.net https://flow.cience.com *.surveymonkey.com *.go-mpulse.net *.gstatic.com *.google.com *.ampproject.org *.zs.com *.adobe.com *.adobedtm.com *.googletagmanager.com *.demandbase.com https://www.googleadservices.com *.youtube.com *.doubleclick.net *.licdn.com *.google-analytics.com *.ads-twitter.com https://s.ytimg.com *.facebook.net *.hotjar.com *.cookielaw.org *.marketo.net https://analytics.twitter.com *.onetrust.com *.akamaihd.net *.buzzsprout.com *.ceros.com *.zs.com; connect-src https://pixels.spotify.com/ https://assets.adobedtm.com *.linkedin.com *.clarity.ms 'self' *.akstat.io/ *.go-mpulse.net *.bing.com https://vimeo.com/ https://flow.cience.com https://flow.cience.com/api/v1/event* https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.facebook.com/privacy_sandbox/topics/registration* https://bat.bing.net/actionp/0?ti=343128404&Ver=2&mid=e17b58ce-5a61-4fbe-b4d4-11b0dee2e440&bo=2&evt=consent&src=default&cdb=AQET&asc=D https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt* *.demandbase.com *.linkedin.oribi.io *.google.com *.ampporject.org *.ampproject.org *.company-target.com *.tt.omtrdc.net *.cookielaw.org *.mktoresp.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.hotjar.io https://google.com/; worker-src blob:; 3 frame-ancestors 'self' https://www.google.com; 3 frame-ancestors 'self' https://tmw.secure.vmd.ca; 3 frame-ancestors 'self' https://metrika.yandex.ru; 3 object-src 'none'; img-src * data: blob:; default-src 'self' data: blob: https: *.sentry.io *.stripe.com *.clym.io https://*.hcaptcha.com wss://*.relay.crisp.chat; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors *; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.stripe.com apis.google.com *.clym.io *.clym-sdk.net *.clym-widget.net *.hcaptcha.com *.crisp.chat vercel.live *.googletagmanager.com; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 3 default-src https: http: wss: 'self' data: 'unsafe-inline' blob: 'unsafe-eval'; 3 frame-ancestors 'self' https://*.ageoflearning.com https://*.abcmouse.com; 3 default-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; frame-ancestors * 3 default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.zopim.com https://static.zdassets.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googleadservices.com https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://cdn.mxpnl.com https://*.youtube.com https://*.moatads.com https://*.addthisedge.com https://fast.wistia.com https://beacon-v2.helpscout.net https://ekr.zdassets.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://www.googleoptimize.com https://kit.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/11.1.0/jsrsasign-all-min.js; style-src 'self' 'unsafe-inline' https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com *.licdn.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://*.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src * 'self' blob:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; upgrade-insecure-requests; 3 default-src 'self'; script-src 'self'; 3 frame-ancestors 'self' https://*.storyblok.com; 3 frame-ancestors 'self' *.gdms.cloud; 3 frame-ancestors 'self' https://speed.blix.com 3 frame-ancestors https://*.wika.com/ 'self'; 3 frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com; 3 default-src 'self' https://service.force.com https://sketchfab.com https://play.vidyard.com https://static.elekta.com; frame-ancestors 'self'; font-src 'self' data:; img-src 'self' https://stats.elekta.com https://play.vidyard.com https://cdn.vidyard.com https://api.mapbox.com https://*.googletagmanager.com https://*.ads.linkedin.com; script-src 'self' 'unsafe-eval' https://stats.elekta.com https://cdn.pardot.com https://pi.pardot.com https://success.elekta.com https://play.vidyard.com https://*.googletagmanager.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://service.force.com https://community.elekta.com; connect-src 'self' https://community.elekta.com https://api.mapbox.com https://success.elekta.com https://stats.elekta.com https://*.algolianet.com https://*.algolia.net https://play.vidyard.com https://ir.elekta.com/latest-news/ https://ko5zn8xqvb.execute-api.eu-central-1.amazonaws.com/Prod/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.ads.linkedin.com 3 default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3 default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; 3 default-src 'self' *; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js * https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdnjs.cloudflare.com 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com * 'self' 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://www.google.co.ve:* https://www.googletagmanager.com:* https://www.google.com:* https://cdnjs.cloudflare.com:* https://px.ads.linkedin.com:* https://www.achssalud.cl:* https://achssalud.cl:* 'self'; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *; frame-src https://www.google.com:* https://www.youtube.com:* https://td.doubleclick.net:* https://www.googletagmanager.com:* https://externo.achs.cl:* https://apps.sae1.pure.cloud:* https://dyo3z5271kl7e.cloudfront.net:* https://iframe.lfi-app.cl:* https://app.powerbi.com 'self'; connect-src accounts.google.com * *.mktoresp.com https://www.googletagmanager.com:* 'self'; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://td.doubleclick.net:* https://www.googletagmanager.com:* 'self'; frame-ancestors https://www.google.com:* https://www.youtube.com:* https://td.doubleclick.net:* https://www.googletagmanager.com:* https://externo.achs.cl:* https://apps.sae1.pure.cloud:* https://dyo3z5271kl7e.cloudfront.net:* https://iframe.lfi-app.cl:* https://app.powerbi.com 'self' 3 default-src 'self'; connect-src * ws: http: https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com https://connect.facebook.net https://analytics.tiktok.com https://www.redditstatic.com https://js.stripe.com https://vercel.live https://cdn.vercel-insights.com https://js-agent.newrelic.com https://www.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js https://*.firebaseio.com; style-src 'self' 'unsafe-inline' https://vercel.live/fonts; img-src 'self' blob: data: * ws: http: https:; media-src 'self' blob: data: * ws: http: https:; font-src 'self' data:; object-src 'none'; frame-src https://js.stripe.com/ https://vercel.live https://form.typeform.com https://www.sandbox.paypal.com https://www.paypal.com https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://iso.metabaseapp.com/ https://*.firebaseio.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'self' http://localhost:5001/; upgrade-insecure-requests 3 base-uri 'self'; connect-src 'self' www.gk-software.com; font-src 'self' data:; object-src 'self'; child-src 'self'; frame-src 'self' www.gk-software.com www.google.com; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self' 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 3 frame-ancestors 'self' newapp.etracker.com; 3 connect-src maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://cs.onlim.com wss://app.onlim.com/ wss://api.onlim.com/ *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro https://eu-api.friendlycaptcha.eu bestattungwien.piwik.pro jobs.wienerstadtwerke.at www.google.com wienerstadtwerke.piwik.pro wienerstadtwerke.containers.piwik.pro digitalesgrab.friedhoefewien.at rns.matelso.de *.wienmobil.at bestattungwien.containers.piwik.pro log.wien; style-src https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.onlim.com fonts.googleapis.com 'unsafe-inline' styles.wienerstadtwerke.at 'self' wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro bestattungwien.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro newsletter.wienit.at static.dvinci-easy.com; base-uri 'self' *.onlim.com; script-src https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://www.googletagmanager.com/ *.adform.net wienernetze.containers.piwik.pro wienerlinien.piwik.pro wienerstadtwerke.piwik.pro https://siteimproveanalytics.com static.dvinci-easy.com https://jobs.wienerstadtwerke.at wienerstadtwerke.containers.piwik.pro newsletter.wienit.at rns.matelso.de bestattungwien.containers.piwik.pro bestattungwien.piwik.pro https://app.onlim.com/chat-app/js/host.js *.googleadservices.com; worker-src blob: https://www.wienernetze.at https://www.wienerlinien.at/ https://www.wipark.at/ https://www.friedhoefewien.at/ https://www.immoh.at/ https://digitalesgrab.friedhoefewien.at/ https://www.wstw-immo.at/ https://www.eposa.at/ https://www.wlb.at/ https://partner.wienernetze.at/ https://www.gwsg.at/ https://www.bestattungwien.at/; frame-src https://langenacht.orf.at *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' terminreservierung.bestattungwien.at *.facebook.com youtu.be https://terminreservierung.staging.reinisch.tech/ *.youtu.be *.wienit.at/ https://einreichportal.waca.at https://www.servicetreff.at/reservierungstool-app/#/termindaten https://www.googletagmanager.com/ *.riddle.com www.riddle.com https://sketchfab.com/ td.doubleclick.net embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src 'self' data: *.onlim.com; img-src wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' wienerlinien.containers.piwik.pro wienerstadtwerke.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.containers.piwik.pro https://googleads.g.doubleclick.net *.facebook.com wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.piwik.pro *.siteimproveanalytics.io https://siteimproveanalytics.com https://stwlciptstruct828prod.blob.core.windows.net/ bestattungwien.piwik.pro https://www.google.at/pagead/ https://www.google.com/pagead/; default-src 'self'; font-src bestattungwien.containers.piwik.pro *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self' wienerlinien.piwik.pro wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro; 3 default-src ‘self’ 3 default-src 'self' https://forms.office.com/ https://*.seeburger.com https://munchkin.marketo.net https://v.qq.com https://www.youtube.com https://*.seeburger-news.com https://*.doubleclick.net; frame-ancestors 'self' https://*.seeburger.com www.googletagmanager.com; font-src 'self' data: https://*.seeburger.com https://fonts.gstatic.com; img-src 'self' data: https://*.seeburger.com https://secure.leadforensics.com https://wwwseeburgercom-160c6.kxcdn.com https://i.ytimg.com www.googletagmanager.com https://googletagmanager.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://*.linkedin.com https://secure.curl7bike.com https://*.google-analytics.com https://www.google.de https://www.google.com; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.seeburger.com https://munchkin.marketo.net https://*.seeburger-news.com https://secure.curl7bike.com https://secure.leadforensics.com https://ce.lijit.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdn.plyr.io https://www.youtube.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.clickcease.com https://idx.liadm.com https://bat.bing.com; connect-src 'self' wss://*.seeburger.com https://idx.liadm.com https://cdn.plyr.io https://noembed.com https://*.mktoresp.com https://*.google-analytics.com https://region1.analytics.google.com https://adservice.google.com https://analytics.google.com https://www.google.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://munchkin.marketo.net https://*.seeburger-news.com; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://v.qq.com forms.office.com https://go.seeburger-news.com; report-uri https://sentry2.in2code.de/api/7/security/?sentry_key=ac5a04f3144e74ea1ccb11c69823ed60 3 frame-ancestors self *.contorion.net *.storyblok.com 3 font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3 frame-ancestors 'self' survey.olay.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com s3.lightboxcdn.com 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' st.dynamicyield.com assets.adobedtm.com snap.licdn.com api-mastercard-dxp.nd.nudatasecurity.com pi.pardot.com go.mastercardservices.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' s.go-mpulse.net st.dynamicyield.com pi.pardot.com go.mastercardservices.com snap.licdn.com *.6sc.co *.6sense.com 6sense.com 6sc.co https://api-mastercard-dxp.nd.nudatasecurity.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdn.jsdelivr.net https://asset.forms.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com; frame-ancestors 'self' https://thoughtleadership.forrester.com; report-uri https://www.mastercardservices.com/en/report-uri/enforce 3 style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.honey.io/ https://mozbar.moz.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css https://cdn.jsdelivr.net/npm/instantsearch.css@7.3.1/themes/reset-min.css https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com https://fonts.gstatic.com; frame-src 'self' https://hsi.storylane.io/ https://js.storylane.io/ https://cmp.osano.com/ https://cdn.osano.com/ https://*.osano.com/ https://view.ceros.com/ https://webcasts.td.org/ https://hsi.hs-sites.com/ https://widgets.boast.io/ https://s.pointerpro.com/ https://block.opendns.com/ *.opendns.com https://cn1759620867-8-7vnsr40081.ibosscloud.com/ https://bpb.opendns.com/ https://a46b2ba213084fe2909a2975f59efe90.pages.ubembed.com/ https://www.classmarker.com/ https://univ.sosintl.com/ https://www.osmanager4.com/ https://forms.hsforms.com/ https://otis.osmanager4.com/ https://app.hubspot.com/ https://www.facebook.com/ https://td.doubleclick.net https://vimeo.com/ https://www.googletagmanager.com https://player.vimeo.com https://swiftcdn6.global.ssl.fastly.net; img-src 'self' data: https: https://hsiassetstorage.sfo2.digitaloceanspaces.com/; manifest-src 'self'; report-uri https://6672f92ed528e3ceb6b0d39f.endpoint.csper.io/?v=0; frame-ancestors 'self' https://vimeo.com https://googletagmanager.com https://fastly.net https://webcasts.td.org; worker-src 'self' blob:; 3 frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/ https://td.doubleclick.net/ https://*.api.useinsider.com/; 3 script-src 'self' https: 'unsafe-inline' 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' geolocation.onetrust.com *.recaptcha.net cdn.cookielaw.org *.google.com *.moodys.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.qualtrics.com *.webtrendslive.com *.webtrends.com *.salesforceliveagent.com *.force.com *.salesforce.com *.adobedtm.com *.gstatic.com *.walkme.com *.cloudfront.net *.go-mpulse.net *.akstat.io *.vimeocdn.com acsbapp.com about.moodys.io moodysabout.webflow.io munchkin.marketo.net *.mktoweb.com https://static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com activitymap.adobe.com acrobatservices.adobe.com *.googleadservices.com googleads.g.doubleclick.net https://challenges.cloudflare.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://tags.srv.stackadapt.com/events.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/97055025.js js.driftt.com rc-sc.js.driftt.com cdn.weglot.com js.zi-scripts.com; worker-src 'self' blob: https://cdn.walkme.com 3 default-src 'none'; connect-src 'self'; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; media-src 'self'; frame-ancestors 'self'; font-src 'self' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self';frame-src 'self' https://*.sonicwall.com/ 3 default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-src https://challenges.cloudflare.com https://www.googletagmanager.com https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net https://form.typeform.com https://resources.digital-cloud-west.medallia.com; frame-ancestors 'self' 3 Content-Security-Policy: default-src https: 3 default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 3 frame-ancestors flashpoint-intel.com *.flashpoint-intel.com flashpoint.io *.app.flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net; frame-src 'self' flashpoint-intel.com *.flashpoint-intel.com app.flashpoint.io *.app.flashpoint.io flashpoint.io *.app.flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.youtube.com youtube.com linkedin.com *.linkedin.com *.ashbyhq.com *.visualwebsiteoptimizer.com *.mutinycdn.com *.newrelic.com *.googletagmanager.com *.doubleclick.net *.google.com *.channeltivity.com 3 default-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 3 worker-src 'none'; 3 default-src https: data: 'unsafe-inline' 3 connect-src 'self' fonts.googleapis.com *.google-analytics.com *.analytics.google.com marketing.infoland.nl www.google.com z.clarity.ms r.clarity.ms *.cookiebot.com *.doubleclick.net cdn.linkedin.oribi.io bat.bing.com *.aanmelder.nl *.webinargeek.com *.googlesyndication.com gateway.infoland.nl *.youtube.com px.ads.linkedin.com *.infoland.nl *.zenya-software.com *.clarity.ms cxppusa1formui01cdnsa01-endpoint.azureedge.net cxppeur1rdrect01sa02cdn.blob.core.windows.net *.dynamics.com *.microsoft.com;; default-src 'none'; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.aanmelder.nl cdn.jsdelivr.net;; frame-src 'self' consentcdn.cookiebot.com www.google.com *.webinargeek.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.infoland.nl collect.zenya-software.com cxppusa1formui01cdnsa01-endpoint.azureedge.net cxppeur1rdrect01sa02cdn.blob.core.windows.net *.dynamics.com *.microsoft.com;; img-src 'self' data: *.linkedin.com imgsct.cookiebot.com bat.bing.com www.google-analytics.com marketing.infoland.nl www.google.nl *.doubleclick.net www.google.com cdn.aanmelder.nl cdn.aanmelderusercontent.nl c.clarity.ms c.bing.com cxppusa1formui01cdnsa01-endpoint.azureedge.net cxppeur1rdrect01sa02cdn.blob.core.windows.net *.dynamics.com *.microsoft.com;; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookiebot.com www.google-analytics.com marketing.infoland.nl snap.licdn.com bat.bing.com www.google.com ajax.googleapis.com www.gstatic.com www.clarity.ms *.doubleclick.net www.googleadservices.com www.aanmelder.nl cdn.aanmelder.nl *.webinargeek.com cxppusa1formui01cdnsa01-endpoint.azureedge.net cxppeur1rdrect01sa02cdn.blob.core.windows.net *.dynamics.com *.microsoft.com;; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com marketing.infoland.nl cdn.aanmelder.nl cdn.jsdelivr.net;; 3 default-src 'self' yoast.com *.otrs.com *.yoast.com; script-src 'self' *.6sc.co *.hotjar.com *.otrs.com otrs.com *.google.com google.com *.gstatic.com gstatic.com *.propensity.com bat.bing-int.com *.bing.com *.ads-twitter.com *.twitter.com hsadspixel.net *.hsadspixel.net otrs.com *.hscollectedforms.net hscollectedforms.net *.doubleclick.net hscollectedforms.net *.hscollectedforms.net bing.com *.bing.com hs-banner.com *.hs-banner.com hscollectedforms.net *.hscollectedforms.net *.youtube.com *.cloudflare.com yoast.com *.hsforms.net *.yoast.com *.hsappstatic.net otrs.com *.otrs.com js.hsleadflows.net js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hubspot.com *.hubspot.com *.hs-scripts.com *.googletagmanager.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com *.googlesyndication.com 'unsafe-inline' *.yoast.com *.otrs.com js.hsleadflows.net js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hubspot.com *.hubspot.com *.hs-scripts.com *.googletagmanager.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com *.googlesyndication.com 'unsafe-eval' yoast.com *.yoast.com *.otrs.com js.hsleadflows.net js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hubspot.com *.hubspot.com *.hs-scripts.com *.googletagmanager.com *.facebook.com *.facebook.net *.licdn.com *.linkedin.com *.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.otrs.com; img-src 'self' data: *.6sc.co *.hsappstatic.net googleads.g.doubleclick.net *.doubleclick.net *.googletagmanager.com t.co *.t.co *.twitter.com *.bing.com google.de *.google.de google.com *.google.com hs-embed-reporting.com *.hs-embed-reporting.com *.capterra.com *.elementor.com otrs.com *.otrs.com *.hubspot.com *.hs-scripts.com *.hsforms.com *.linkedin.com *.facebook.com; font-src 'self' data: hs-embed-reporting.com *.hs-embed-reporting.com https://fonts.gstatic.com *.otrs.com; connect-src 'self' *.6sc.co *.bing-init.com *.hsforms.com hsforms.com *.propensity.com propensity.com *.facebook.com facebook.com *.bing.com bing.com google-analytics.com *.google-analytics.com google.com *.google.com *.linkedin.com *.googlesyndication.com *.otrs.com *.hubspot.com *.hs-scripts.com js.usemessages.com *.hubapi.com *.hscollectedforms.net *.yoast.com; frame-src 'self' *.hsforms.com hsforms.com *.google.com google.com *.gstatic.com gstatic.com *.vimeo.com vimeo.com productboard.com *.productboard.com *.doubleclick.net doubleclick.net *.youtube.com yoast.com *.yoast.com *.googletagmanager.com *.otrs.com *.hubspot.com *.hs-scripts.com *.hs-sites.com; object-src 'none'; base-uri 'self'; form-action 'self' *.hsforms.com hsforms.com *.otrs.com *.hubspot.com; 3 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 3 default-src 'self' https://webanalytics.europa.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://better-internet-for-kids.europa.eu https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://static.twitchcdn.net http://cdnjs.cloudflare.com https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.1/textcounter.min.js https://cdn.jsdelivr.net/gh/gjunge/rateit.js@1.1.5/scripts/jquery.rateit.min.js https://webanalytics.europa.eu https://cdn.jsdelivr.net *.europa.eu https://www.webanalytics.europa.eu/ppms.js https://cdn.ckeditor.com/ckeditor5/44.0.0/dll/font/font.js; style-src 'self' 'unsafe-inline' https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts http://cdnjs.cloudflare.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css https://cdn.jsdelivr.net/gh/gjunge/rateit.js@1.1.5/scripts/rateit.css https://cdn.jsdelivr.net *.europa.eu; img-src 'self' 'unsafe-inline' data: https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://webanalytics.europa.eu https://i.ytimg.com *.europa.eu https://www.webanalytics.europa.eu; media-src 'self' https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts; frame-src https://better-internet-for-kids.europa.eu https://europa.eu/webtools/rest/nuts https://indd.adobe.com https://player.twitch.tv https://webtools.europa.eu https://www.youtube.com https://youtube.com/ https://player.vimeo.com ; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' data: https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://better-internet-for-kids.europa.eu https://fonts.gstatic.com; connect-src 'self' https://better-internet-for-kids.europa.eu https://*.webtools.europa.eu https://webtools.europa.eu https://cnect-bik.acc.fpfis.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://webanalytics.europa.eu *.europa.eu https://www.webanalytics.europa.eu/ppms.php; report-uri /report-csp-violation 3 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 3 script-src 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://js.adsrvr.org https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-IrH5osfqeH24K1adicDHOA'; script-src-elem 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://js.adsrvr.org https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-IrH5osfqeH24K1adicDHOA'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob: 3 default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 3 frame-ancestors 'self' facebook.com 3 frame-ancestors 'self' *.napco.com; 3 default-src 'self';script-src 'self' https://bat.bing.com https://*.ceros.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://*.pardot.com https://player.vimeo.com https://www.youtube.com https://*.googleapis.com https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://o1000039.ingest.sentry.io https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stats.g.doubleclick.net https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://cdn.cookielaw.org https://assets.adobedtm.com https://analytics.google.com https://*.analytics.google.com https://static.hotjar.com/ https://a.omappapi.com https://*.kerry.com https://app-ab33.marketo.com https://munchkin.marketo.net https://platform.twitter.com https://platform.linkedin.com https://www.googletagmanager.com https://code.jquery.com https://dnn506yrbagrg.cloudfront.net https://siteimproveanalytics.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://newdownload.seismic.com https://*.blob.core.windows.net https://js.hcaptcha.com/1/api.js https://hcaptcha.com/1/api.js https://script.hotjar.com https://www.gstatic.com https://a.opmnstr.com https://*.kerry.com https://kerry.tt.omtrdc.net https://snap.licdn.com https://connect.facebook.net https://*.marketo.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerry.cnddtid.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' fonts.gstatic.com blob: data: https://newdownload.seismic.com https://bat.bing.net https://bat.bing.com https://*.blob.core.windows.net https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://www.google.ie https://www.linkedin.com https://i.ytimg.com https://d25zu39ynyitwy.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://s7g10.scene7.com https://cdnkdc.azureedge.net https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://*.kerry.com https://6071260.global.siteimproveanalytics.io https://*.google-analytics.com data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://x.bidswitch.net https://www.facebook.com https://syndication.twitter.com https://*.hotjar.com https://www.kerrygroup.com https://insight.adsrvr.org https://match.sharethrough.com https://p.adsymptotic.com https://a.omappapi.com https://dev.day.com https://tags.bluekai.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure-gl.imrworldwide.com https://tags.rd.linksynergy.com https://match.adsrvr.org https://ads.scorecardresearch.com https://s.thebrighttag.com https://i.liadm.com https://ml314.com https://mid.rkdms.com https://match.sync.ad.cpe.dotomi.com https://odr.mookie1.com https://uipglob.semasio.net https://secure.insightexpressai.com https://eb2.3lift.com https://loadm.exelator.com https://usermatch.krxd.net https://su.addthis.com https://dmp.truoptik.com https://*.global.siteimproveanalytics.io https://www.google.com/ads/ga-audiences https://kerryportaldevreportsuite.112.2o7.net https://images.salsify.com https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://*.kerry.com; style-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s7g10.scene7.com https://use.typekit.net https://p.typekit.net https://*.kerry.com https://*.marketo.com/ https://a.omappapi.com; connect-src 'self' https://bat.bing.com https://bat.bing.net https://www.facebook.com https://maps.googleapis.com https://analytics.google.com https://www.google.ie https://*.analytics.google.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://dpm.demdex.net https://cdn.cookielaw.org https://s7mbrstream-g1.scene7.com https://s7g10.scene7.com https://privacyportal-de.onetrust.com https://*.algolia.net https://*.google-analytics.com https://stats.g.doubleclick.net https://www.kerrygroup.com https://*.hotjar.io https://in.hotjar.com wss://*.hotjar.com https://a.opmnstr.com https://munchkin.marketo.net https://117-tlu-222.mktoresp.com https://geolocation.onetrust.com https://smetrics.kerry.com https://*.hotjar.com https://*.kerry.com https://kerry.tt.omtrdc.net https://*.mktoresp.com https://*.omappapi.com https://*.tt.omtrdc.net/ https://*.marketo.com https://*.algolianet.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerryluxembourgsarl.hb.omtrdc.net https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://www.google.com/ccm/collect https://addressvalidation.googleapis.com https://kerryshareholders-test.okta.com https://kerryshareholders-production.okta.com https://northeurope-2.in.applicationinsights.azure.com https://js.monitor.azure.com; font-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://*.kerry.com https://script.hotjar.com; frame-src 'self' https://www.googletagmanager.com https://*.ceros.com https://5722629.fls.doubleclick.net/ https://www.youtube-nocookie.com https://kerry.demdex.net https://irs.tools.investis.com https://otp.tools.investis.com https://platform.twitter.com https://*.kerry.com https://vars.hotjar.com/ https://www.youtube.com https://www.google.com https://*.marketo.com/ https://www.facebook.com https://newassets.hcaptcha.com/; media-src 'self' blob: https://*.kerry.com https://*.scene7.com http://*.scene7.com https://cdnkdc.azureedge.net; worker-src 'self' blob: 3 frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri /CSPEndpoint.aspx; report-to default; 3 default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://calendly.com/ https://www.googletagmanager.com/ https://meetings-eu1.hubspot.com/ https://app-eu1.hubspot.com/ https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 3 style-src 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://*.googleapis.com https://tagmanager.google.com https://*.cookiebot.com https://dev-nedap-vnext.euwest01.umbraco.io https://stage-nedap-vnext.euwest01.umbraco.io https://nedap-vnext.euwest01.umbraco.io ; img-src 'self' blob: data: https://*.blob.core.windows.net https://*.z6.web.core.windows.net https://*.azureedge.net https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.nl https://region1.google-analytics.com https://imgsct.cookiebot.com https://dev-nedap-vnext.euwest01.umbraco.io https://stage-nedap-vnext.euwest01.umbraco.io https://nedap-vnext.euwest01.umbraco.io https://fonts.gstatic.com *.hubspot.com https://forms.hsforms.com/ https://forms-eu1.hsforms.com/ https://forms-na1.hsforms.com/ ; font-src 'self' data: https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' blob: data: https://js.monitor.azure.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://analytics.nedap-ons.nl https://dev-nedap-vnext.euwest01.umbraco.io https://stage-nedap-vnext.euwest01.umbraco.io https://nedap-vnext.euwest01.umbraco.io https://*.hotjar.com https://*.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hubspot.com ; frame-src https://www.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sdx.microsoft.com https://dev-nedap-vnext.euwest01.umbraco.io https://stage-nedap-vnext.euwest01.umbraco.io https://nedap-vnext.euwest01.umbraco.io *.hubspot.com *.hsforms.net https://td.doubleclick.net/ https://player.vimeo.com/ ; connect-src 'self' https://*.azure-api.net https://www.google.nl https://www.google-analytics.com https://www.google.com/recaptcha/ https://analytics.nedap-ons.nl https://*.azurewebsites.net https://consentcdn.cookiebot.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://*.applicationinsights.azure.com https://dc.services.visualstudio.com https://dev-nedap-vnext.euwest01.umbraco.io https://stage-nedap-vnext.euwest01.umbraco.io https://nedap-vnext.euwest01.umbraco.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.hscollectedforms.net *.hs-banner.com *.hubspot.com ; child-src 'self' blob: *.cookiebot.com *.google.com ; worker-src 'self' blob: ; 3 default-src 'self' *.isitesoftware.com *.digitaldisplays.io digitaldisplays.io *.schoolnutritionandfitness.com schoolnutritionandfitness.com http://district.schoolnutritionandfitness.com onlineordering-images.s3.amazonaws.com digitaldisplays-media.s3.amazonaws.com d36ka9bgcta1yj.cloudfront.net cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gstatic.com *.googleapis.com www.google-analytics.com *.google.com *.amazonaws.com *.twitter.com cdn.syndication.twimg.com *.youtube.com connect.facebook.net *.facebook.com *.instagram.com *.vimeo.com *.payaconnect.com frontierchildnutrition.com *.myschoolmenuboards.com myschoolmenuboards.com translate.google.com unpkg.com 'unsafe-inline' 'unsafe-eval' data:; img-src * data: blob: about:; report-uri https://cgc5aq2c40.execute-api.us-west-2.amazonaws.com/dev/csp-violation-report; 3 default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/ https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ https://www.googletagmanager.com https://fonts.gstatic.com https://ceginfo.hu/assets/images/ ; style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ; font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self'; connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ https://ep1.adtrafficquality.google/getconfig/ ; frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ https://securepubads.g.doubleclick.net/ https://ep2.adtrafficquality.google/ ; worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ; media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 3 default-src 'self' *.google-analytics.com https://www.googletagmanager.com blob:; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.datatables.net recruitingbypaycor.com cdnjs.cloudflare.com youtube.com *.vimeo.com app.five9.com *.luxsci.com siteimproveanalytics.com *.siteimproveanalytics.com *.vo.msecnd.net www.youtube.com *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net snap.licdn.com js.hsforms.net https://js.hubspot.com https://tools.luckyorange.com https://d10lpsik1i8c69.cloudfront.net https://js.hsadspixel.net https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.datatables.net youtube.com *.vimeo.com app.five9.com https://d10lpsik1i8c69.cloudfront.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placehold.it *.global.siteimproveanalytics.io app.five9.com px.ads.linkedin.com *.hsforms.com https://d10lpsik1i8c69.cloudfront.net https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.recruitingbypaycor.com recruitingbypaycor.com *.youtube.com player.vimeo.com *.google.com *.luxsci.com apply.indeed.com app.five9.com forms.hsforms.com vimeo.com *.hs-sites.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://amwins-portal-api.azurewebsites.net https://app-amwinsportalapi-dev-uat.azurewebsites.net https://app-amwinsportalui-dev-uat.azurewebsites.net https://portal.amwins.com *.google-analytics.com nia-carrierstatesapi-app.azurewebsites.net *.services.visualstudio.com https://app-clportal-api.azurewebsites.net *.fullstory.com *.hscollectedforms.net forms.hsforms.com px.ads.linkedin.com *.hubspot.com https://pubsub.googleapis.com https://api.luckyorange.com https://settings.luckyorange.net wss://*.visitors.live wss://visitors.live https://api.hubapi.com; media-src 'self' data: blob: youtube.com player.vimeo.com https://d10lpsik1i8c69.cloudfront.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: web-chat.nativechat.com; object-src *.google-analytics.com 'self' 3 frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 3 default-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 3 base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 3 default-src 'self' https://*.cobytes.com; base-uri 'self' https://*.cobytes.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://use.typekit.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://connect.facebook.net; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://p.typekit.net https://imgsct.cookiebot.com https://secure.gravatar.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://yoast.com; form-action 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consentcdn.cookiebot.com; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.cobytes.com/api/18/security/?sentry_key=be8d1ecc0a39a743267d314a7fd02311 3 default-src 'self' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.hotjar.com *.visualstudio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.azure.com *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jquery.com *.jsdelivr.net *.mouseflow.com *.msecnd.net *.sharethis.com *.typekit.net *.youtube.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.typography.com *.typekit.net;frame-src 'self' *.arcgis.com *.cookiebot.com *.cyfoethnaturiolcymru.gov.uk *.google.com *.googletagmanager.com *.hotjar.com *.powerbi.com *.youtube.com;font-src 'self' data: *.bootstrapcdn.com *.hotjar.com *.typekit.net;img-src 'self' data: *.azurefd.net *.azureedge.net *.cyfoethnaturiol.cymru *.google-analytics.com *.hotjar.com *.naturalresources.wales *.sharethis.com *.umbraco.com *.ytimg.com *.cookiebot.com *.datatables.net;connect-src 'self' ws: wss: *.azure.com *.cookiebot.com *.datatables.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.sharethis.com *.visualstudio.com;worker-src blob:;upgrade-insecure-requests 3 default-src https: 'unsafe-inline' 'unsafe-eval' data:; 3 base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-Ubpp3UAuqVQ2aqrQydRcFipkEq08tYYEskh9QC1G50Q=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'sha256-vKTtXqBsPdGS4/zx94PM36gvdxCJ/Ax00pQQzPjQipM=' 'sha256-JX/B96MKyLyvkF8KBl3WNnl4E4qTPbCHIVjK18Wsrv4=' 'sha256-dC/jD1PLk3u5eHvMjPSU2sn/MZtS9SvfrUHfM/0ljNg=' 'sha256-2SogunjLOxlI7Wg4N9b3QeLMc6iMRcqBOb+GKaaTRms=' 'sha256-F9WIjqwVFa6OdXSzHYNoMqL8JLBqUXo1Pi7efWcW6Hc=' 'sha256-f43zB0nOsgPWXfe3o5rddAbhDW/vcFrzBSDkk4HjcqI=' 'sha256-X2KwazXyKFvTF732X/K2aV1GfPZfEs0LxZqe2fVEgbQ=' 'sha256-JD3QNZMrcbKEHx/fiFA48Q4qfUSRVJzNY0ddMrIDldw=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; frame-src blob: lnkd-communities: voyager: *; connect-src wss: blob: data: *; img-src blob: data: android-webview-video-poster: *; media-src blob: data: *; style-src 'unsafe-inline' *; form-action 'self' *.linkedin.com linkedin.secure.force.com linkedinresearch.qualtrics.com *.salesforceliveagent.com linkedin.my.salesforce-sites.com; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=m 3 object-src 'self' blob:; base-uri 'self'; report-uri https://cspappdirect.report-uri.com/r/d/csp/reportOnly; worker-src 'self' blob:; 3 worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' app.storyblok.com *.omappapi.com ; 3 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ *.wistia.com *.wistia.net *.stripe.com *.adroll.com script.crazyegg.com googleads.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google-analytics.com snap.licdn.com ws.zoominfo.com *.ifebp.org js.zi-scripts.com tags.clickagy.com cdn.informz.net *.facebook.com *.facebook.net *.googleadservices.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com https://unpkg.com/ *.wistia.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com placeimg.com picsum.photos *.picsum.photos *.wistia.net *.wistia.com i0.wp.com i2.wp.com *.analytics.google.com *.google-analytics.com *.adroll.com stats.g.doubleclick.net *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com www.google.com *.congress.gov *.linkedin.com *.doubleclick.net blog.ifebp.org https://x.bidswitch.net https://ml314.com https://pixel.tapad.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://sync.outbrain.com https://image2.pubmatic.com https://sync.taboola.com https://eb2.3lift.com https://ib.adnxs.com https://match.adsrvr.org pixel.tapad.com https://secure.adnxs.com https://idsync.rlcdn.com https://dpm.demdex.net *.facebook.com *.facebook.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com *.wistia.com *.wistia.net; frame-src 'self' https://www.youtube.com *.soundcloud.com *.smartsheet.com *.stripe.com *.fast.wistia.com *.ifebp.org *.vimeo.com hemsync.clickagy.com https://www.googletagmanager.com https://www.google.com *.doubleclick.net *.facebook.com *.facebook.net *.adroll.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.fontawesome.com https://blog.ifebp.org *.wistia.com *.wistia.net analytics.google.com *.google-analytics.com https://cebs.ifebp.org stats.g.doubleclick.net *.crazyegg.com *.linkedin.com *.adroll.com *.ifebp.org aorta.clickagy.com hemsync.clickagy.com https://www.google.com https://js.zi-scripts.com *.zoominfo.com *.informz.net *.facebook.com *.facebook.net https://ipapi.co https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com *.fast.wistia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob:; plugin-types 'self' 3 default-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 3 base-uri none; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://onesignal.com https://*.googleapis.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net http://localhost:8443 https://x9y-p.local.intapp.eu/; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://img.youtube.com https://youtu.be https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: filesystem: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob: 3 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self';style-src 'self' 'unsafe-inline' https://*.mktoweb.com https://*.marketo.com https://*.typekit.net https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*;connect-src 'self' *.adobe.io wss://*.adobe.io *.adobe.net wss://*.adobe.net https://*;img-src 'self' https://assets.adoberesources.net https://lh3.googleusercontent.com data: blob: https://*;frame-ancestors 'self' https://*.i-goddard.com;frame-src 'self' https://documentcloud.adobe.com https://*;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net;worker-src blob:;child-src blob:;media-src 'self' https://*.fbcdn.net https://*.cdninstagram.com 3 default-src 'self' https://mw-ar-recom-prod.pgapi.io/; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 3 default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3 frame-ancestors https://wpp-wdcee.wirecard.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.axept.io https://unpkg.com https://player.vimeo.com https://js.hsforms.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.tarteaucitron.io https://td.doubleclick.net https://forms.hsforms.com https://tarteaucitron.io https://*.vimeocdn.com; worker-src 'self' blob:; frame-src 'self' https://unpkg.com https://cdn.tarteaucitron.io https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://forms.hsforms.com https://tarteaucitron.io https://js.hsforms.net https://td.doubleclick.net https://player.vimeo.com; 3 frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3 upgrade-insecure-requests; frame-ancestors 'self' pcsoft.fr *.pcsoft.fr windev.com *.windev.com windev.es *.windev.es pcsoft-windev-webdev.com *.pcsoft-windev-webdev.com 3 frame-ancestors 'self' https://manual-sanity-studio.vercel.app 3 default-src https: blob: data: 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src https: blob: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.hotjar.com; 3 frame-ancestors https://*.stealthcamcommand.com/ https://stealthcamcommand.com/ https://*.authorize.net/ https://authorize.net/ https://*.cybersource.com/ https://cybersource.com/ 3 frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 3 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 3 script-src 'unsafe-inline' 'self' links.perigeeapps.com deeplink.seven.app deeplink.cycles.app deeplink.halo.app cms.perigee.se dev.links.perigeeapps.com dev.deeplink.seven.app dev.deeplink.cycles.app dev.deeplink.halo.app dev.cms.perigee.se *.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com www.googletagmanager.com googletagmanager.com; style-src 'unsafe-inline' 'self' links.perigeeapps.com deeplink.seven.app deeplink.cycles.app deeplink.halo.app cms.perigee.se dev.links.perigeeapps.com dev.deeplink.seven.app dev.deeplink.cycles.app dev.deeplink.halo.app dev.cms.perigee.se *.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com www.googletagmanager.com googletagmanager.com; default-src 'unsafe-inline' 'self' links.perigeeapps.com deeplink.seven.app deeplink.cycles.app deeplink.halo.app cms.perigee.se dev.links.perigeeapps.com dev.deeplink.seven.app dev.deeplink.cycles.app dev.deeplink.halo.app dev.cms.perigee.se *.google-analytics.com *.googleapis.com *.gstatic.com cdnjs.cloudflare.com www.googletagmanager.com googletagmanager.com; 3 default-src 'self' data: ; connect-src 'self' https: wss: ; font-src 'self' chrome-extension: data: https: ; img-src 'self' data: blob: android-webview-video-poster: about: https: ; frame-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; style-src-elem 'self' 'unsafe-inline' https: ; style-src-attr 'self' 'unsafe-inline' https: ; worker-src 'self' 'unsafe-inline' https: blob: ; frame-ancestors 'self' https://*.magnews.it https://*.magnews.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cspr-it.mag-news.it/ 3 frame-ancestors https://tools.univer.se 3 frame-ancestors 'self' *.etniabarcelona.com *.intranet-etniabarcelona.com *.extranet-etniabarcelona.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 3 default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net *.bitmovin.com cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com *.youtube.com *.vimeo.com;connect-src 'self' *.pcdn.co *.dgepress.com *.bitmovin.com cdn.rawgit.com dge.akamaized.net code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 3 default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.adform.net https://rules.quantcount.com https://secure.quantserve.com/ https://js.adsrvr.org https://stage-data.hipay.com https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time.mp3 wss://mpsnare.iesnare.com/star https://mpsnare.iesnare.com/star https://rules.quantcount.com/ https://secure.quantserve.com/ https://js.adsrvr.org https://cdn.sticky.io https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time https://marketing.hachette-partworks.com https://cdn.wishpond.net/connect.js https://u.videostep.com https://analytics.tiktok.com https://www.clarity.ms https://static.r66net.com https://k.r66net.com https://ks.invibes.com https://www.paypalobjects.com https://tag.aticdn.net https://cdn3.actito.com/legacy/actito-goal/goal.js https://www.awin1.com/ https://www.dwin1.com/ https://www.paypal.com https://geolocation.onetrust.com/ https://fevoki.wejekihota.com https://apis.google.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://ws1.postescanada-canadapost.ca https://cdnjs.cloudflare.com https://cdn.doofinder.com https://cdn.hachette-collections.com https://www.google-analytics.com https://www.google.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://autroliner.com https://cilkonlay.com https://bat.bing.com https://s.pinimg.com https://sp.analytics.yahoo.com https://s.yimg.com https://www.redditstatic.com https://www3.actito.com https://widget.trustpilot.com https://invitejs.trustpilot.com; style-src 'self' 'unsafe-inline' https://libs.hipay.com/ https://www.hachette-collections.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://cdn.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; img-src 'self' data: *.invibes.com *.b26net.com *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.google.pl https://adservice.google.com *.googlesyndication.com https://ad.doubleclick.net https://pixel.quantserve.com *.bing.com *.xiti.com *.clarity.ms https://fonts.gstatic.com https://www.paypalobjects.com https://analytics.tiktok.com https://s.videostep.com https://ks.b26net.com https://ks.invibes.com https://tbs.tradedoubler.com https://tbl.tradedoubler.com https://t.paypal.com https://www.hachette-collections.com https://cdn.cookielaw.org https://www.google.co.il https://www.facebook.com https://ws1.postescanada-canadapost.ca https://hachettepartworks.com https://www.hachettecollections.com https://cdn.hachette-collections.com https://bat.bing.com https://www.google.be https://www.google.com https://www.gstatic.com https://www.google.fr https://www.google-analytics.com https://www.google.ca https://autroliner.com https://www.googletagmanager.com https://www.google.ch https://ct.pinterest.com https://www.google.de https://www.google.co.uk https://www.google.lu https://www.google.it https://www.google.pt https://www.google.co.ma https://scontent-cdg2-1.cdninstagram.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.dk https://scontent-cdt1-1.cdninstagram.com https://info.hachette-collections.com https://www.google.gr https://www.google.tn; font-src 'self' https://www.hachette-collections.com/ https://fonts.gstatic.com https://cdn.hachette-collections.com https://static3.avast.com; media-src 'self' data: https://mpsnare.iesnare.com/ https://cdn.hachette-collections.com https://www.hachette-collections.com https://workbench-www.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; connect-src 'self' *.googleadservices.com *.snapchat.com *.r66net.net *.r66net.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.kolekcja-poezja.pl *.yottacapi.pl *.google.pl https://data.hipay.com/checkout-data wss://mpsnare.iesnare.com/star *.doubleclick.net *.googlesyndication.com *.redditstatic.com *.reddit.com https://adservice.google.com https://pixel.quantcount.com https://google.com https://secure-gateway.hipay-tpp.com https://hachettepartworks.sticky.io https://marketing.hachette-partworks.com *.xiti.com *.google.fr *.analytics.google.com https://content.hotjar.io *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.clarity.ms *.invibes.com/ https://analytics.tiktok.com https://region1.google-analytics.com https://geolocation.onetrust.com https://www.sandbox.paypal.com https://www.paypal.com https://privacyportal-eu.onetrust.com https://privacyportal-fr.onetrust.com https://1637314617.rsc.cdn77.org https://cdn.cookielaw.org https://stage-secure2-vault.hipay-tpp.com https://ws1.postescanada-canadapost.ca https://eu1-search.doofinder.com https://secure2-vault.hipay-tpp.com https://bat.bing.com https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://s.yimg.com https://vc.hotjar.io https://www.facebook.com; frame-src 'self' *.snapchat.com *.saferpay.com *.psp-solutions.com *.googletagmanager.com *.doubleclick.net https://td.doubleclick.net https://ad.doubleclick.net https://cdn.sticky.io https://cdn.wishpond.net/ https://libs.hipay.com https://www.paypalobjects.com/ https://www.facebook.com/ https://tbs.tradedoubler.com/ https://www.pinterest.fr/ https://www.pinterest.com/ https://www.sandbox.paypal.com https://www.paypal.com https://checkout.slimpay.net https://checkout.preprod.slimpay.com https://accounts.google.com https://www.youtube.com *.moneris.com *.sticky.io https://w.soundcloud.com https://vars.hotjar.com https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://widget.trustpilot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /report.php 3 default-src 'self'; font-src data: 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; img-src data: blob: 'self'; frame-ancestors 'self'; frame-src 'self' https:; script-src 'self' 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; connect-src 'self' https:; object-src 'none'; base-uri 'self'; 3 frame-ancestors 'self' https://web.sorunapp.com/ 3 frame-ancestors 'self' https://*.saleshood.com; 3 base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-bljfzwz0l-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com https://*.unbabel.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com https://uploads.bablic.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 3 connect-src 'self' https://legal.dev.myptv.com https://api.privacy-center.org https://region1.google-analytics.com https://px.ads.linkedin.com https://legal.staging.myptv.com https://legal.myptv.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://api.myptv.com https://login.myptv.com https://gateway.myptv.com https://analytics.google.com https://collector.leadinfo.net https://api.leadinfo.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://bat.bing.com https://*.omappapi.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://login.staging.myptv.com https://o.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://curie-static.myptv.com https://fonts.gstatic.com/; img-src 'self' blob: data: https://www.ptvgroup.com https://px.ads.linkedin.com https://s1398155824.t.eloqua.com https://blog.ptvlogistics.com https://gateway.myptv.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://www.google.co.in https://www.google.sk https://www.google.lv https://widgets.kununu.com https://assets.kununu.com https://trck.ptvlogistics.com https://*.omappapi.com https://forms-eu1.hsforms.com https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://sdk.privacy-center.org https://*.omappapi.com https://widget.manychat.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://sdk.privacy-center.org https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://img03.en25.com https://googleads.g.doubleclick.net https://cdn.leadinfo.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://bat.bing.com https://cdn.jsdelivr.net https://get.smart-data-systems.com https://img.en25.com https://*.omappapi.com https://widget.manychat.com https://js-eu1.hsforms.net https://www.clarity.ms https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.omappapi.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors * 3 object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 3 base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com cdn.commonspirit.org fonts.googleapis.com gateway.foresee.com happy-hill-0c4c4691e.azurestaticapps.net p.typekit.net translate.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam.nr-data.net cdn.commonspirit.org cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com experience.adobe.com gateway.foresee.com googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com/js/ platform.twitter.com/widgets.js resources.unlockhealthnow.com/embed-script/embed.js services.cognitoforms.com static.cognitoforms.com tpc.googlesyndication.com/sodar/ twemoji.maxcdn.com unpkg.com use.typekit.net www.cognitoforms.com www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleadservices.com/pagead/ *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com api.clearsensecloud.com assets.gyant.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: developers.google.com dpm.demdex.net googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net i.ytimg.com login.commonspirit.org rtd-tm.everesttech.net s3.amazonaws.com static.cognitoforms.com syndication.twitter.com twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.foresee.com analytics.google.com api.ipify.org apiprod.commonspirit.org assets.adobedtm.com bam.nr-data.net brain.foresee.com cdn.commonspirit.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com dpm.demdex.net fid.agkn.com fonts.googleapis.com happy-hill-0c4c4691e.azurestaticapps.net identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com readaloud.googleapis.com rxnav.nlm.nih.gov survey.foreseeresults.com telemetry.commonspirit.org translate.googleapis.com www.cognitoforms.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org cdn1.commonspirit.org commonspirit.demdex.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com happy-hill-0c4c4691e.azurestaticapps.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.slant.co; 3 frame-ancestors 2domains.ru *.yandex.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com reseller-admin.int.reg.ru; 3 default-src 'self' https://*.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.google-analytics.com/ https://tagmanager.google.com/ https://*.googletagmanager.com/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/ https://*.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ ; img-src 'unsafe-inline' 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.googletagmanager.com/ data:; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://fonts.gstatic.com/ data:; connect-src 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.google.com data:;frame-ancestors self http://tohyve.iventic.com ; frame-src 'self' https://*.googletagmanager.com/; 3 frame-ancestors 'self' https://*.georgfischer.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiehub.eu *.vimeo.com *.recaptcha.net t *.gstatic.com *.google.com *.googletagmanager.com *.tawk.to cdn.jsdelivr.net *.leadinfo.net *.leadinfo.com; img-src 'self' data: *.ytimg.com *.vimeocdn.com *.tawk.to *.googletagmanager.com *.gstatic.com; media-src 'self' data:; frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.recaptcha.net *.google.com; connect-src 'self' *.cookiehub.net *.analytics.google.com *.google-analytics.com vimeo.com *.vimeo.com *.tawk.to *.cdn.cookiehub.eu *.cookiehub.eu *.leadinfo.net *.leadinfo.com www.recaptcha.net; report-uri /report-csp-violation 3 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.addthis.com https://www.googletagmanager.com https://cdn.polyfill.io https://cdnjs.cloudflare.com https://*.keyreply.com https://z.moatads.com https://v1.addthisedge.com https://www.google-analytics.com https://partner.googleadservices.com *.google.com https://*.youtube.com https://*.gov.sg https://*.vimeo.com https://*.imh.com.sg https://pochatcentralus.crm.powerobjects.net; object-src 'self'; base-uri 'none'; 3 default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io td.doubleclick.net; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io ws.hotjar.com wss://ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net api.polotno.com api.polotno.dev api.livechatinc.com *.google.com; font-src * data:; img-src * data: blob:; media-src blob: storage.googleapis.com www.youtube.com; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' * 3 frame-ancestors 'self' *.swoogo.com 3 default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://*.chilipiper.com https://*.cookie-script.com https://www.googletagmanager.com https://*.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://lltrck.com https://www.clarity.ms https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.cookie-script.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://*.storylane.io https://td.doubleclick.net https://bat.bing.net https://googleads.g.doubleclick.net https://ct.capterra.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com https://*.chilipiper.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com https://ob.esnbranding.com https://obs.esnbranding.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://www.google.co.uk https://*.google.co.uk https://td.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.net;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com https://*.chilipiper.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://js.driftt.com https://go.ltgplc.com https://go.openlms.net https://weareclasstech.wistia.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://googleads.g.doubleclick.net https://td.doubleclick.net 3 connect-src analytics-ipv6.tiktokw.us prreqcroab.icu pixel.quantserve.com google.com www.googleadservices.com insight.adsrvr.org/track/realtimeconversion www.google.co.nz/ads/ga-audiences www.google.com/ccm/collect ws://localhost:12387 adservice.google.com bat.bing.com *.adnxs.com *.clarity.ms *.evergage.com www.googletagmanager.com pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pixel.quantcount.com network-a.bazaarvoice.com *.sandbox.my.site.com *.pvh-staging.com www.facebook.com pvh-brands.imgix.net tru-live-eventhubs.servicebus.windows.net analytics.pangle-ads.com *.googlesyndication.com *.yimg.com *.contentsquare.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net wss://*.zendesk.com *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com zip.co *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com d2lxqodqbpy7c2.cloudfront.net *.googleapis.com *.forter.com wss://cdn0.forter.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net db7q4jg5rkhk8.cloudfront.net 1.1.1.1 d94qwxh6czci4.cloudfront.net dr6vcclmzwk74.cloudfront.net wtp.siteperformancetest.net d6wfl40rgh70w.cloudfront.net siteperformancetest.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net d1ezzflfzltk6e.cloudfront.net d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net 'self' 'unsafe-inline'; form-action ct.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.bazaarvoice.com *.force.com player.vimeo.com js.squarecdn.com/square-marketplace.js bpi.zip.co bat.bing.com www.clarity.ms *.zendesk.com cdn.evgnet.com ct.pinterest.com *.calvinklein.co.nz *.abtasty.com *.adnxs.com *.adobe.com *.adobedtm.com *.afterpay.com *.afterpay.com *.akamaihd.net *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.calvinklein.com.au *.cardinalcommerce.com *.ccdc02.com *.cfjump.com *.cloudflare.com *.cloudfront.net *.contentsquare.net app.contentsquare.com *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.luckyorange.net *.my.salesforce.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.roymorgan.com *.salesforceliveagent.com *.stockinstore.net *.teads.tv *.tiktok.com *.tommy.com *.trurating.com *.usabilla.com *.vanheusen.com.au *.vimeocdn.com *.yimg.com *.ytimg.com *.zdassets.com *.zipmoney.com.au 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com acdn.adnxs.com analytics-static.ugc.bazaarvoice.com analytics.tiktok.com api.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com apps-stg.nexus.bazaarvoice.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com assets.braintreegateway.com c.paypal.com cdn.attraqt.io cdn.particularaudience.com cfjump.tommy.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net display.ugc.bazaarvoice.com ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io geoapi.cardinalcommerce.com geostag.cardinalcommerce.com cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.js cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.3/handlebars.min.js js.afterpay.com js.sandbox.afterpay.com portal.afterpay.com portal.clearpay.co.uk portal.sandbox.afterpay.com portal.sandbox.clearpay.co.uk static.afterpay.com www.google.com/recaptcha www.gstatic.com/recaptcha includestest.ccdc02.com js.adsrvr.org js.braintreegateway.com mpsnare.iesnare.com network-stg.bazaarvoice.com network.bazaarvoice.com p.teads.tv pay.google.com photorankstatics-a.akamaihd.net rules.quantcount.com s.pinimg.com s.yimg.com s.ytimg.com s7.addthis.com sc-static.net secure.authorize.net secure.quantserve.com songbird.cardinalcommerce.com static.zip.co static.zipmoney.com.au stg.api.bazaarvoice.com t.cfjump.com t.paypal.com test.authorize.net tr.snapchat.com vimeo.com wss://widget-mediator.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.vimeo.com zip.co *.forter.com dlthst9q2beh8.cloudfront.net d2nww8zpyj5pk0.cloudfront.net d2w2nqfk3z9hdt.cloudfront.net; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.adnxs.com *.adobe.com *.adsrvr.org *.afterpay.com *.akamaihd.net *.amgdgt.com *.analytics.yahoo.com *.bazaarvoice.com *.behance.net *.calvinklein.com *.cardinalcommerce.com *.clarity.ms *.clearpay.co.uk *.clickmeter.com *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.ftcdn.net *.google.com *.google.com.au *.googleapis.com *.googlesyndication.com www.googletagmanager.com *.gstatic.com *.hotjar.com *.imgix.net *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.paypal.com *.photorank.me *.pinterest.com *.pmnts-sandbox.io *.pmnts.io *.presage.io *.pvh-staging.com *.roymorgan.com *.stockinstore.net *.teads.tv *.tommy.com *.turn.com *.vimeo.com *.vimeocdn.com *.youtube.com *.zdassets.com *.zipmoney.com.au *.zopim.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com amcglobal.sc.omtrdc.net analytics.pangle-ads.com analytics.tiktok.com api.fillr.com assets.adobedtm.com assets.braintreegateway.com bat.bing.com beacon.krxd.net blob: block.opendns.com bpi.zip.co calvinklein.com.au calvinkleinnz.zendesk.com centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com checkout-sandbox.quadpay.com checkout.gb.zip.co checkout.quadpay.com clickmeter.com cm.everesttech.net d1m2uzvk8r2fcn.cloudfront.net d3nocrch4qti4v.cloudfront.net data: df45ay5pw60dy.cloudfront.net dpm.demdex.net duuytoqss3gu4.cloudfront.net ecomm-cdn.trurating.com ekr.zendesk.com fast.amc.demdex.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscloud.net geo.cardinalcommerce.com geostag.cardinalcommerce.com http: https: i.ytimg.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com m.cmpgn.page media.littlebirdie.com.au mm-static.mustcheck.com olapic-data.s3.amazonaws.com olapic.s3.amazonaws.com photorankmedia-a.akamaihd.net photorankstatics-a.akamaihd.net pixel.quantserve.com pixel.rubiconproject.com prreqcroab.icu pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pvhba.zendesk.com rebrandly.com sandbox.zip.co sc-static.net secure.authorize.net security-au.mimecast.com shopping.qantas.com start.zip.co static.zip.co test.authorize.net tommyau.zendesk.com tommynz.zendesk.com tr.snapchat.com v2assets.zopim.io vanheusenau.zendesk.com vod-progressive.akamaized.net widgets.magentocommerce.com widgets.sandbox.clearpay.co.uk wss://*.hotjar.com wss://*.zopim.com wss://calvinkleinau.zendesk.com wss://calvinkleinnz.zendesk.com wss://tommyau.zendesk.com wss://tommynz.zendesk.com wss://vanheusenau.zendesk.com www.calvinklein.com.au www.google-analytics.com www.google.co.nz www.googleadservices.com www.magezon.com www.paypalobjects.com www.vanheusen.com.au z1photorankmedia-a.akamaihd.net zendesk-eu.my.sentry.io zip.co zipmoney.com.au; 3 frame-ancestors 'self' localhost:* *.tason.com http://localhost:3000 https://www.targetmarketing.co.kr https://mktplatform.tason.com https://dev-mktplatform.tason.com 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://plausible.io; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' data: https://*.medium.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.4160.nodely.dev https://plausible.io https://api.emailjs.com; frame-src 'self' https://*.loom.com https://*.youtube.com https://customer-79jhngjtc25rkvy9.cloudflarestream.com; frame-ancestors 'none'; report-to default 3 frame-ancestors 'self' https://wdgt.dathuis.nl; 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pghub.io https://www.google.com/recaptcha/api.js https://www.gstatic.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob:; style-src 'self' 'unsafe-inline' *.bazaarvoice.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net *.iesnare.com data:; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data:; font-src 'self' fonts.gstatic.com; connect-src * https://pglogin.justsnap.de https://venus.jsnp.io; frame-src 'self' *.googletagmanager.com https://pglogin.justsnap.de https://venus.jsnp.io https://www.google.com https://servedby.flashtalking.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com; manifest-src * 3 frame-ancestors 'self' https://rewards.theexcellencecollection.com https://tecloyalty.c5.stage.livecms.site; 3 default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com https://www.googletagmanager.com 3 frame-ancestors 'self'; default-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' img07.en25.com unpkg.com ajax.googleapis.com www.comparably.com cdn.jsdelivr.net 'unsafe-eval' blob: www.buzzsprout.com unpkg.com cdn.dxpr.com www.googletagmanager.com www.gstatic.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com *.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.dxpr.com cdn.jsdelivr.net; img-src 'self' s1867737855.t.eloqua.com reedexhibitions.com www.rxglobal.com rxglobal.com *.google-analytics.com www.google.com www.google.co.uk *.googletagmanager.com data.shorthand.com iframely.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com cdn.dxpr.com cdn.cookielaw.org maps.gstatic.com data: ; frame-src www.google.com regist.reedexpo.co.jp www.comparably.com flo.uri.sh www.buzzsprout.com cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src data: 'unsafe-eval'; connect-src 'self' blob: rxglobal.com rxglobal.at cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com *.google-analytics.com gateway.shorthand.com www.gstatic.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io cdn.dxpr.com maps.googleapis.com; base-uri 'none'; worker-src blob: 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: 3 frame-ancestors 'self' *.punchlist.com 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.googleadservices.com *.iqm.com *.cookielaw.org *.onetrust.com *.vimeo.com tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com *.tableau.com *.jsdelivr.net *.flourish.studio acsbapp.com snap.licdn.com *.linkedin.com; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net *.fontawesome.com; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; frame-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com; child-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com; connect-src 'self' accounts.google.com *.g.doubleclick.net *.cookielaw.org cdn.cookielaw.org *.onetrust.com tags.srv.stackadapt.com *.google-analytics.com *.google.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com *.googleapis.com *.mktoresp.com 932-bac-700.mktoutil.com acsbapp.com *.acsbapp.com snap.licdn.com *.linkedin.com; 3 object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 3 media-src * 3 frame-ancestors 'self' *.bluecatnetworks.com bluecat.pathfactory.com bluecat.lookbookhq.com; 3 frame-ancestors 'self' *.logo.pt *.force.com *.tranquilidade.cst *.tranquilidade.pt *.generalitranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 3 default-src: https: 'unsafe-inline'; 3 default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 3 frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' *.k-asap.eu; 3 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.dvinci-easy.com https://dtsgroup-career.dvinci.de https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stable.loyjoy.com https://snap.licdn.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googleadservices.com/; 3 frame-ancestors 'self' https://PRD.S4HANA.CORP.TELSTRA.COM 3 connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 3 frame-ancestors 'self' web.fc2.com 3 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;media-src e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3 worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.synchronycredit.com *.synchrony.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com localhost:8080 qa-id.synchronycredit.com uat-id.synchronycredit.com id.synchrony.com; block-all-mixed-content; upgrade-insecure-requests; 3 frame-ancestors http://*.campogrande.ms.gov.br 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 3 frame-ancestors 'self' https://www.spreadfamily.fr *.spread.family projectxparis.com *.projectxparis.com tranquilleemile.net *.tranquilleemile.net starwax.fr *.starwax.fr groupama.fr *.groupama.fr fnac.com *.fnac.com animation.espritjeu.com belleetbio.com *.belleetbio.com animation.fnac.com animation.darty.com newsletters.chamonix.com 3 base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com https://metrics.hotjar.io; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com https://www.googletagmanager.com https://td.doubleclick.net https://experience.arcgis.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net https://vod-progressive-ak.vimeocdn.com https://download-video-ak.vimeocdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 3 default-src 'self' 'unsafe-inline' region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.linkedin.com https://indd.adobe.com https://syndication.twitter.com/; font-src *; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://imtcast.imt.fr/ https://haltools.archives-ouvertes.fr/ https://indd.adobe.com/ https://barometredelascienceouverte.esr.gouv.fr/ https://www.rcf.fr https://platform.twitter.com https://www.linkedin.com https://syndication.twitter.com/ https://v.calameo.com/ https://player.vimeo.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com/ https://www.youtube-nocookie.com https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill-fastly.io https://www.google.com localhost:35729 yui.yahooapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com/ https://www.youtube-nocookie.com https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill-fastly.io https://www.google.com localhost:35729 yui.yahooapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; 3 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 3 default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-eval' https://analytics.ajla.net 'unsafe-inline' *.livechatinc.com *.tawk.to https://bam.nr-data.net https://translate-pa.googleapis.com/*; style-src 'self' blob: https: 'unsafe-inline'; report-uri https://sentry.io/api/1424323/security/?sentry_key=41c76badf8dd42cf9c908ee883619619 3 default-src: https: 'unsafe-inline' 3 frame-ancestors 'self' esswrp.ethicalsuperstore.com esswrp.pointov.com 3 frame-ancestors https://www.facebook.com/ https://www.messenger.com/ https://www.snaptravel.com/ https://www.livesuper.com/ https://www.super.com/ 3 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; font-src https://fonts.gstatic.com 'self' data: blob:; default-src 'unsafe-inline' 'self' https: data: blob:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' *.altafiber.com *.hawaiiantel.com 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' policy.app.cookieinformation.com www.googletagmanager.com fazercs--partial.sandbox.my.site.com fazercs.my.site.com plugins.flockler.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi www.google-analytics.com service.force.com fazercs.my.salesforce.com *.salesforce.com *.fazer.com *.salesforceliveagent.com cdnjs.cloudflare.com cdn.jsdelivr.net visitfazer.asio.fi fazergroup.workbuster.com code.jquery.com ajax.googleapis.com fazergroup.onecruiter.com snap.licdn.com web-sdk-eu.aptrinsic.com *.hotjar.com *.hotjar.io fazer.simulator.palmu.fi *.cloudfront.net connect.facebook.net us-ma.sam4m.com/2.0/site/undefined/analytics/sa.js cdn.mxapis.com serve.mxapis.com track.adform.net *.ads-twitter.com stats.g.doubleclick.net *.adform.net www.youtube.com *.leadfamly.com plugins.flockler.com; style-src 'self' 'unsafe-inline' fazercs--partial.sandbox.my.site.com fazercs.my.site.com fazercs.my.salesforce.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi *.fazer.com *.salesforceliveagent.com *.cdn.flockler.com fazergroup.onecruiter.com fonts.googleapis.com s3-eu-west-1.amazonaws.com/wb-bolt-production/account_1348 web-sdk-eu.aptrinsic.com; img-src 'self' data: fazercs--partial.sandbox.my.site.com media-api.flockler.com *.cdninstagram.com fazercs.my.site.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi *.fazer.com mb.cision.com *.salesforceliveagent.com *.cdn.flockler.com p.typekit.net *.googletagmanager.com www.facebook.com *.linkedin.com *.analytics.google.com *.google.dk *.google.se stats.g.doubleclick.net t.co analytics.twitter.com img.youtube.com; font-src 'self' data: fazercs--partial.sandbox.my.site.com fazercs.my.site.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi *.fazer.com fazergroup.onecruiter.com fonts.gstatic.com use.typekit.net *.cloudfront.net; connect-src 'self' wss: *.google-analytics.com policy.app.cookieinformation.com consent.app.cookieinformation.com fazercs--partial.sandbox.my.site.com fazercs.my.site.com *.salesforce.com *.salesforceliveagent.com *.shopify.com *.shopifysvc.com *.myshopify.com *.shopifycdn.com *.woolman.app *.fazer.com www.facebook.com api.flockler.app stats-api.flockler.app fazergroup.onecruiter.com px.ads.linkedin.com wb-analytics.onecruiter.com esp-eu.aptrinsic.com *.hotjar.io *.hotjar.com www.google.com *.fazergroup.com data.fazer.fi data.fazer.com data.fazer.ee data.fazer.lt data.fazer.lv data.fazer.se data.fazeraito.com data.fazerfoodtech.com data.fazermills.com data.fazerwillja.com data.frebaco.se data.froosh.com data.gateau.fi data.gateau.se data.jyvashyva.fi data.oululainen.fi data.skogaholm.se data.trensums.com data.visitfazer.com; frame-src 'self' *.fazergroup.com *.fazer.com policy.app.cookieinformation.com www.youtube.com fazercs.my.salesforce.com www.google.com fazergroup.onecruiter.com www.googletagmanager.com visitfazer.asio.fi *.playable.com finfazer24.azurewebsites.net; frame-ancestors 'self' secure.zetadisplay.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com publish.ne.cision.com; upgrade-insecure-requests ; block-all-mixed-content 3 default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * about:; font-src * 'self' data: https://fonts.gstatic.com; img-src * 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; worker-src blob: data: *; 3 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 3 img-src * https: data:; object-src 'none'; frame-ancestors 'self' https://app.contentful.com 3 default-src 'self';frame-src 'self' blob: https:;connect-src 'self' wss: blob: https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https:;img-src 'self' data: blob: blob: https:;media-src 'self' blob: https:;font-src 'self' data: blob: https:;worker-src 'self' blob: blob: https:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' chromacam.me personifyinc.com 3 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 3 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 3 frame-ancestors 'self' dashboard.myrazz.com; report-uri /report-violation 3 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: https: blob: 3 default-src 'self' https://*.dormakabagroup.com blob: ; frame-src 'self' https://*.dormakabagroup.com https://*.dormakaba.com https://*.equitystory.com https://cdn.iframe.ly https://*.vimeo.com https://*.vimeocdn.com https://irs.tools.investis.com https://*.jotformeu.com https://*.jotform.com https://*.pardot.com https://www.youtube.com https://*.storelocatorwidgets.com https://web.inxmail.com https://fbweb.cypheme.com *.hotjar.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com ; frame-ancestors 'self' https://*.dormakabagroup.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dormakabagroup.com https://www.googletagmanager.com https://*.equitystory.com https://*.google-analytics.com https://*.eqs.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.cookielaw.org https://*.hotjar.com https://*.storelocatorwidgets.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com ; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.eqs.com https://*.storelocatorwidgets.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com ; img-src 'self' data: blob: https://*.dormakabagroup.com https://*.dormakaba.com https://*.ctfassets.net https://*.eqs.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://www.google-analytics.com https://fonts.gstatic.com https://cdn.cookielaw.org https://*.storelocatorwidgets.com storage.pardot.com *.pardot.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com ; media-src 'self' https://*.ctfassets.net data: blob: ; font-src 'self' https://fonts.dormakaba.com https://fonts.gstatic.com https://*.storelocatorwidgets.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com data: ; connect-src 'self' https://*.dormakabagroup.com https://*.contentful.com https://*.algolia.net https://*.algolianet.com https://*.equitystory.com https://*.cms-eqs.com https://*.storelocatorwidgets.com https://cdn.cookielaw.org https://*.google-analytics.com https://maps.googleapis.com https://www.googleapis.com https://*.onetrust.com https://analytics.google.com https://*.doubleclick.net https://*.eqs.com https://prod.spline.design https://www.gstatic.com https://unpkg.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.text.com *.files-text.com *.cdn.livechatinc.com *.livechat.com *.livechatinc.com *.livechat-static.com *.recurly.com *.cdn.chatbot.com *.chatbot.com *.recurly.com ; worker-src 'self' blob: ; upgrade-insecure-requests ; block-all-mixed-content ; manifest-src 'self' ; 3 default-src 'self' ws: wss: blob: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com; font-src 'self' 'unsafe-inline' data: http://cdn.storelocatorwidgets.com http://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com webchat.keyreply.com fonts.gstatic.com kit-free.fontawesome.com https://edge.addthis.com; connect-src 'self' ws: wss: blob: https://geocode.arcgis.com https://log.storelocatorwidgets.com https://b.tiles.expressmaps.com https://a.tiles.expressmaps.com http://markers.storelocatorwidgets.com https://markers.storelocatorwidgets.com https://tiles.expressmaps.com wss://nhg.app.keyreply.com nhg.app.keyreply.com maps.googleapis.com www.google-analytics.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://api-public.addthis.com https://l.sharethis.com https://datasphere-sbsvc.sharethis.com https://bcp.crwdcntrl.net; frame-src 'self' www.google.com youtu.be www.youtube.com http://s7.addthis.com https://edge.addthis.com https://www.nhgp.com.sg http://t.sharethis.com; frame-ancestors 'self'; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht.com *.storelocatorwidgets.com blob: https://wh-stg.wh.com.sg https://cmswh.com.sg; media-src 'self' data: keyreply.blob.core.windows.net youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: blob: data: https://geocode.arcgis.com https://tiles.expressmaps.com ajax.googleapis.com https://cdn.storelocatorwidgets.com http://cdn.storelocatorwidgets.com maps.googleapis.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://wh-stg.wh.com.sg https://cmswh.com.sg https://platform-api.sharethis.com https://t.sharethis.com ; script-src-elem 'self' 'unsafe-inline' ws: wss: blob: https://geocode.arcgis.com/ http://loc.storelocatorwidgets.com/ www.googletagmanager.com www.youtube.com ajax.googleapis.com cdn.storelocatorwidgets.com nhg.app.keyreply.com maps.googleapis.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://edge.addthis.com https://z.moatads.com https://api-public.addthis.com https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform-api.sharethis.com https://api.mapbox.com; style-src 'self' 'unsafe-inline' data: ajax.googleapis.com s7.addthis.com http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com youtu.be www.youtube.com www.addthis.com http://s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com nhg.app.keyreply.com maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: http://maxcdn.bootstrapcdn.com http://api.tiles.mapbox.com http://cdn.storelocatorwidgets.com https://maxcdn.bootstrapcdn.com https://api.tiles.mapbox.com https://cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com; object-src 'self' youtu.be www.youtube.com https://api.mapbox.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://adexofiles.ir https://sentry.hamravesh.com https://ma-cdn.pegah.tech *.analytics.google.com *.google-analytics.com *.googleapis.com *.goftino.com *.googletagmanager.com https://heapanalytics.com *.heapanalytics.com *.adtodate.ir *.microsoft.com *.amazonaws.com https://deemanetwork.com *.mediaad.org *.shab.dev *.shab.ir *.shab.trial *.shab.demo *.shab.travel *.shab.rentals *.webengage.com *.gstatic.com *.webengage.co *.clarity.ms *.bing.com *.yektanet.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.goftino.com *.doubleclick.net; img-src 'self' blob: data: *.shab.ir *.shab.dev *.shab.travel *.shab.rentals *.googletagmanager.com *.shab.trial *.shab.demo *.shab.cloud *.googleapis.com *.tile.openstreetmap.org *.goftino.com *.yektanet.com https://heapanalytics.com *.heapanalytics.com *.microsoft.com *.amazonaws.com *.webengage.com *.webengage.co *.dezhino.com *.cloudfront.net *.doubleclick.net *.google-analytics.com *.clarity.ms *.bing.com https://sentry.hamravesh.com https://www.google.de https://www.google.nl https://www.google.de https://www.google.ae https://www.google.fr https://www.google.ca https://www.google.co.uk https://www.google.com.au https://www.google.se https://*.google.com; media-src 'self' blob: *.shab.cloud *.goftino.com *.doubleclick.net; connect-src 'self' wss://socket.shab.ir https://sentry.pegah.tech https://ma-cdn.pegah.tech https://sentry.hamravesh.com https://panel.adexo.ir *.google.com https://*.yektanet.com *.google-analytics.com *.googleapis.com *.shab.cloud *.goftino.com ws://*.goftino.com wss://*.goftino.com https://gateway.zibal.ir https://heapanalytics.com *.heapanalytics.com https://clarity.microsoft.com *.bing.com https://deemanetwork.com https://gate.dezhino.com *.shab.dev *.shab.ir *.shab.travel *.shab.rentals *.shab.trial *.shab.demo *.mediaad.org *.webengage.com *.webengage.co *.doubleclick.net *.clarity.ms; font-src 'self' *.gstatic.com *.goftino.com data:; frame-src 'self' https://sentry.hamravesh.com *.goftino.com https://*.yektanet.com *.aparat.com *.webengage.co *.webengage.com https://mediacdn.mediaad.org *.googletagmanager.com *.doubleclick.net; object-src 'none'; base-uri 'self'; form-action https://*.shab.ir https://api.shab.travel https://api.shab.rentals 'self' https://bpm.shaparak.ir https://ipg.toman.ir https://asan.shaparak.ir https://credit.mellatinsurance.ir https://gateway.zibal.ir https://sep.shaparak.ir https://live-test-develop-merchant-growth.apps.public.okd4.teh-1.snappcloud.io https://api.snapppay.ir https://payment.snapppay.ir https://paym.basa.ir;frame-ancestors 'self';worker-src 'self' blob:;child-src 'self' blob:; 3 default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 3 default-src 'self' *.checkngo.com *.xact.com *.alliedcash.com *.pocket360.com *.mouseflow.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.tfaforms.net *.krxd.net *.quantcount.com *.googletagmanager.com *.quantserve.com *.fontawesome.com *.bootstrapcdn.com *.googleanalytics.com https://maps.google.com https://optimize.google.com https://tagmanager.google.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.msecnd.net *.hotjar.com https://tag.brandcdn.com https://adservices.brandcdn.com https://widget.trustpilot.com *.siteimproveanalytics.com *.mouseflow.com *.pinimg.com https://siteimproveanalytics.com *.pinterest.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.tfaforms.net *.fontawesome.com *.bootstrapcdn.com https://optimize.google.com https://tagmanager.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.myfonts.net *.mouseflow.com *.siteimproveanalytics.com *.cloudflare.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.tfaforms.net pre-usermatch.targeting.unrulymedia.com e1.emxdgt.com beacon.krxd.net x.bidswitch.net pixel.advertising.com *.quantserve.com www.google.com dynl.mktgcdn.com maps.google.com optimize.google.com *.azureedge.net *.googletagmanager.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com adservices.brandcdn.com insight.adsrvr.org match.adsrvr.org *.doubleclick.net sync.search.spotxchange.com https://*.ggpht.com *.mouseflow.com *.google-analytics.com *.adswizz.com *.pinterest.com *.tapad.com *.tremorhub.com *.googleusercontent.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.bootstrapcdn.com *.mouseflow.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.trustpilot.com *.google.com *.mouseflow.com *.tfaforms.net; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://*.googleapis.com/ *.googleapis.com *.doubleclick.net https://analytics.google.com *.pinterest.com *.contextine.com *.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ipinfo.io/ip https://icanhazip.com https://api.ipify.org *.mouseflow.com *.tfaforms.net; media-src 'self' data: blob: *.azureedge.net; child-src 'self' *.checkngo.com *.alliedcash.com cdn.krxd.net *.hotjar.com www.googletagmanager.com *.doubleclick.net adservices.brandcdn.com insight.adsrvr.org *.mouseflow.com *.trustpilot.com *.pinterest.com *.google.com; object-src 'self' 3 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com;connect-src 'self' localhost *.doubleclick.net *.clarity.ms *.fg.cz *.google-analytics.com *.analytics.google.com www.google.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.googleapis.com translate-pa.googleapis.com *.facebook.com *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.clarity.ms www.youtube.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.clarity.ms www.youtube.com recaptcha.net *.fg.cz www.google.com www.gstatic.com *.google-analytics.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.google.com translate.googleapis.com translate-pa.googleapis.com connect.facebook.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.doubleclick.net www.youtube.com www.youtube-nocookie.com recaptcha.net www.google.com www.googletagmanager.com requestor.bezpecnostnicentrum.cz online.fliphtml5.com;worker-src 'self' blob: www.youtube.com *.doubleclick.net;frame-ancestors 'self' localhost test-edee-jablotron.fg.cz edee.jablotron.com;img-src 'self' data: blob: *.fg.cz *.doubleclick.net *.clarity.ms *.youtube.com *.ytimg.com *.openstreetmap.org *.google.cn *.google.com *.google.cz http://www.google.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com www.gstatic.com translate.googleapis.com *.bing.com *.googletagmanager.com *.facebook.com mapsresources-pa.googleapis.com;style-src 'self' 'unsafe-inline' requestor.bezpecnostnicentrum.cz fonts.googleapis.com www.gstatic.com *.googletagmanager.com;object-src self;media-src 'self' *.fg.cz edee.jablotron.com 3 default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com https://www.instagram.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://www.instagram.com; object-src 'none'; upgrade-insecure-requests; 3 base-uri 'self'; connect-src 'self' *.cookiepro.com *.google.com *.hotjar.com wss://ws26.hotjar.com *.hotjar.io *.googleapis.com *.onetrust.com cdn.cookielaw.org www.google-analytics.com *.google-analytics.com *.readspeaker.com stats.g.doubleclick.net yoast.com *.readspeaker.com; default-src 'self'; font-src fonts.gstatic.com *.hotjar.com *.readspeaker.com 'self' data:; frame-src www.google.com 'self' www.youtube-nocookie.com *.hotjar.com cdn.cookielaw.org *.readspeaker.com gamma.euroland.com tools.eurolandir.com e.infogram.com art.kunstmatrix.com; img-src blob: 'self' data: maps.googleapis.com *.google.com maps.gstatic.com www.google-analytics.com 0.gravatar.com *.hotjar.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com secure.gravatar.com www.google-analytics.com ps.w.org s.chkmkt.com *.readspeaker.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src www.google.com www.gstatic.com *.onetrust.com cdn.cookielaw.org *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiepro.com *.onetrust.com cdn.cookielaw.org p-eu.chkmkt.com *.readspeaker.com www.googletagmanager.com ajax.googleapis.com maps.gstatic.com maps.googleapis.com tools.eurolandir.com www.google-analytics.com e.infogram.com www.youtube-nocookie.com www.youtube.com p-eu.chkmkt.com; style-src 'unsafe-inline' 'self' cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com tagmanager.google.com *.readspeaker.com s.chkmkt.com code.jquery.com ajax.googleapis.com eu.mar.medallia.com; worker-src 'self' blob:; 3 frame-ancestors 'self' https://st-martin-kub.crono.travel 3 default-src 'self' www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.in adservice.google.com *.fls.doubleclick.net insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com *.onetrust.com *bat.bing.com *ib.adnxs.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.hotjar.com *.moengage.com *.adnxs.com *.googleoptimize.com *.mookie1.com *.fls.doubleclick.net *.doubleclick.net *.outbrain.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://platform-api.sharethis.com https://buttons-config.sharethis.com unpkg.com/@frontify/ brandportal.ihhhealthcare.com assets.gathercontent.com www.googletagmanager.com media.istockphoto.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg http://admin-beta-mountelizabeth.com.sg insight.adsrvr.org quantserve.com googletagmanager.com secure.quantserve.com js.adsrvr.org rules.quantcount.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net admin-gleneagles.parkwayhealth.local admin-parkwayeast.parkwayhealth.local bat.bing.com staticcdn.enzymic.co cdn.polyfill.io static.site24x7rum.com www.google.co.in s.yimg.com www.instagram.com www.sc.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com https://rawgit.com https://cdnjs.cloudflare.com https://cdn.tailwindcss.com *.tiktok.com *.clarity.ms *.varify.io https://unpkg.com http://edge.quantserve.com/quant.js *bat.bing.com *ib.adnxs.com 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com beta.mountelizabeth.com.sg http://fonts.cdnfonts.com https://cdnjs.cloudflare.com googletagmanager.com *.googletagmanager.com *.bunny.net *.moengage.com unpkg.com *.typekit.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.mountelizabeth.com.sg https://cdn-assets-eu.frontify.com simsys.ent.ap-southeast-1.aws.found.io www.gleneagles.com.sg https://www.parkwayhospitals.com.cn *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com i.vimeocdn.com www.googletagmanager.com *.hotjar.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com countryflagsapi.com mountelizabeth.com *.mookie1.com *.google.com *.google.com.sg *.adnxs.com *.quantserve.com flagcdn.com ad.doubleclick.net google.co.in sdms-country-flag.s3.ap-southeast-1.amazonaws.com http://sitefinityprodpp.blob.core.windows.net googleads.g.doubleclick.net www.google.com/pagead bat.bing.com *.outbrain.com www.googleadservices.com www.google.co.in adservice.google.com fls.doubleclick.net insight.adsrvr.org quantserve.com s.yimg.com www.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com *.amazonaws.com s3-ihhsg-sdms-prod.sg.ihhhealthcare.com *.clarity.ms https://connect.facebook.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com cdnjs.cloudflare.com https://fonts.cdnfonts.com *.typekit.net; frame-src https://www.google.com/ https://www.youtube.com https://vimeo.com https://player.vimeo.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com brandportal.ihhhealthcare.com https://vars.hotjar.com https://*.moengage.com https://www.facebook.com https://m.facebook.com *.fls.doubleclick.net insight.adsrvr.org www.instagram.com adservice.google.com td.doubleclick.net https://my.matterport.com/ www.googletagmanager.com https://match.adsrvr.org metrics.mountelizabeth.com.sg 'self' web-chat.nativechat.com forms.hsforms.com; connect-src *.gstatic.com *.mktoresp.com *.google-analytics.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://l.sharethis.com *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://parkway-elastic-production.ent.ap-southeast-1.aws.found.io http://admin-beta-mountelizabeth.com.sg wss://*.hotjar.com *.hotjar.com *.hotjar.io *.moengage.com stats.g.doubleclick.net admin-parkwayeast.parkwayhealth.local admin-gleneagles.parkwayhealth.local analytics.google.com static.enzymic.co www.facebook.com metrics.mountelizabeth.com.sg insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com sp.analytics.yahoo.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com *.onetrust.com *.outbrain.com *.tiktok.com *.google.com *.clarity.ms *.varify.io https://www.google.com.sg/ads/ga-audiences https://bat.bing.com *bat.bing.com *ib.adnxs.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.frontify.com brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://*.moengage.com countryflagsapi.com https://bat.bing.com 'self' web-chat.nativechat.com 3 upgrade-insecure-requests; worker-src 'self' blob: ;style-src 'self' 'unsafe-inline' blob:; media-src 'self' ; manifest-src 'self' login.windows.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.cookielaw.org *.doubleclick.net connect.facebook.net www.youtube.com script.crazyegg.com www.google-analytics.com; font-src 'self' data: ; frame-ancestors 'none';frame-src 'self' *.doubleclick.net www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com *.cookielaw.org i.ytimg.com www.googletagmanager.com *.doubleclick.net www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' *.contentful.com *.cookielaw.org *.google-analytics.com *.googlesyndication.com script.crazyegg.com *.doubleclick.net *.algolia.net *.algolianet.com; default-src 'none'; base-uri 'none'; 3 frame-ancestors *; report-uri /report-csp-violation 3 frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at 3 frame-ancestors 'self' *.golfhouse.com; 3 base-uri 'self' https:; font-src 'self' 'unsafe-inline' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' data: blob: https:; object-src 'self' data: https:; script-src-attr 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: localhost:8085 *.cookieinformation.com *.googletagmanager.com *.googleapis.com *.ingest.de.sentry.io; upgrade-insecure-requests; frame-src 'self' data: https: https://hr-skyen.dk *.vimeo.com *.youtube.com; 3 default-src 'self'; connect-src 'self' https://api.friendlycaptcha.com https://bat.bing.com https://camptocamp.matomo.cloud https://*.datareporter.eu https://dev.to https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://stats.g.doubleclick.net; img-src 'self' data: https://www.google.com https://bat.bing.com https://i.ytimg.com/* https://www.googletagmanager.com https://media2.dev.to https://syndication.twitter.com https://webcache-eu.datareporter.eu https://*.google.ch https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://www.xing-share.com https://webcache-eu.datareporter.eu https://api.tiles.mapbox.com https://unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://camptocamp.matomo.cloud https://www.youtube.com https://cdn.matomo.cloud https://bat.bing.com https://www.xing-share.com https://platform.twitter.com https://platform.linkedin.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://*.datareporter.eu https://snap.licdn.com https://connect.facebook.net; font-src 'self' https://unpkg.com; frame-src 'self' https://www.youtube-nocookie.com/ https://platform.twitter.com https://www.googletagmanager.com https://td.doubleclick.net https://www.facebook.com/; worker-src blob: ; child-src blob: ; 3 frame-ancestors 'self' *.checkout.com; 3 upgrade-insecure-requests; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' *.flipaio.de *.seniorenportal.de; object-src 'none'; frame-ancestors 'self' *.flipaio.de *.seniorenportal.de 3 frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3 default-src https: data: blob: resource: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 3 frame-ancestors nuanceaudio.com *.nuanceaudio.com *.luxgroup.net https://cms-prod.brxm.grandvision.io 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.crisis24.com https://*.garda.com https://*.jotform.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.clarity.ms https://*.cloudinary.com https://*.cookiepro.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hs-sites.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.moneris.com https://*.onetrust.com https://*.salesforce.com https://*.usemessages.com https://*.youtube.com https://bat.bing.com https://c.bing.com https://cdn.fonts.net https://cdn.jsdelivr.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://maps.googleapis.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://secure.data-insight365.com https://snap.licdn.com https://td.doubleclick.net https://pardot.com https://*.pardot.com https://vercel.com https://vercel.live https://*.vercel.com https://*.vercel.app https://*.vercel-scripts.com wss://ws-us3.pusher.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.youtube-nocookie.com https://www.youtube.com https://*.ytimg.com https://*.gardaworld.com https://*.dayforcehcm.com https://*.mapbox.com https://*.doubleclick.net https://player.simplecast.com google.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; 3 frame-ancestors 'self'; img-src https://* data: blob: 3 frame-ancestors 'self' analytics.pt-dlr.de 3 default-src 'self';script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://analytics.tiktok.com https://cdn.pdst.fm 'sha256-tugJqoPf7X2uqHgOWaae7aTIM3YprRfpRxsis23ke8Q=' 'sha256-ZhFP87cciS37uYEvdfRm4n49sodK2ZxPv7jiEYYS5i8=' 'sha256-zhPZteDOZxJblI6dgWh+atU2QJ64sivXUL15V31StCk=' 'sha256-aG6kMMHdH/Z9hK+eMaZJANrW2wsK8sGYz5UyFH+i3/o=' 'sha256-r6Q/VSbL5s3lyyeFln01EoNNHxr0JG0uunm3wgdqRDc=' https://cdn.rudderlabs.com https://www.redditstatic.com https://snap.licdn.com https://tags.srv.stackadapt.com 'sha256-XPnKX8fj+vZrtZAoom2lMV0etZnxXrjAf7yWO4QeLaM=' 'sha256-iAydicCfNoGpOAtTWXbvR8Yzp1eueUQZrA16wIE1OL4=' 'sha256-pSpy+pBPy0HUQiY46i94MfLT2EoGVnP2733S63YC1og=' 'sha256-KKNq/1OtpqYzS4u4dTttf3kz3uCITT0ZYPGgTIzOmoo=' 'sha256-8dsSIGz252sz7rOLTvszqt/2gCg33KX3RJxjLtKxwMA=' 'sha256-uK3yorDdOTqp0AyWRVqBW/qKtFZ8jyTpHWQBWEPtEGA=' 'sha256-1R0R5FKN+G/4swwDHMpqIDgVMcCJFZ8fhAIwvCudQ7c=' 'sha256-cshYyI2jskutxB0i89pcV+W2nPo5iJIXE+1oL1ufyAU=' 'sha256-6hNtX4kWtSgUDaXQfYFXPC3Tzi0I6aBJ4qTGDy2Dasw=' https://staticcdn.co.nz;connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://*.sharesies.com https://*.uat.opsies.net.nz https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.google-analytics.com https://rs.sharesies.com https://cdn.growthbook.io https://assets.ctfassets.net https://cdn.contentful.com https://api.convertkit.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://api.hsforms.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://px.ads.linkedin.com https://tags.srv.stackadapt.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://tagmanager.google.com https://tags.srv.stackadapt.com/sa.css;font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com;img-src 'self' data: https://*.sharesies.com https://*.uat.opsies.net.nz https://*.sharesies.nz https://*.sharesies.com.au https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.intercomcdn.com https://*.intercomassets.com https://fairfax.demdex.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://adservice.google.co.nz https://adservice.google.com.au https://www.googleadservices.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.facebook.com https://connect.facebook.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://images.ctfassets.net https://sharesies-eg3voq9njjf7.imgix.net https://beacon.krxd.net https://i.ytimg.com https://sites.mimeanalytics.com https://alb.reddit.com https://*.ads.linkedin.com https://staticcdn.co.nz;media-src 'self' https://*.intercomcdn.com https://videos.ctfassets.net;frame-src https://intercom-sheets.com https://anchor.fm https://www.youtube.com https://embed.podcasts.apple.com https://open.spotify.com https://podcasters.spotify.com https://embed-standalone.spotify.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://omny.fm https://td.doubleclick.net/ https://staticcdn.co.nz;manifest-src 'self'; 3 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; connect-src 'self' *; font-src 'self' data: *; frame-src 'self' *; frame-ancestors 'self' *; upgrade-insecure-requests; 3 frame-src 'unsafe-eval' 'unsafe-inline' 'self' * 3 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru api-maps.yandex.ru enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru https://api.tinkoffinsurance.ru https://api-test.tinkoffinsurance.ru:38002 www.tbank.ru api-statist.tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru business.tbank.ru cobrowsing.tbank.ru www.cdn-tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru delivery.tinkoff.ru broker-api.tinkoffinsurance.ru api-osago.tbank.ru imgproxy.cdn-tinkoff.ru collection-phoenix.t-tech.team tmsg.tbank.ru tmsg.phoenix-ca.ru api.rosbank.ru webevent.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru https://rutube.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com *.maps.yandex.net api-maps.yandex.ru enterprise.api-maps.yandex.ru yandex.ru http://static.tinkoffinsurance.ru https://i.ytimg.com *.rosbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://newatom.spaaace.io https://order.atom.auto rutube.ru t-j.ru https://rutube.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pwanomotors/log/csp-error?appName=pwanomotors; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru; frame-ancestors 'self' https://tinkoff-insurance.com tbank.ru www.tbank.ru *.tbank.ru *.tcsbank.ru tinkoff.ru *.tinkoff.ru *.tbank-online.com https://auto.ru https://t-insurance.avito.com mc.yandex.ru t-j.ru www.rosbank.ru *.bankline.ru http://localhost:* marketing-tbank-e7ae911dd883.herokuapp.com tbank.aviasales.ru 3 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 3 default-src 'self'; img-src 'self'; script-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; 3 default-src 'self' *.mouseflow.com newsletter.abacus.ch fonts.googleapis.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net www.abacus.ch fonts.googleapis.com ; img-src 'self' www.linkedin.com *.googleapis.com www.googletagmanager.com/a px4.ads.linkedin.com www.google-analytics.com www.google.com www.google.ch maps.gstatic.com maps.google.com googleads.g.doubleclick.net px.ads.linkedin.com data:; connect-src 'self' eu01.rec.mouseflow.com www.google.com googleads.g.doubleclick.net px.ads.linkedin.com o2.mouseflow.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com cdn.linkedin.oribi.io; font-src 'self' use.typekit.net fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com www.abacus.ch api.mailxpert.ch snap.licdn.com cdn.mouseflow.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com newsletter.abacus.ch maps.googleapis.com maps.google.com googleads.g.doubleclick.net stats.g.doubleclick.net ajax.googleapis.com blob:; frame-src 'self' www.googletagmanager.com newsletter.abacus.ch td.doubleclick.net app.livestorm.co; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://info.dentsu.com https://pi.pardot.com http://pi.pardot.com https://cdn.pardot.com http://cdn.pardot.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com/ http://info.dentsu.com/ https://info.dentsu.com/ https://vercel.live https://app.storyblok.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.gstatic.com https://ipwhois.pro https://geolocation.onetrust.com https://vercel.live https://px.ads.linkedin https://api.storyblok.com https://api.emailjs.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.googletagmanager.com/; frame-ancestors https://app.storyblok.com storyblok.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://a.storyblok.com https://cdn.cookielaw.org https://i.vimeocdn.com/; manifest-src 'self'; media-src 'self' https://a.storyblok.com; report-uri https://6551f73079107a8bf3ffdb54.endpoint.csper.io; worker-src blob:; 3 default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.hotjar.com https://script.hotjar.com https://sdk.inbenta.io https://tdn.r42tag.com http://tdn.r42tag.com http://w.usabilla.com https://api.usabilla.com https://app.webinargeek.com https://embed.webinargeek.com https://admin.relay42.com/ https://maps.googleapis.com/ https://tags.srv.stackadapt.com https://*.abtasty.com https://*.azureedge.net https://widget.frill.co https://*.vimeocdn.com https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://pagead2.googlesyndication.com https://bat.bing.com https://snap.licdn.com https://assets.zuko.io https://www.googleadservices.com https://vlkp-init-363689781691.europe-west1.run.app https://vlkp-stream-363689781691.europe-west1.run.app/ https://*.fml-x.com https://fml-x.com https://cxppusa1rdrect01sa02cdn.blob.core.windows.net https://*.fls.doubleclick.net https://d6tizftlrpuof.cloudfront.net; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://vimeo.com https://*.vimeocdn.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://api.inbenta.io https://api-gce2.inbenta.io https://pwssearchprod.search.windows.net https://tdn.r42tag.com http://w.usabilla.com https://api.usabilla.com https://app.webinargeek.com https://embed.webinargeek.com https://maps.googleapis.com/ https://tags.srv.stackadapt.com https://*.abtasty.com https://*.azureedge.net https://*.mkt.dynamics.com https://widget.frill.co https://www.google.com https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://bat.bing.com https://px.ads.linkedin.com https://api.zuko.io https://vlkp-stream-363689781691.europe-west1.run.app/ https://vlkp-init-363689781691.europe-west1.run.app https://*.fml-x.com https://fml-x.com https://mobile.events.data.microsoft.com https://bat.bing.net https://*.fls.doubleclick.net https://ad.doubleclick.net; child-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.inbenta.io https://w.usabilla.com https://d6tizftlrpuof.cloudfront.net https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://widget.frill.co; img-src 'self' data: https://www.acc.vanlanschotkempen.com https://www.vanlanschotkempen.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://i.vimeocdn.com https://w.usabilla.com https://d6tizftlrpuof.cloudfront.net https://app.webinargeek.com https://embed.webinargeek.com https://t.svtrd.com https://maps.gstatic.com https://maps.googleapis.com https://imgsct.cookiebot.com https://*.buzzsprout.com https://*.inbenta.com https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://px.ads.linkedin.com https://ad.doubleclick.net https://adservice.google.com; font-src 'self' https://sdk.inbenta.io https://cdn.inbenta.io https://fonts.gstatic.com https://widget.frill.co https://cdnjs.cloudflare.com https://frill-prod-app.b-cdn.net; frame-src 'self' https://www.google.com https://consentcdn.cookiebot.com https://vars.hotjar.com https://www.buzzsprout.com https://player.vimeo.com https://finfiles.acc.merciervanlanschot.be https://finfiles.merciervanlanschot.be https://finfiles.acc.vanlanschotkempen.com https://finfiles.vanlanschotkempen.com https://tools.eurolandir.com https://pr.globenewswire.com https://app.webinargeek.com https://embed.webinargeek.com https://t.svtrd.com/ https://www.podbean.com https://widget.frill.co https://gateway.euronext.com https://p.easydus.com https://td.doubleclick.net d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com https://*.fls.doubleclick.net; 3 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru https://chat3.vtb.ru https://*.adriver.ru https://vk.com https://*.mail.ru https://dmp.dmpkit.1dmp.io https://yastatic.net https://stream.datago.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc https://static.a.mts.ru https://*.botfaqtor.ru https://*.digitaltarget.ru https://sm.rtb.mts.ru https://cm.a.mts.ru https://api.a.mts.ru; style-src 'self' 'unsafe-inline' https://dion.vc https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; img-src * data:; font-src 'self' data: https://dion.vc https://chat.vtb.ru https://chat3.vtb.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; media-src 'self' https://dion.vc https://chat3.vtb.ru https://vtbcareer.com https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://video.dion.vc; frame-src 'self' 'unsafe-inline' blob: https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru https://chat3.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io https://sync.1dmp.io/ https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc https://mc.yandex.ru https://*.mail.ru https://siteapi.vtb.ru; connect-src 'self' blob: wss://click2call.vtb.ru:8443 https://dion.vc https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru https://chat3.vtb.ru https://*.adriver.ru https://vk.com https://*.mail.ru https://siteapi.vtb.ru http://siteapi.vtb.ru https://siteapi.vtb.com https://siteapi.vtb.com https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://online.vtb.ru https://dmp.dmpkit.1dmp.io wss://chat.vtb.ru wss://chat3.vtb.ru https://cert.vtb.ru/ https://*.tech.rtb.mts.ru https://*.match.mts.ru https://www.vtb.ru https://stream.datago.ru https://tech.rtb.mts.ru https://xn--3-7sb8cs.xn--90ab2c.xn--p1ai wss://xn--3-7sb8cs.xn--90ab2c.xn--p1ai https://onlinesales.vtb.ru https://manalyticshub.com https://video.dion.vc https://static.a.mts.ru https://*.botfaqtor.ru https://*.digitaltarget.ru https://sm.rtb.mts.ru https://cm.a.mts.ru https://api.a.mts.ru; frame-ancestors 'self' https://video.dion.vc https://*.vtb.ru:* https://www.rbc.ru https://metrika.yandex.ru https://onlinesales.vtb.ru https://video.dion.vc; 3 font-src *.googleapis.com *.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com/ use.fontawesome.com/releases/v5.6.0/webfonts *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.googleusercontent.com *.hotjar.com *.littlegreene.com *.littlegreene.us *.stackla.com *.typekit.net *.varify.io yastatic.net *.zencdn.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com/ https://*.realexpayments.com/ *.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.nosto.com *.nos.to *.3dsecure-atruvia.de 3dsecure-vrp.de *.3ds-hanseaticbank.de *.airplus.com *.asseco-see.hr *.bankmillennium.pl *.bunq.com *.cardcomplete.com *.cic.fr *.cm-cic.com *.consorsbank.de *.cornercard.ch *.creditmutuel.fr *.cyris.com *.eewosecure.com *.emlpayments.com *.ing.de *.lcl.fr *.marqeta.eu *.n26.com *.otpbank.hu *.rabobank.nl *.rb.cz *.secureacs.com *.sibs.pt *.s-id-check-sparkassen.de *.soldo.com *.sparkasse.at *.sparkassen-kreditkarten.de *.uobgroup.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.adyen.com https://lgpc.prismic.io *.weltpixel.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.realexpayments.com/ https://player.vimeo.com/ https://www.google.com/ *.trustpilot.com https://newassets.hcaptcha.com/ https://static.cdn.prismic.io/ https://example-repository.prismic.io/ https://ct.pinterest.com/ https://r3.girogate.de/ https://*.littlegreene.com/ https://*.littlegreene.us/ https://*.littlegreene.fr/ https://*.littlegreene.de/ https://*.littlegreene.nl/ https://*.littlegreene.eu/ https://*.littlegreene.ie/ https://*.paintandpaperlibrary.com/ https://*.bradite.com/ *.dotdigital-pages.com *.dotdigital.com challenges.cloudflare.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no account.fetchify.com *.nosto.com *.nos.to 3dsecure-vrp.de *.3ds-hanseaticbank.de *.adsrvr.org *.airplus.com *.asseco-see.hr *.bankmillennium.pl *.bunq.com *.cardcomplete.com *.cic.fr *.cm-cic.com *.consorsbank.de *.creditmutuel.fr *.cyris.com *.doubleclick.net *.eewosecure.com *.emlpayments.com *.facebook.com *.google.com *.googletagmanager.com *.ing.de *.lcl.fr *.littlegreene.com *.littlegreene.us *.marqeta.eu *.milleis.fr *.n26.com *.neuflizeobc.net *.op.fi *.otpbank.hu *.pinterest.com *.rabobank.nl *.rb.cz *.sg.fr *.sibs.pt *.s-id-check-sparkassen.de *.soldo.com *.sparkasse.at *.sparkassen-kreditkarten.de *.stackla.com *.uobgroup.com *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://images.prismic.io/lgpc/ https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ https://cookie-cdn.cookiepro.com https://www.magecomp.com/ https://streetviewpixels-pa.googleapis.com/ https://js.intercomcdn.com/ https://www.google.com.ua/ *.facebook.com *.reddit.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com www.feedoptimise.com cdn.feedoptimise.com *.nosto.com *.nos.to 'self' data: *.addsauce.com *.adsrvr.org *.capitalkoala.com *.cdninstagram.com *.cookiepro.com *.cti.digital *.ctidigital.com d21m4dsqdd3b9h.cloudfront.net *.doubleclick.net *.facebook.net *.ggpht.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.uy www.google.com.vc www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.tt www.google.vu www.google.ws *.google.com google.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.intercomassets.com *.intercomcdn.com *.licdn.com *.linkedin.com *.littlegreene.com *.littlegreene.us *.pinimg.com *.prismic.io *.stackla.com *.tiktok.com *.trackedlink.net *.typekit.net yastatic.net data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ *.trustpilot.com https://*.azureedge.net/ https://cookie-cdn.cookiepro.com/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://hcaptcha.com https://cookie-cdn.cookiepro.com https://www.googleoptimize.com/ https://oc-cdn-public-gbr.azureedge.net/ https://*.littlegreene.com/ https://*.littlegreene.us/ https://*.littlegreene.fr/ https://*.littlegreene.de/ https://*.littlegreene.nl/ https://*.littlegreene.eu/ https://*.littlegreene.ie/ https://*.paintandpaperlibrary.com/ https://*.bradite.com/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal challenges.cloudflare.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com www.feedoptimise.com cdn.feedoptimise.com player.vimeo.com *.nosto.com *.nos.to *.google.com *.addsauce.com *.adsrvr.org *.amazon-adsystem.com *.cloudflare.com *.cookiepro.com *.doubleclick.net g10498469755.co g10696554090.co *.googlesyndication.com *.googletagmanager.com hcaptcha.com *.hotjar.com *.licdn.com *.littlegreene.com *.littlegreene.us *.newrelic.com *.pinimg.com *.pinterest.com plausible.io *.prismic.io snapppt.com *.stackla.com *.tiktok.com *.varify.io yastatic.net *.zencdn.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://*.azureedge.net/ https://hello.myfonts.net/ tagmanager.google.com use.fontawesome.com/releases/v5.6.0/css cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.googleapis.com *.gstatic.com *.trustpilot.com *.googletagmanager.com *.littlegreene.com *.littlegreene.us *.stackla.com *.typekit.net yastatic.net *.zencdn.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src *.stackla.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com *.cdninstagram.com *.intercomcdn.com *.stackla.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io https://bat.bing.com/ https://bam.nr-data.net/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/ https://invitejs.trustpilot.com/ *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to t.elasticsuite.io *.addsauce.com *.adsrvr.org *.amazon-adsystem.com *.cloudflare.com *.cookiepro.com *.ctidigital.com d21m4dsqdd3b9h.cloudfront.net *.facebook.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cm www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gg www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.mw www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sn www.google.sr www.google.tg www.google.tl www.google.tm www.google.tn www.google.tt *.google.com google.com *.googlesyndication.com hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.intercomcdn.com *.linkedin.com *.littlegreene.com *.littlegreene.us *.nr-data.net *.pinterest.com plausible.io *.prismic.io *.stackla.com *.tiktok.com *.trustpilot.com *.varify.io 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.hcaptcha.com *.stackla.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://fcd7480d-2ff3-44bf-9367-c8e0d4f26d3d.sansec.watch/; report-to report-endpoint; 3 frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.kr *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.dk *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.hr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ch *.doppelherz.tw *.queisser.de *.queisser.com *.queisser.pl *.queisser.ro *.queisser.bg *.queisser.ua *.doppelherz.ma *.doppelherz.ba *.doppelherz.uz *.litozin.at *.litozin.de 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com *.payerone.com *.facebook.net wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com *.google.com *.dhru.com *.paypal.com *.paypalobjects.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 3 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com use.fontawesome.com google-analytics.com connect.facebook.net static.ads-twitter.com polyfill.io;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;img-src 'self' https://cdn.eigpropertyauctions.co.uk https://www.eigpropertyauctions.co.uk maps.gstatic.com google-analytics.com *.google-analytics.com www.facebook.com analytics.twitter.com maps.googleapis.com t.co data: www.googletagmanager.com;media-src 'self' blob: https://cdn.eigpropertyauctions.co.uk;frame-src 'self' www.youtube.com www.google.com www.facebook.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' maps.googleapis.com ipapi.co *.google-analytics.com https://livestream.eigpropertyauctions.co.uk https://bidding.eigpropertyauctions.co.uk www.facebook.com wss://livestream-service.eigpropertyauctions.co.uk livestream-service.eigpropertyauctions.co.uk wss://eig-liveauctions-uks-prod.service.signalr.net eig-liveauctions-uks-prod.service.signalr.net wss://eig-ams-livestream-prod.service.signalr.net eig-ams-livestream-prod.service.signalr.net;base-uri 'self';child-src 'self';form-action 'self' www.facebook.com;frame-ancestors 'self' *;report-uri https://eigroup.report-uri.com/r/d/csp/enforce 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com https://cdn4.mxpnl.com http://fast.appcues.com https://*.freshworks.com https://js.mollie.com/v1/mollie.js https://*.freshchat.com https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js https://cdn.wootric.com/wootric-sdk.js https://*.wootric.eu https://cdn-visma-app-switcher-faatcndaebg3hqhu.z01.azurefd.net/webcomponents/index.js https://*.securelogin.nu https://uptime.betterstack.com/widgets/announcement.js; frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com; img-src 'self' https: data: http:; 3 ... 3 upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src *; frame-src *; connect-src * 3 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; worker-src 'self' blob:; font-src 'self' data: https://*; 3 default-src 'self'; script-src 'self' https://sgtm.essencemediacom.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com https://cdn.cookielaw.org https://recaptcha.net https://www.gstatic.com https://ajax.cloudflare.com https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://static.oktopost.com https://okt.to https://unpkg.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.groupm.com https://*.wppmedia.com 'unsafe-inline' ; style-src 'self' https://p.typekit.net https://use.typekit.net https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.datocms-assets.com https://images.ctfassets.net https://i.ytimg.com https://cdn.cookielaw.org https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://analytics.google.com https://px.ads.linkedin.com https://creativereview.imgix.net https://static.licdn.com https://miro.medium.com https://www.theverge.com https://www.wpp.com https://www.groupm.com https://*.groupm.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.wppmedia.com data: https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.wppmedia.admin.datocms.com 'self' https://analytics.google.com https://*.essencemediacom.admin.datocms.com https://www.gstatic.com https://*.datocms-assets.com https://ssl.gstatic.com https://*.analytics.google.com https://www.wpp.com https://www.theverge.com https://www.googletagmanager.com https://i.ytimg.com https://px.ads.linkedin.com https://*.g.doubleclick.net https://creativereview.imgix.net https://miro.medium.com https://plugins-cdn.datocms.com https://www.essencemediacom.com https://static.licdn.com https://*.google-analytics.com https://www.linkedin.com https://cdn.cookielaw.org https://*.essencemediacom.com https://www.groupm.com https://images.ctfassets.net https://*.wppmedia.com https://*.googletagmanager.com https://*.groupm.com data:; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; connect-src 'self' https://www.wpp.com https://www.groupm.com https://*.groupm.com https://www.essencemediacom.com https://creativereview.imgix.net https://static.licdn.com https://miro.medium.com https://www.theverge.com https://images.ctfassets.net https://videos.ctfassets.net https://www.datocms-assets.com https://cdn.cookielaw.org https://p.typekit.net https://use.typekit.net https://*.onetrust.com https://recaptcha.net https://i.ytimg.com https://www.youtube.com https://www.gstatic.com https://api.mapbox.com https://events.mapbox.com https://unpkg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://analytics.google.com https://static.oktopost.com https://okt.to https://static.ads-twitter.com https://snap.licdn.com https://analytics.clickdimensions.com https://px.ads.linkedin.com https://www.essencemediacom.com https://*.essencemediacom.com https://*.wppmedia.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://www.youtube.com https://recaptcha.net; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://plugins-cdn.datocms.com http://localhost https://essencemediacom.admin.datocms.com https://wppmedia.admin.datocms.com; media-src 'self' https://*.datocms-assets.com; object-src 'self' data:; 3 frame-ancestors: 'none' 3 frame-ancestors https://www.facebook.com 3 default-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; frame-ancestors *; 3 frame-ancestors *.nha.nl *.nha.be *.nhad.de *.buddywise.nl 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; 3 upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data: blob:; font-src * data:; media-src 'self' https://eu.ftp.opendatasoft.com/odsacademy/ ; connect-src 'self' *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com https://*.screeb.app *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ www.veed.io/embed/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html www.arcgis.com/apps/dashboards/ app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php experience.arcgis.com/experience/; 3 object-src 'self' blob; 3 frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 3 default-src 'none'; style-src 'unsafe-inline' 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com *.vimeo.com vimeo.com static.hotjar.com trck.linkster.co *.chat.getzowie.com ct.pinterest.com; worker-src 'self' blob: app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu; connect-src 'self' data: sockjs-us3.pusher.com eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com sumo.com ct.pinterest.com googleads.g.doubleclick.net bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.hyr.so *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.vimeo.com vimeo.com *.hotjar.io wss://*.hotjar.com trck.linkster.co *.chat.getzowie.com *.parcellab.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' data: tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com; font-src 'self' data: assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com script.hotjar.com cdn.flbx.io benuta-sandbox.bynder.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net *.vimeo.com vimeo.com; manifest-src 'self' 3 frame-ancestors 'self' https://app.medifox-therapie.de 3 default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 3 object-src 'none'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 3 default-src 'self' *.smartbox.com *.bongo.be *.bongo.nl *.emozione3.it *.lavidaesbella.es *.dakotabox.es *.dakotabox.fr *.cadeaubox.be *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sbxtest.net *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net t.contentsquare.net app.contentsquare.com static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io sts.comp.eu blob: sts.ccmp.eu s.kk-resources.com px.ads.linkedin.com xd.wayin.com u360.d-bi.fr demob2c.wbe.travel c7.dycdn.net *.cloudfront.net am.freshrelevance.com c.contentsquare.net cm.everesttech.net smartbox.demdex.net img-statics.com get.smart-data-systems.com stats.webleads-tracker.com precart-js.s3-website-eu-west-1.amazonaws.com sp.analytics.yahoo.com eqy.link track.adform.net s.yimg.com s2.adform.net ws: wss: cdn.wisepops.com loader.wisepops.com popup.wisepops.com tracking.wisepops.com pixel.bsmartdata.com creativecdn.com payments-de-sandbox.amazon.com *.outbrain.com widget.trustpilot.com sc-static.net tr.snapchat.com cdn.jsdelivr.net ga-demographics-into-adobe.ew.r.appspot.com smartbox-france.my.join-stories.com www.link-page.info *.criteo.com exchange.mediavine.com sync-t1.taboola.com criteo-sync.teads.tv visitor.omnitagjs.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com tags.creativecdn.com ams.creativecdn.com fledge-eu.creativecdn.com images.unsplash.com unsplash.com fonts.join-stories.com images.join-stories.com videos.join-stories.com api.stories.studio *.my.join-stories.com s3.eu-west-3.amazonaws.com s.pinimg.com signals.aimtell.com content.wbeapi.com *.adn.cloud static.ada.support rollout.ada.support smartbox.ada.support cdn.linkedin.oribi.io s.wayin.com unpkg.com stats.g.doubleclick.net k-aeul.contentsquare.net c.contentsquare.net wss://am.freshrelevance.com region1.google-analytics.com measurement-api.criteo.com td.doubleclick.net analytics.tiktok.com x.wayin.com payment.direct.worldline-solutions.com google.hr cdn.brcdn.com p-eu.brsrvr.com *.brsrvr.com; frame-ancestors 'self' https://www.rodelife.com; 3 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 3 default-src 'self'; style-src 'self' 'unsafe-inline' *.bazaarvoice.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.salesforce-scrt.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.adsrvr.org/ *.applicationinsights.io/ *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net p.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bazaarvoice.com/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.applicationinsights.io/ *.cloudfront.net/ *.adsrvr.org/ *.amazon-adsystem.com/ blob: https://js-agent.newrelic.com/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/ *.tiktok.com/ *.jsdelivr.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net; img-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ *.salesforce-scrt.com/ *.paypalobjects.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ https://www.aptaclub.co.uk/ *.applicationinsights.io/ *.adsrvr.org/ *.adition.com/ *.danoneskyr.co.uk/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/ *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io p.typekit.net; frame-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.algolia.net/ *.applicationinsights.io/ *.algolia.io/ *.addthis.com *.adsrvr.org/ *.adyen.com/ *.danoneskyr.co.uk/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.amazonaws.com/ *.adsrvr.org/ *.applicationinsights.io/ *.example.com/ *.paa-reporting-advertising.amazon/ *.tapad.com/ *.azure.com/ *.amazon-adsystem.com/ https://bam.eu01.nr-data.net/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com *.tiktok.com/ *.google.com/ https://*.algolianet.com *.visualwebsiteoptimizer.com app.vwo.com performance.typekit.net; font-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.adyen.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/ *.google.com/ use.typekit.net; media-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.briteverify.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.google.com/ 3 default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com cookiehub.net static.cookiehub.com plausible.io *.google.com *.gstatic.com isavia.atlassian.net *.infogram.com *.cookiebot.eu ucarecdn.com siteimproveanalytics.com *.facebook.net *.sojern.com *.doubleclick.net *.adnxs.com *.adsrvr.org *.klaviyo.com vercel.live *.hotjar.com ; img-src 'self' data: blob: i.vimeocdn.com *.contentstack.com i.ytimg.com *.siteimproveanalytics.io *.usercentrics.eu *.facebook.com *.google.com *.google.is *.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cookiehub.net static.cookiehub.com p.typekit.net; font-src 'self' fonts.gstatic.com use.typekit.net; frame-src www.youtube-nocookie.com www.youtube.com player.vimeo.com *.google.com *.contentstack.com isavia.atlassian.net *.infogram.com consentcdn.cookiebot.eu *.doubleclick.net maps.kefairport.is maps.kefairport.com app.taktikal.is www.googletagmanager.com vercel.live; media-src 'self' *.contentstack.com *.youtube.com; connect-src 'self' ws: wss: vimeo.com plausible.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com ds.cookiehub.net cookiehub.net *.botpoison.com *.contentstack.com api.worldweatheronline.com submit-form.com *.uploadcare.com *.cookiebot.eu *.doubleclick.net *.google.com *.sojern.com *.facebook.com *.hotjar.com *.hotjar.io *.google.is; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quarticon.com/ https://info.quarticon.com/; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://cdn.pixabay.com/ https://*.quarticon.com/ https://quarticon.com/; object-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; frame-src 'self' data: https://*.quarticon.com/ https://info.quarticon.com/; 3 frame-ancestors 'self' https://cms.vistry.co.uk/ *.vistry.co.uk 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 3 “default-src" 3 default-src 'self'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' * ; style-src 'self' https://* 'unsafe-inline' ; img-src 'self' data: https://*; font-src 'self' data: https://*; connect-src 'self' https://*; frame-src 'self' https://*; 3 default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net a4560576362315776.cdn.optimizely.com a4560576362315776.cdn-pci.optimizely.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost app.optimizely.com; 3 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org *.hotjar.io *.hotjar.com *.typeform.com *.googleapis.com *.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org https://cdnjs.cloudflare.com https://unpkg.com *.typekit.net *.gbox.me *.addressy.com; connect-src 'self' *.amazonaws.com *.tidio.co *.googlesyndication.com/ https://pct.formstack.com *.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com *.google-analytics.com *.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ *.typeform.com *.datadome.co ct.captcha-delivery.com https://rum.browser-intake-datadoghq.com https: wss:; img-src cdnjs.cloudflare.com https: data:; font-src 'self' https://fonts.gstatic.com *.hotjar.com *.tidiochat.com *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' widget-v4.tidiochat.com *.culturaldistrict.org; frame-src 'self' *.widgets.resy.com *.googletagmanager.com *.approveforgood.com/ https://geo.captcha-delivery.com *.applytojob.com/ *.doubleclick.net https://aa.trkn.us *.culturaldistrict.org *.formstack.com *.googlesyndication.com/ *.jotform.com/ *.pittsburghsymphony.org https://form.typeform.com/ *.youtube.com https://www.youtube-nocookie.com/ https://w.soundcloud.com/ https://e.issuu.com https://insight.adsrvr.org https://player.vimeo.com *.facebook.com *.google.com *.recaptcha.net https://online.anyflip.com https://albumizr.com/ https://checkoutshopper-live-us.adyen.com/; frame-ancestors 'self'; worker-src blob:; 3 script-src https://avdonl-s-checkout-fe.azureedge.net/cdn/static/js/main.js https://avdonl-p-checkout-fe.azureedge.net/cdn/static/js/main.js https://checkout-cdn.avarda.com/cdn/static/js/main.js https://stage.checkout-cdn.avarda.com/cdn/static/js/main.js https://bat.bing.com https://*.clerk.io https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.med24.dk/ blob: https://*.med24.no/ blob: https://*.med24.se/ https://ga.jspm.io/npm:es-module-shims@1.10.0/dist/es-module-shims.js https://connect.facebook.net https://*.getsitecontrol.com 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarna.com https://*.playground.klarnaevt.com https://chimpstatic.com https://at.med24.dk https://at.med24.se https://at.med24.no https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://s.kk-resources.com https://*.fls.doubleclick.net https://*.crazyegg.com https://js.go2sdk.com/v2/tune.js https://*.mouseflow.com 'unsafe-eval' 'unsafe-inline' https://*.perfectcorp.com 'unsafe-eval' 'unsafe-inline' https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/5683fc5e/www-widgetapi.vflset/www-widgetapi.js ; font-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/ https://avdonl-s-checkout-fe.azureedge.net/cdn/ 'self' data: https://*.getsitecontrol.com https://*.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://*.mouseflow.com https://*.perfectcorp.com; img-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/images/ https://avdonl-p-checkout-fe.azureedge.net/cdn/images/ https://avarda.com/media/ https://bat.bing.com https://*.commerce-connector.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://*.getsitecontrol.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://ade.googlesyndication.com https://static.intercomassets.com https://js.intercomcdn.com https://gifs.intercomcdn.com https://downloads.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarnaevt.com https://s.kelkoogroup.net https://collect.med24.dk https://collect.med24.no https://collect.med24.se https://med24.dk https://med24.no https://med24.se https://www.med24.dk https://www.med24.no https://www.med24.se https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://miljoevenlig-pakning.dk https://*.doubleclick.net https://*.mouseflow.com https://www.partner-ads.com https://*.perfectcorp.com https://*.makeupar.com https://*.beautycircle.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://card-payment-frame.stage.avarda.com https://card-payment-frame.production.avarda.com https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consentcdn.cookiebot.com https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://*.getsitecontrol.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://adservice.google.com/ https://*.klarna.com https://*.klarnacdn.net https://form.jotform.com https://submit.jotformeu.com https://*.fls.doubleclick.net https://*.doubleclick.net https://*.mouseflow.com https://*.netseidbroker.dk https://netseidbroker.pp.mitid.dk https://*.perfectcorp.com https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/ https://www.youtube-nocookie.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://*.sleeknote.com; connect-src 'self' https://*.getsitecontrol.com https: wss://*.intercom.io https://*.mouseflow.com https://*.perfectcorp.com; object-src 'self'; worker-src 'self'; child-src https://*.getsitecontrol.com https://*.mouseflow.com https://*.perfectcorp.com; media-src https://*.gstatic.com 3 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors *.editor.geze.com *.livetest.geze.com *.geze.com geze.com *.geze.de geze.de *.ddev.site 3 upgrade-insecure-requests;frame-ancestors 'self' 3 font-src *; require-sri-for script style; upgrade-insecure-requests 3 form-action 'self', frame-ancestors 'self' 3 frame-ancestors 'self' https://geocentric.com https://citylight.studio 3 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dev.azure.com https://login.microsoftonline.com/ https://spsprodcus2.vssps.visualstudio.com https://www.datadoghq-browser-agent.com http://www.datadoghq-browser-agent.com https://rum.browser-intake-datadoghq.com http://rum.browser-intake-datadoghq.com https://prefund-reporting.wrightexpresscorpcard.com https://prefund-reporting-api.wrightexpresscorpcard.com https://owi-internal.internal.wexcp.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4558985839575040.storage.googleapis.com data.pendo.io; worker-src 'self' blob http://www.google-analytics.com https://www.google-analytics.com http://cdn.appdynamics.com https://cdn.appdynamics.com http://col.eum-appdynamics.com https://col.eum-appdynamics.com https://tfs.encompass.ninja https://www.youtube.com; frame-ancestors 'self' app.pendo.io; child-src app.pendo.io; frame-src 'self' app.pendo.io; 3 frame-ancestors 'self' https://*.getresponse.com 3 frame-ancestors 'self' *.zendesk.com; 3 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; img-src * data:; connect-src * data:; 3 base-uri 'self' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://api.segment.io https://api.segment.com https://track.segment.com https://cdn.segment.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://api.segment.io https://api.segment.com https://track.segment.com https://cdn.segment.com; frame-ancestors https://myprofile.trimble.com https://stage.myprofile.trimblecloud.com https://myprofile-pt.dev.id.trimblecloud.com https://myprofile-qa.dev.id.trimblecloud.com https://myprofile-qa1.dev.id.trimblecloud.com https://dxdev.my.trimblecloud.com https://dxqa.my.trimblecloud.com https://mytdev.my.trimblecloud.com https://mtqa.my.trimblecloud.com https://dev.my.trimblecloud.com https://sit.my.trimblecloud.com https://uat.my.trimblecloud.com https://my.trimble.com 3 frame-ancestors 'self' https://showroom.alh.de https://www.hallesche.de https://www.alte-leipziger.de https://hallesche.de https://alte-leipziger.de https://vermittlerportal.al-h-konzern.de https://vermittlerportal.de 3 frame-ancestors 'self' https://storecake.io 3 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com https://fonts.cdnfonts.com/s/85546/Satoshi-BlackItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Black.woff https://fonts.cdnfonts.com/s/85546/Satoshi-BoldItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Bold.woff https://fonts.cdnfonts.com/s/85546/Satoshi-MediumItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Medium.woff https://fonts.cdnfonts.com/s/85546/Satoshi-LightItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Light.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Italic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Regular.woff https://s3.amazonaws.com/trustspot-pr-widget/ https://trustspot-app-assets.s3.amazonaws.com *.yotpo.com *.googleapis.com *.gstatic.com https://*.klaviyo.com https://*.zmags.com https://*.getfastr.com https://cdn.reamaze.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.reamaze.com *.reamaze.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://ct.pinterest.com https://*.knocdn.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://*.fls.doubleclick.net https://td.doubleclick.net https://*.wistia.net https://moultrie.locally.com https://cnc-api.zmags.com https://app.viralsweep.com https://ebsco.widen.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://meetanshi.com/media/logo.png https://*.bing.com https://tracking.avantlink.com https://*.adsrvr.org https://*.knocdn.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com store.paradoxlabs.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com media.sezzle.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://app.ravecapture.com https://ravecapture-app-assets.s3.amazonaws.com https://trustspot-product-photos.imgix.net https://trustspot-experience-photos.imgix.net *.yotpo.com https://*.locally.com https://*.zmags.com https://*.getfastr.com https://arttrk.com https://*.clarity.ms https://*.doubleclick.net https://*.moultriefeeders.com https://*.moultrie.com https://*.pradcocommerce.com https://*.summitstands.com https://*.codebluescents.com https://*.knightandhale.com https://*.maxxtuff.com https://*.texashunterproducts.com https://*.lurenet.com https://whiskerseeker.com https://*.whiskerseeker.com https://*.wingscapes.com https://*.simplepets.com https://anilogics.com https://*.anilogics.com https://embed.widencdn.net https://d3k81ch9hvuctc.cloudfront.net https://analytics.tiktok.com https://*.google.ca https://*.google.co.za https://*.google.fr https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://maps.googleapis.com https://*.shgcdn.com https://phosphor.utils.elfsightcdn.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://i.imgur.com/5axkorT.jpg https://*.revenuehunt.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com https://services.nofraud.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://*.avmws.com https://*.experticity.com https://*.bing.com https://*.byspotify.com https://ct.pinterest.com https://s.pinimg.com https://*.knocdn.com https://connect.facebook.net https://*.reddit.com https://*.redditstatic.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://cdn.getblueshift.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://*.zmags.com https://cas.zma.gs https://*.addthis.com https://mpsnare.iesnare.com https://assets.armanet.us https://*.clarity.ms https://analytics.tiktok.com https://*.wistia.net https://*.hotjar.com https://*.newrelic.com https://form.jotform.com https://*.locally.com https://*.viralsweep.com https://*.getshogun.com https://*.shgcdn2.com https://static.elfsight.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.reamaze.com https://push.reamaze.com/assets/reamaze-push.js https://cdnjs.cloudflare.com/ajax/libs/pusher/7.0.1/pusher.min.js dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com fonts.cdnfonts.com unsafe-inline assets.braintreegateway.com https://fonts.cdnfonts.com/css/satoshi https://app.ravecapture.com https://s3.amazonaws.com/trustspot-pr-widget/ *.yotpo.com *.googleapis.com https://cas.zma.gs https://*.zmags.com https://static-tracking.klaviyo.com https://*.getshogun.com https://*.shgcdn2.com https://cdn.reamaze.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src https://www.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: https://cdn.reamaze.com https://*.shgcdn.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sharethis.com https://services.nofraud.com https://*.mmapiws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.spotify.com https://*.experticity.com https://*.bing.com https://*.knocdn.com https://*.knocommerce.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com https://api.getblueshift.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://media.sezzle.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://www.locally.com https://google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cas.zma.gs https://c.zmags.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://analytics.tiktok.com https://srv.armanet.us https://*.clarity.ms https://ct.pinterest.com https://bam.nr-data.net https://*.hotjar.io wss://ws.hotjar.com https://api-js.datadome.co https://*.elfsight.com https://www.storemapper.co https://api.keen.io/3.0/projects/510989052975163052000002/events/queries https://cdn.reamaze.com wss://ws.reamaze.com/app/ https://whisker-seeker-tackle.reamaze.io/ dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://whisker-seeker-tackle.reamaze.io/ 'self' 'unsafe-inline'; report-uri https://c2377b7a62d7a797512c7707793b335c.report-uri.com/r/t/csp/enforce; report-to report-endpoint; 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 3 frame-ancestors 'self' *.teledyne.com 3 default-src 'self' anchor.fm analytics.tiktok.com *.clarity.ms cdn.cookielaw.org *.onetrust.com *.infogram.com scout.salesloft.com scout-cdn.salesloft.com *.driftt.com widget.drift.com *.smartrecruiters.com *.clickagy.com *.zoominfo.com *.coveo.com *.fluidads.com *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com *.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.terminus.services *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.paymentiq.io/; 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.style https://*.59ow.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://cdn.builder.io https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://*.forter.com https://js.volt.io https://static.ads-twitter.com https://js.adsrvr.org;connect-src 'self' 'report-sample' data: blob: ws: wss: https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://*.google.com wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com https://*.bitget.style https://*.59ow.com wss://*.bitget.vin wss://*.bitget.style wss://*.59ow.com https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.omkbic.com:8443 https://*.uykdjs.com wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top wss://*.ada.support wss://*.checkout.com https://cdn.builder.io https://*.onfido.com https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://browser-http-intake.logs.datadoghq.com https://mc.yandex.md https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com;frame-src 'self' 'report-sample' blob: data: https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetpro.site https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.style https://*.59ow.com https://*.saintpay.com https://*.skypay.space https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://*.revolut.com https://*.bitgetimg.com https://*.multiexc.com https://*.thedecard.com https://forms-prod.sprinklr.com https://thedecard.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com https://insight.adsrvr.org;report-uri https://a643dc1f417234b232e383bb33da229f.report-uri.com/r/d/csp/enforce /v1/buried/log/cspSecurity; 3 frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph; 3 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors 'self'; 3 upgrade-insecure-requests; frame-ancestors 'self' https://avalara.sb.amp.vg https://avalara.amp.vg https://partner.avalara.com 3 default-src 'self'; frame-ancestors 'self'; 3 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 3 object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://cdn01.boxcdn.net https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com;connect-src 'self' data: blob: https://img.notionusercontent.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://tiles.openfreemap.org https://maps.googleapis.com https://places.googleapis.com https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com wss://msgstore.www.notion.so https://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn01.boxcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://img.notionusercontent.com https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://fonts.googleapis.com;frame-ancestors 'self' https://www.notion.so notion://www.notion.so https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://notion.notion.site https://notion-templates.notion.site https://identity.notion.so 3 form-action 'self'; report-to csp-endpoint; upgrade-insecure-requests; 3 frame-ancestors 'self' *.storedemo.vn *.storedemo.vn *.botcake.io *.pancake.vn *.storecake.net 3 frame-ancestors https://www.facebook.com/ 3 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; connect-src https: wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://*.hotjar.com *.doubleclick.net; img-src https: data:; manifest-src 'self'; media-src https:; worker-src 'self'; 3 default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-H/qD7Jl4/ZhYpH00aG9fel4uuqcGhnJ6mSFRqB7jn1I=' 'self' 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; 3 script-src 'unsafe-inline' 'unsafe-eval' 'self' http://piwik.cyberplat.com/ https://piwik.cyberplat.com/ http://analytics.cyberplat.com/ https://analytics.cyberplat.com/ http://code.jquery.com/ https://code.jquery.com/ 3 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; frame-ancestors 'self'; script-src-elem 'unsafe-inline' 'unsafe-eval' https: data:; 3 style-src 'self' 'unsafe-inline'; 3 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com *.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us www.google.com/recaptcha www.gstatic.com/recaptcha unpkg.com www.google-analytics.com cdn.amplitude.com www.gravatar.com stats.g.doubleclick.net js.stripe.com d3op16id4dloxg.cloudfront.net www.google.com/maps/api www.xm-apps-static.com; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com *.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us www.google.com/recaptcha www.gstatic.com/recaptcha unpkg.com www.google-analytics.com cdn.amplitude.com www.gravatar.com stats.g.doubleclick.net js.stripe.com d3op16id4dloxg.cloudfront.net www.google.com/maps/api www.xm-apps-static.com; 3 font-src 'self' https://script.hotjar.com; 3 frame-ancestors 'self'; script-src 'self' cdn.rudderlabs.com js.stripe.com/v3 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https: http:; font-src 'self' https: data:; connect-src 'self' https: wss: ws: data: http://127.0.0.1:11100; frame-src 'self' https: blob:; object-src 'none'; base-uri 'self'; media-src 'self' blob: https:; 3 upgrade-insecure-requests; frame-ancestors https://app.contentful.com 3 frame-ancestors 'self'; form-action 'self' 3 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 3 img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 3 connect-src https://*.ospito.nl https://*.googleapis.com https://*.gstatic.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://app.greenweb.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 3 default-src https: 'unsafe-inline' data: 3 script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com *.pinterest.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com *.doubleclick.net *.criteo.com *.pinterest.com *.facebook.com; 3 default-src 'self' *.quantummetric.com 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; object-src 'self'; style-src * 'unsafe-inline'; media-src * 'unsafe-inline'; script-src 'self' *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.wufoo.com *.gstatic.com js.hsforms.net *.orders.com *.googleapis.com *.clarity.ms *.navitor.com *.google.com *.yieldify.com *.hs-scripts.com *.visualwebsiteoptimizer.com tag.rmp.rakuten.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.rd.linksynergy.com *.googleadservices.com *.xg4ken.com *.andersons.com *.paperdirect.com *.rhymeuniversity.com *.alphabetu.com *.itselementary.com *.littlegraduates.com *.paradefloatsuppliesnow.com *.promnite.com *.yimg.com *.pinterest.com *.quantummetric.com *.pinimg.com *.google-analytics.com *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.googletagmanager.com *.sc.pages03.net *.groupbycloud.com *.pinimg.com *.bing.com *.google-analytics.com *.g.doubleclick.net *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.powerreviews.com *.pubhtml5.com *.facebook.net *.unbxdapi.com 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; worker-src blob:; child-src blob:;frame-ancestors 'self' *.theprom.us http://localhost:3000 3 frame-ancestors 'self' https://matomo.cibtp.fr 3 frame-ancestors 'self' https://www.ruralvia.com https://oficinas.globalcaja.es https://ruralviasimuladores.afi.es; 3 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; 3 frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self';font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 3 script-src http: https: http://romet-magento-varnish-svc:80/ https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' http://romet-magento-varnish-svc:80/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com www.googletagmanager.com consentcdn.cookiebot.com https://bid.g.doubleclick.net https://td.doubleclick.net 3 default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 3 report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors *; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 3 default-src 'self' blob: https: wss: data: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 3 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: *; child-src blob: ; 3 frame-src 'self' consentcdn.cookiebot.com gvb-quiz.vercel.app www.facebook.com gvb.demdex.net www.youtube.com www.tiktok.com *.google.com newassets.hcaptcha.com form.typeform.com typeform.com www.typeform.com bid.g.doubleclick.net activitymap.adobe.com vars.hotjar.com gvb.ch gvb-privatversicherungen.ch hausinfo.ch wetteralarm.ch alarmemeteo.ch allarmemeteo.ch *.doubleclick.net *.demdex.net outlook.office365.com moneypark.ch embed.eventfrog.ch dev-webgis.gvb.ch webgis.gvb.ch www.googletagmanager.com calendly.com propertyowners.digitalpath.pt feedback.echonovum.com; child-src blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' gvb-quiz.vercel.app gvbdev.b-cdn.net gvbtest.b-cdn.net gvb.b-cdn.net gvba.b-cdn.net consent.cookiebot.com consentcdn.cookiebot.com hcaptcha.com newassets.hcaptcha.com js.hcaptcha.com plugins.flockler.com dpm.demdex.net www.googletagmanager.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com embed.typeform.com activitymap.adobe.com www.youtube.com www.tiktok.com www.googleoptimize.com static.hotjar.com script.hotjar.com *.google.com snap.licdn.com *.fusedeck.net *.demdex.net cm.everesttech.net assets.adobedtm.com moneypark.ch static.elfsight.com universe-static.elfsightcdn.com embed.eventfrog.ch assets.calendly.com gvb.imgix.net code.createjs.com *.adform.net cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self' wetterhuette.ch ; 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; form-action 'self' https://www.server-team1.de https://www.server-team3.de; child-src 'self' https://www.google.com https://www.server-team1.de https://www.server-team3.de; frame-ancestors 'self'; connect-src 'self' https://api.imgur.com; report-uri 'self'; report-to 'self'; 3 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru business.tinkoff.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru tglk.ru cobrowsing.tinkoff.ru cobrowsing.tbank.ru cdn.tbank.ru cfg.tinkoff.ru www.tbank.ru api-statist.tinkoff.ru business.tbank.ru www.cdn-tinkoff.ru error-hub.tbank.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tbank.ru securepay.tinkoff.ru imgproxy.cdn-tinkoff.ru id.tbank.ru api.mindbox.ru forma.tbank.ru polls.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru business.t-static.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru 3 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; 3 worker-src blob:; 3 default-src *;img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' * 3 frame-ancestors ; upgrade-insecure-requests; 3 frame-ancestors 'self' *.get-paid.com *.flokigames.com *.localhost freebitcoin.io http://localhost:3000 3 font-src 'self' fonts.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: static.lipscore.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'unsafe-inline'; form-action 'self' pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.paypal.com www.elfbar.co.uk www.lostmary.co.uk api.ometria.com www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.skecrystalbar.com 'unsafe-inline' *; frame-ancestors 'self' www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com; frame-src 'self' *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.alahli.com *.gps.com.bh *.alinma.com *.google.com *.facebook.com *.trustpilot.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.paypal.com *.weltpixel.com t.sharethis.com elfbar.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com api.agechecked.com *.cookiebot.com *.elfbar.com *.lost-mary.com *.odysee.com odysee.com 'unsafe-inline' https://live.opayo.eu.elavon.com/ *.affiliatefuture.com/*; img-src 'self' assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.paypal.com ebizmarts-website.s3.amazonaws.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net static.lipscore.com blob: img.youtube.com https://cc-cdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ts.tradetracker.net www.magmodules.eu maps.googleapis.com *.aptrinsic.com storage.googleapis.com amasty.com l.sharethis.com d1f0tbk1v3e25u.cloudfront.net www.google.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.sharethis.com google.co.uk *.google-analytics.com trk.ometria.com *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com 'unsafe-inline' imgsct.cookiebot.com; script-src 'self' 'unsafe-eval' assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.agechecked.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.trackedlink.net snap.licdn.com chimpstatic.com *.adyen.com *.zopim.com *.zdassets.com *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com static.lipscore.com https://cc-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com tm.tradetracker.net https://www.googletagmanager.com tagmanager.google.com unpkg.com maps.googleapis.com *.aptrinsic.com https://www.gstatic.com platform-api.sharethis.com www.googleoptimize.com dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d81mfvml8p5ml.cloudfront.net buttons-config.sharethis.com t.sharethis.com static.zdassets.com agechecked.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.cloudfront.net *.sharethis.com googleoptimize.com *.zendesk.com r1-t.trackedlink.net google-analytics.com widget.trustpilot.com *.cookiebot.com/ cookiebot.com/* *.dycdn.net unpkg.com/* https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.umd.js' *.ometria.com/* *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com 'unsafe-inline' cdn.ometria.com analytics.ahrefs.com https://live.opayo.eu.elavon.com https://tags.affiliatefuture.com/7474.js; style-src 'self' *.adobe.com *.agechecked.com fonts.googleapis.com *.opayo.eu.elavon.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cc-cdn.com static.lipscore.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.aptrinsic.com https://www.gstatic.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com totalvapour.co.uk/static/* www.totalvapour.co.uk/* https://www.totalvapour.co.uk/* recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk 'unsafe-inline' cdn.ometria.com; object-src 'self' www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'unsafe-inline'; media-src 'self' *.adobe.com *.zopim.com flavourwarehouse.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.zdassets.com dbh4s5ja0maaw.cloudfront.net/security_video.mp4 youtube.com https://dbh4s5ja0maaw.cloudfront.net/verify/verify_product.mp4 'unsafe-inline'; manifest-src 'self' www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'unsafe-inline'; connect-src 'self' dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk wapi.lipscore.com users.lipscore.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com *.facebook.net *.aptrinsic.com l.sharethis.com am.freshrelevance.com dn1i8v75r669j.cloudfront.net ekr.zdassets.com www.kattel.com invitejs.trustpilot.com oversight.stwaw.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com wss://am.freshrelevance.com kattel.com/* *.dycdn.net *.elfbar.com *.cookiebot.com cookiebot.com/* *.lost-mary.com *.stbuttons.click *.crwdcntrl.net *.odysee.com odysee.com 'unsafe-inline' analytics.ahrefs.com; child-src 'self' assets.braintreegateway.com c.paypal.com *.paypal.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com http: https: blob: 'unsafe-inline'; default-src 'self' 'unsafe-eval' www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'unsafe-inline'; base-uri 'self' www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'unsafe-inline'; report-uri /fw_csp_collector.php; 3 default-src 'self'; script-src 'self' 'unsafe-eval' https://*.cookiebot.eu https://consentcdn.cookiebot.com https://consent.cookiebot.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.bidtheatre.com https://*.proact.co.uk https://*.proact.nl https://*.proact.de https://*.proact.se https://widget.datablocks.se https://*.hotjar.com https://player.vimeo.com https://yoast.com https://*.facebook.net/ https://www.google.com https://*.gstatic.com https://*.licdn.com/ https://*.yourwoo.com https://*.albacross.com https://*.cision.com https://*.pardot.com https://cdnjs.cloudflare.com/ajax/ https://*.cookiebot.com https://*.cookiebot.eu https://*.conoa.se https://*.proact.eu https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://widget.datablocks.se https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hub.mfn.se/ https://widget.datablocks.se wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://vimeo.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.albacross.com https://*.yoast.com https://*.cision.com https://consentcdn.cookiebot.com https://*.cookiebot.eu https://*.google.com https://*.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' blob: https://proactcalculator.hut3staging.com https://www.google.com https://www.facebook.com https://*.cookiebot.eu https://consentcdn.cookiebot.com https://go.proact.eu https://player.vimeo.com; frame-ancestors 'self'; img-src 'self' data: https://*.doubleclick.net https://*.adsrvr.org https://*.casalemedia.com https://*.adswizz.com https://*.adnxs.com https://*.adform.net https://*.pubmatic.com https://*.smartadserver.com https://*.bidtheatre.com https://*.rubiconproject.com https://*.stickyadstv.com https://*.smartclip.net https://storage.mfn.se https://widget.datablocks.se https://*.cookiebot.eu https://*.cookiebot.com https://*.facebook.com https://*.linkedin.com https://*.yourwoo.com https://*.albacross.com https://*.proact.eu https://*.cision.com https://i.vimeocdn.com https://s.w.org https://www.google-analytics.com www.google.com google.com www.google.de google.de www.google.se google.se www.google.co.uk google.co.uk www.google.nl google.nl https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 3 frame-ancestors 'self' https://www.youtube.com 3 default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; report-uri https://api.mbgiving.com/Internal/CSPReportUri; 3 font-src *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ *.addthis.com *.facebook.com *.twitter.com *.multisafepay.com https://pay.google.com https://plumrocket.com td.doubleclick.net www.kiyoh.com googleads.g.doubleclick.net *.google.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.trackedlink.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.addthisedge.com *.twitter.com *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.nl *.bing.net *.analytics.google.com *.pharmacy4petsdev.hypernode.io *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl pharmacy4pets.de pharmacy4pets.fr pharmacy4pets.es pharmacy4pets.com pharmacy4pets.nl *.kommunicate.io s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.multisafepay.com https://pay.google.com *.hotjar.com bat.bing.com widget.freshworks.com *.freshdesk.com www.smartsuppchat.com widget-v3.smartsuppcdn.com www.clarity.ms sst.pharmacy4pets.fr *.pharmacy4petsdev.hypernode.io *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com *.kommunicate.io 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.commerce-payment-services.com *.cloudflare.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleadservices.com https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.magento-ds.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.typekit.net use.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.multisafepay.com widget-v3.smartsuppcdn.com widget.freshworks.com *.freshdesk.com static-tracking.klaviyo.com *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl www.googletagmanager.com *.kommunicate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.kommunicate.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io google-analytics.com *.google-analytics.com googleads.g.doubleclick.net bootstrap.smartsuppchat.com widget.freshworks.com *.freshdesk.com *.smartsuppcdn.com wss://websocket-visitors.smartsupp.com *.googlesyndication.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl *.clarity.ms *.omappapi.com spotlersearchanalytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com pay.google.com *.kommunicate.io *.bing.net wss://*.kommunicate.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 style-src 'self' 'unsafe-inline' 3 upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 3 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.stripe.com https://*.dpdconnect.nl *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cookiebot.com *.cookiebot.eu api.justreview.co justreview.co https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com https://*.dpdconnect.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com consent.cookiebot.com consent.cookiebot.eu api.justreview.co justreview.co apis.google.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com api.justreview.co justreview.co google.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com api.justreview.co ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src 'self'; 3 default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 3 frame-ancestors *; report-uri /_/commcsp?disposition=enforce; 3 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/ https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ https://cdn.jsdelivr.net https://purecatamphetamine.github.io *.userway.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.disqus.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net accounts.google.com connect.facebook.net *.bolt.com *.commerce-quick-checkout.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.userway.org https://assets-cdn.woowup.com https://js.pusher.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com https://cdn.jsdelivr.net *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.facebook.com *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src https://fonts.gstatic.com/ https://fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://*.cardinalcommerce.com/ 'self' 'unsafe-inline'; 3 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com cdn.noibu.com *.hubspot.com *.hubspotfeedback.com *.payfabric.com cdn.userway.org; report-uri /.webscale/csp-report 3 frame-ancestors 'self'; script-src 'self' 'unsafe-inline'; object-src 'none' 3 img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data:;frame-ancestors 'self' 3 frame-ancestors 'self' *.ubiqeducation.com *.amais.com ubiq-staging.azurewebsites.net ubiq.azurewebsites.net;Upgrade-Insecure-Requests; 3 frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 3 frame-ancestors 'self' https://www.mscbook.com https://virtual-tours.msccruises.com; 3 default-src 'self' static.pw.live; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.gstatic.com *.googletagmanager.com blob: *.moengage.com *.doubleclick.net *.cloudflare.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com *.juspay.in *.appsflyer.com *.razorpay.com *.facebook.com static.pw.live *.cloudfront.net *.google.com *.google.co.in *.jsdelivr.net *.mfilterit.net *.googleadservices.com *.clarity.ms unpkg.com otpless.com sc-static.net *.pw.live pw.live; connect-src 'self' *.pwskills.com unpkg.com *.iconify.design *.clarity.ms *.gstatic.com *.penpencil.co *.google.com *.google.co.in *.googleapis.com *.doubleclick.net *.sentry.io wss://*.penpencil.co wss://*.penpencil.net *.googletagmanager.com *.moengage.com wss://*.pwdev.link *.google-analytics.com *.razorpay.com *.juspay.in *.appsflyer.com static.pw.live blob: *.amazonaws.com *.conviva.com *.bitgravity.com *.cloudfront.net *.agora.io wss://*.agora.io:* *.sd-rtn.com wss://*.sd-rtn.com:* *.facebook.com *.youtube.com *.ytimg.com *.pw.live *.payu.in *.cloudflare.com *.jsdelivr.net *.physicswallah.live *.pallycon.com *.olamaps.io *.otpless.app api.penpencil.xyz us1.api-bdc.net *.onelink.me; frame-ancestors 'self' *.physicswallah.live *.pw.live *.pwgulf.com *.xylem.live *.curiousjr.com *.pwops.in *.penpencil.co pwolympiad.com file:; frame-src 'self' *.pw.live *.doubleclick.net *.youtube.com *.juspay.in *.xylem.live *.razorpay.com *.facebook.com *.youtube-nocookie.com tel: * *.physicswallah.live; img-src 'self' data: *.google.co.in *.google.com static.pw.live *.googletagmanager.com *.ytimg.com blob: *.amazonaws.com data: *.cloudfront.net *.facebook.com *.moengage.com *.youtube.com *.googleusercontent.com *.physicswallah.live *.google.com *.pw.live *.gravatar.com; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' static.pw.live *.cloudfront.net *.cloudflare.com *.google.com *.pw.live pw.live; font-src static.pw.live *.gstatic.com *.jsdelivr.net data:; worker-src 'self' blob:; Media-src 'self' static.pw.live blob: *.pw.live *.penpencil.co *.cloudfront.net blob: *.curiousjr.com *.penpencil.xyz; report-uri https://api.penpencil.co/v1/student-acquisition/public/csp-reports; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src * 'self' 'unsafe-inline' assets.bounceexchange.com; img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net; font-src * 'self' data: assets.bounceexchange.com; child-src assets.bounceexchange.com; worker-src * 'self' blob: assets.bounceexchange.com; frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com; form-action * 'self' api.bounceexchange.com dev.bounceexchange.com; connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 3 default-src blob: https: wss: 'unsafe-eval' 'unsafe-inline' 'self'; style-src https: 'unsafe-inline'; frame-ancestors https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.doubleclick.net 'self'; frame-src https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.google.com https://*.doubleclick.net 'self'; object-src 'none'; font-src https: data:; img-src https: data:; 3 frame-ancestors 'self' https://s1-eu.ariba.com/ 3 default-src 'self' *.adobeaemcloud.com/ *.crazyegg.com/ *.hotjar.com/ *.hotjar.io/ *.youtube.com/ https://app.chargebee.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.googlesyndication.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.blueconic.net/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/; style-src 'self' *.gigya.com/ *.tiktok.com *.typekit.net/ *.contactpigeon.com/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.ggpht.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ *.google.mk/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.hotjar.com/ *.hotjar.io/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.crazyegg.com/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ 'unsafe-inline'; script-src 'self' *.gigya.com/ https://player.vimeo.com/ https://js-agent.newrelic.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://dh-playbook.danone.com/ *.licdn.com *.usercentrics.eu *.ggpht.com/ *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.docandu.com/ *.googletagmanager.com/ *.contactpigeon.com/ https://www.google.nl/ *.google.mk/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.outbrain.com/ *.hotjar.com/ *.hotjar.io/ *.google.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ *.gbqofs.com/ https://sgtm.nutricia.de/ *.crazyegg.com/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.algolia.net/ *.blueconic.net/ *.linkedin.oribi.io/ *.linkedin.com/ *.adnxs.com/ *.vivenio.de/ *.doubleclick.net/ *.amazon-adsystem.com/ *.google.ie/ *.google.co.in/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.gigya.com/ *.vimeocdn.com/ *.usercentrics.eu *.contactpigeon.com/ *.jquery.com/ https://dev.day.com/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://www.aptaclub.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.hotjar.com/ *.hotjar.io/ *.google.ie/ *.google.mk/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr *.taboola.com/ *.crazyegg.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.sxp.smartclip.net/ *.rubiconproject.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.ggpht.com/ *.google.gr/ *.blueconic.net/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.google.es/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/; frame-src 'self' *.gigya.com/ *.akamaized.net https://soundcloud.com/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://staging.nutriciaprofessional.id/ https://staging-medtools.nutriciaprofessional.id/ https://medtools.nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.ggpht.com/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.paypal.com *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/ *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.google.mk/ *.lpsnmedia.net/ *.hotjar.io/ *.crazyegg.com/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.algolia.net/ *.blueconic.net/ *.tagcommander.com/ *.google.de/ ; worker-src 'self' blob: ; connect-src 'self' *.adobe.io/ *.gigya.com/ *.algolianet.com/ *.contactpigeon.com/ *.algolia.io/ https://bam.eu01.nr-data.net/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ https://dh-playbook.danone.com/ *.usercentrics.eu *.teads.tv/ *.ggpht.com/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ *.gbqofs.com/ *.gbqofs.io/ https://assets.adobedtm.com/ *.crazyegg.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.facebook.net/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.algolia.net/ *.blueconic.net/ *.linkedin.oribi.io/ wss://*.hotjar.com/ *.hotjar.com/ *.hotjar.io/ *.linkedin.com/ *.google-analytics.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.mk/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ ; font-src 'self' *.gigya.com/ *.danone-dtc.net *.typekit.net/ https://dh-playbook.danone.com/ https://nutriciaprofessional.id/ https://documentservices.adobe.com/ https://globalcdns.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/ https://squarelovin.com/ *.googlesyndication.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ *.google.mk/ https://vjs.zencdn.net/; media-src 'self' *.lpsnmedia.net/ *.squarelovin.com/ https://squarelovin.com/ *.blueconic.net/ https://app.chargebee.com/ *.crazyegg.com/ *.hotjar.com/ *.hotjar.io/ *.amazon-adsystem.com/ *.googlesyndication.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.mk/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.digital4danone.com/ ; 3 default-src 'self' data: https://sn2.org *; connect-src 'self' https://sn2.org *; base-uri 'self' *; form-action 'self' *; img-src 'self' data: https://sn2.org *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sn2.org *; style-src 'self' 'unsafe-inline' https://sn2.org *; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: ; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: ; style-src data: 'unsafe-inline' https: ; img-src data: https: blob: ; font-src data: https: ; connect-src https: wss: ;media-src https: blob: ; object-src https: ; child-src https: data: blob: ; form-action https: ; block-all-mixed-content 3 default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube-nocookie.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr *.byspotify.com *.tiktok.com cdn.cookielaw.org eu.textrecruit.com *.hotjar.com sc-static.net secure.data-insight365.com cdn.leadinfo.net *.ldnfrpl.com; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz unpkg.com/leaflet@1.7.1/dist/leaflet.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.Default.css cdn.leadinfo.net; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.youtube-nocookie.com/ *.vimeo.com/ apply.refline.ch engie.taleo.net www.google.com www.buzzsprout.com equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch www.googletagmanager.com ohws.prospective.ch plan-group.acquiretm.com plan-groupca.acquiretm.com; frame-ancestors 'self' https://n3g.4projects.com n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ engie.taleo.net; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz cdn.leadinfo.net data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net *.akstat.io *.tiktok.com *.byspotify.com *.textrecruit.tools *.akamaihd.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.data-driven.fr api.mapbox.com nominatim.openstreetmap.org siteimprove.com siteimproveanalytics.com siteimprove.net siteimproveanalytics.io api.leadinfo.com *.leadinfo.net *.ldnfrpl.com li-replay.s3-accelerate.amazonaws.com; upgrade-insecure-requests 3 default-src 'self'; style-src 'self' 'unsafe-inline' 3 default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 3 frame-ancestors 'self' https://web.telegram.org https://mc.yandex.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com 3 frame-ancestors 'self' https://www.google.com; upgrade-insecure-requests 3 font-src *.gstatic.com *.fontawesome.com *.googleapis.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.google.com *.doofinder.com play.google.com *.stripe.com https://oct8necdneu.azureedge.net *.oct8ne.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.redsys.es *.redsys.es:25443 assets.braintreegateway.com *.doofinder.com *.paycomet.com *.onesignal.com onesignal.com *.authorize.net *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk https://dinapaqweb.tipsa-dinapaq.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.googletagmanager.com *.doubleclick.net *.doofinder.com play.google.com *.stripe.com vimeo.com *.oct8ne.com *.mediadelivery.net bsqd.me *.facebook.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hipay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.doofinder.com *.iconfinder.com http://cdn1.iconfinder.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.afterpay.com magecurious.com *.zendesk.com *.zdusercontent.com *.jwpltx.com *.jwplayer.com *.jwpsrv.com https://oct8necdneu.azureedge.net *.google.es *.clarity.ms blob: *.bing.com *.mediadelivery.net *.oct8ne.com *.requestmetrics.com *.bsqd.me *.facebook.com wss://*.kimeratechnologies.com https://kimera-front.s3.eu-west-1.amazonaws.com *.ekomi.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.oct8ne.com *.doofinder.com play.google.com *.stripe.com *.bam.eu01.nr-data.net *.google-analytics.com *.paypalobjects.com *.onesignal.com onesignal.com *.paycomet.com *.paycomet.com/gateway/paycomet.jetiframe.js magecurious.com *.ampproject.org *.jwplayer.com *.jwpcdn.com *.hotjar.com *.clarity.ms *.facebook.net *.mediadelivery.net *.requestmetrics.com bsqd.me *.amazonaws.com *.kimeratechnologies.com *.ekomi.de klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com downloads.mailchimp.com *.hipay.com *.googleapis.com *.googletagmanager.com *.fontawesome.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local assets.braintreegateway.com *.paycomet.com *.onesignal.com onesignal.com magecurious.com *.clarity.ms *.requestmetrics.com bsqd.me *.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.jwpsrv.com *.jwplatform.com *.mediadelivery.net *.b-cdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.google-analytics.com *.google.com instantcredit.net *.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local play.google.com *.stripe.com *.bam.eu01.nr-data.net *.paycomet.com *.magecurious.com *.ampproject.org *.jwpcdn.com *.jwplayer.com *.virtualearth.net *.gls-group.net *.oct8ne.com *.google.es *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net *.clarity.ms *.mediadelivery.net *.requestmetrics.com bsqd.me wss://bsqd.me *.stape.net wss://*.kimeratechnologies.com https://pre.kimeratechnologies.com *.facebook.com *.microsoft.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 frame-src https://*; child-src https://*; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 3 font-src *.fontawesome.com applepay.cdn-apple.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://fonts.gstatic.com https://use.typekit.net *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ api-qa.payplug.com secure-qa.payplug.com *.payplug.com https://www.googletagmanager.com https://sketchfab.com https://static.criteo.net https://*.criteo.com https://player.vidjet.io https://bat.bing.com https://*.doubleclick.net https://plugin.contestio.fr https://secure-magenta.dalenys.com *.cart-guru.io *.carts.guru *.cartsguru.io blob: 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.bird.eu a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://images.unsplash.com cdn.doofinder.com maps.googleapis.com maps.gstatic.com https://secure-magenta.dalenys.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.m2.p74.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://*.weeride.fr https://cl.avis-verifies.com https://axeptio.imgix.net https://favicons.axept.io https://www.facebook.com https://www.google.fr https://*.googlesyndication.com https://google.com https://*.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://hb.yahoo.net https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://public-prod-dspcookiematching.dmxleo.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dis.criteo.com https://widget.eu.criteo.com https://dpm.demdex.net https://beacon.krxd.net https://c1.adform.net https://sync.1rx.io https://aa.agkn.com https://sync.targeting.unrulymedia.com https://*.gstatic.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://eu1-doofinderuser.s3.amazonaws.com *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com https://static.axept.io https://www.googletagmanager.com https://www.google-analytics.com cdn.doofinder.com s7.addthis.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ maps.googleapis.com www.gstatic.com www.google.com applepay.cdn-apple.com api-qa.payplug.com cdn-qa.payplug.com https://cdn-qa.payplug.com https://secure-magenta.dalenys.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://api.easiconnect.io https://weeride.easiwebforms.net *.cart-guru.io *.carts.guru *.cartsguru.io https://connect.facebook.net https://app-api.vidjet.io https://media.vidjet.io https://www.clarity.ms https://bat.bing.com https://cdn.payplug.com https://www.google.fr https://static.criteo.net https://sslwidget.criteo.com https://widget.eu.criteo.com acc-weeride.h1d3n0tsoo-staging-easiwebforms.net https://widgets.rr.skeepers.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com https://secure-magenta.dalenys.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://p.typekit.net https://fonts.googleapis.com https://*.googletagmanager.com/ *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; object-src *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://client.axept.io https://api.axept.io https://www.google-analytics.com *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ maps.googleapis.com https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com https://cl-pbr.cxr.skeepers.io *.cart-guru.io *.carts.guru *.cartsguru.io https://openfpcdn.io https://app-api.vidjet.io https://*.clarity.ms https://*.analytics.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://google.com https://www.google.fr https://www.facebook.com https://measurement-api.criteo.com https://bat.bing.com https://bat.bing.net https://api.easiconnect.io https://*.amazonaws.com https://api.axeptio.tech 'self' 'unsafe-inline'; child-src *.cart-guru.io *.carts.guru *.cartsguru.io http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.m2.p82.dbm-local.com https://*.m2.p82.dbm-dev.com https://*.animal-valley.com https://*.poulailler-direct.fr https://*.chemin-des-poulaillers.com https://*.pro-valley.eu https://*.niche-a-chien.com 'self' 'unsafe-inline';, upgrade-insecure-requests; 3 frame-ancestors 'self' https://chiemgauevent.expo-ip.com https://ikom.expo-ip.com https://virtuelle.ikom-tum.de 3 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' https://*.traumgutscheine.com https://www.relax-guide.com 3 default-src 'self' https://*.userlane.com; script-src 'self' https://*.cookiebot.eu https://*.cookiebot.com https://www.datadoghq-browser-agent.com https://*.pinterest.com https://tally.so/widgets/embed.js https://*.youtube.com/ https://*.azureedge.net https://*.clarity.ms https://www.instagram.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://*.dynamics.com https://www.googleanalytics.com https://optimize.google.com https://*.mailplus.nl https://connect.facebook.net https://*.clickdimensions.com https://www.gstatic.com https://www.google.com https://www.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://script.hotjar.com https://tag.static.eu.context.cloud.sap https://www.google-analytics.com https://*.hotjar.com 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://*.vo.msecnd.net https://*.userlane.com https://www.googleoptimize.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' *.visualwebsiteoptimizer.com http://app.vwo.com 'self' blob:; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.clickdimensions.com https://*.vo.msecnd.net https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://*.userlane.com 'unsafe-inline' 'unsafe-inline' *.visualwebsiteoptimizer.com http://app.vwo.com; connect-src 'self' https://*.cookiebot.eu https://*.google.com https://browser-intake-datadoghq.eu https://*.westeurope.logic.azure.com https://*.azureedge.net https://*.dynamics.com https://*.clarity.ms https://o1121245.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://htp741805396-hamiplant.api.eu.context.cloud.sap/ https://htp741805397-hamiplant.api.eu.context.cloud.sap/ https://htp741805396.api.eu.context.cloud.sap/ https://htp741805397.api.eu.context.cloud.sap/ https://tag.static.eu.context.cloud.sap/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.userlane.com *.visualwebsiteoptimizer.com http://app.vwo.com *.googlesyndication.com; img-src 'self' https://*.usercentrics.eu https://*.cookiebot.com https://*.google.com https://*.google.nl https://*.flowerwebshop.com https://*.holexflower.com https://holex.tech https://i.pinimg.com https://*.clarity.ms https://*.pinterest.com https://*.youtube.com/ https://vmp.wincoholland.com/ https://shop.adomex.nl/ https://*.freshportal.net/ https://*.florinet.nl https://*.azureedge.net https://*.dynamics.com https://www.instagram.com/ https://freshandeasy.nl https://image.floriday.io https://shop.florashopping.nl https://www.flowersplantsandmore.com https://AlfaPro-Online.com https://www.terhaarornamental.nl https://zentoo.florinet.nl https://mijoflowers.com https://pictures.flowerwebshop.net https://023.kbt-pro.nl https://images.easyflor.nl https://webshop3.florashopping.nl https://pictures.flowersales.nl https://vmp.starflor.nl https://img.greenmaster.nl https://webshop.welyflor.com https://webshop3.wbe.nl https://4att.uniware.nl https://services.sdf.nl https://groenenmeer.sdfcloud.nl https://webshop.gdekoning.nl https://webshop.rotoflowers.nl https://img.img20.match-online.nl https://img20.match-online.nl https://winco.florisoftcloud.nl https://summit.florinet.nl https://webshop.freshcap.eu https://webshop.eijkpotplanten.nl https://www.tgca.nl https://webshop.hpvannieuwkerk.nl https://webshop.floraunited.nl https://*.hotjar.com https://floralwebshop.com https://img.floraplaza.nl https://optimize.google.com https://www.google-analytics.com https://*.analytics.google.com https://webshop.mdk.nl https://website.pfitzer.nl https://www.duif.nl https://www.facebook.com https://webshop.fsq.nl/ https://webshop.demooij-import.com/ https://www.ccpictures.net/ https://res.cloudinary.com/ https://*.userlane.com http://83.98.232.238/ https://webshop.frescoflowers.nl/ http://zentoo.florinet.nl/ https://webshop.arendroses.nl/ https://webshop.decofresh.com/ http://summit.florinet.nl/ http://winco.florisoftcloud.nl/ https://www.paypalobjects.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://api.floriday.io/ http://images.duif.nl/ http://213.125.32.122:81/ https://image.freshportal.com/ http://85.17.33.195/ http://img.logicab.nl/ http://lw-fps-img-01.freshportal.nl/ http://img20.match-online.nl/ https://images.connectwebshop.nl/ https://*.ozplanten.nl https://shop.floraplaza.nl/ data: https://*.google-analytics.com http://webshop.hamifleurs.nl http://webshop.flowertrading.nl https://ssl.google-analytics.com https://www.googletagmanager.com https://floraxchange.blob.core.windows.net http://shop.flowertrading.nl http://accp.flowertrading.nl https://dutchplantshop.nl https://img20.match-online.nl http://www.gasagroup.com https://img.ozexport.nl https://images.connectwebshop.nl http://webshop.flowertrading.nl https://services.sdf.nl/ https://ozplanten.nl https://garden-line.nl https://plantsplaza.com https://alfapro-online.com https://*.freshportal.nl https://img.logicab.nl https://beeldbankfotos.royalfloraholland.com https://api.floriday.com https://images.duif.nl https://023.kbt-pro.nl https://img.greenmaster.nl https://cms.pt-creations.nl *.visualwebsiteoptimizer.com http://app.vwo.com useruploads.vwo.io *.googlesyndication.com; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.userlane.com data:; frame-src 'self' https://*.cookiebot.eu/ https://*.cookiebot.com/ https://*.googletagmanager.com/ https://*.flowerwn.com/ https://tally.so/ https://*.floralwebshop.com/ https://*.plantsplaza.com/ https://*.floraplaza.com/ https://*.flowerwebshop.com/ https://*.dutchplantshop.nl/ https://*.connectwebshop.com/ https://www.instagram.com/ https://optimize.google.com https://*.hotjar.com https://player.cloudinary.com https://login.microsoftonline.com https://login.windows.net https://forms.office.com https://e.issuu.com https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.vimeo.com/ https://*.youtube.com/ https://*.twitter.com https://*.facebook.com/ https://*.pinterest.com/ https://issuu.com/ https://*.google.com *.visualwebsiteoptimizer.com http://app.vwo.com; frame-ancestors 'self' https://accstorefront.cuyu7qqhig-dutchflow1-p2-public.model-t.cc.commerce.ondemand.com/ https://accstorefront.cuyu7qqhig-dutchflow1-s1-public.model-t.cc.commerce.ondemand.com https://*.flowerwn.com/ https://*.floralwebshop.com/ https://*.plantsplaza.com/ https://accstorefront.cuyu7qqhig-dutchflow1-p1-public.model-t.cc.commerce.ondemand.com https://*.floraplaza.com/ https://*.flowerwebshop.com/ https://*.connectwebshop.com/ https://*.dutchplantshop.nl/; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub2f8f657928810848632b384d8a7c9003&dd-evp-origin=content-security-policy&ddsource=csp-report 3 default-src 'none'; base-uri 'self' *.dataprovider.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dataprovider.com prismic.io *.prismic.io vercel.live *.vercel.live *.vercel.app *.flourish.studio cdn-cookieyes.com js.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hsadspixel.net js.hs-banner.com js.hs-analytics.net snap.licdn.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net static.ads-twitter.com *.linkedin.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.dataprovider.com *.typekit.net; img-src 'self' data: *.dataprovider.com *.prismic.io *.cdn-cookieyes.com assets.vercel.com *.flourish.studio *.typekit.net *.hsforms.com track.hubspot.com *.google.com *.google.nl googleads.g.doubleclick.net t.co analytics.twitter.com *.linkedin.com; font-src 'self' data: *.typekit.net; connect-src 'self' wss: *.dataprovider.com *.vercel.app *.sentry.io *.hsforms.com cdn-cookieyes.com *.cookieyes.com *.hubapi.com *.hscollectedforms.net *.google.com *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.hotjar.com *.hotjar.io cdn.linkedin.oribi.io integration-prod-assets.s3.us-east-2.amazonaws.com; frame-src 'self' account.dataprovider.com dataprovider.prismic.io vercel.live flo.uri.sh *.google.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com; frame-ancestors 'self' *.google.com; form-action 'self' *.dataprovider.com *.hsforms.com; child-src 'self' blob:; 3 img-src 'self' secure.gravatar.com ps.w.org img.freepik.com www.acint.net data:; 3 frame-ancestors 'self' multimaps360.de; 3 frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr *.purevpn.com.tw purevpn.com.tw *.purevpn.de purevpn.de 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 3 frame-ancestors 'self'; frame-src 'self' 3 require-sri-for script style 3 default-src http: https: 'unsafe-inline' 'unsafe-eval' data: ws: 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; style-src-elem 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; connect-src 'self' https:; media-src *; frame-src 'self' https:; frame-ancestors 'self' https://teams.microsoft.com *.teams.microsoft.com; object-src 'none'; form-action 'self'; base-uri 'self'; manifest-src 'self'; 3 default-src 'self' *;script-src 'self' 'unsafe-inline' *; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *;img-src 'self' data: *;font-src 'self' *;connect-src 'self' *;frame-src 'self' * blob:;object-src 'self' blob:;base-uri 'self';form-action 'self' https://centinelapi.cardinalcommerce.com;media-src 'self' blob:; 3 default-src 'self' maps.google.com www.google.com js.stripe.com www.facebook.com syndication.twitter.com www.youtube.com platform.twitter.com; script-src 'self' js.stripe.com code.jquery.com s7.addthis.com cdn.jsdelivr.net cdn.rawgit.com connect.facebook.net platform.twitter.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.jsdelivr.net ajax.googleapis.com cdn.rawgit.com code.jquery.com 'unsafe-inline' ; connect-src 'self' soccerleagues.comortais.com/MobileService.asmx/getOrgPage www.google-analytics.com maps.googleapis.com; img-src 'self' http://sportlomo-staticcontent.s3.amazonaws.com carlow-nationalist.ie ndsl.ie lsl.ie cdn3.livescore.com maps.googleapis.com www.carlowsoccer.ie bodibro.ie scontent-dub4-1.xx.fbcdn.net media.info www.wexfordschoolboys.ie kdul.ie www.kdul.ie i.imgur.com code.jquery.com comortais.com fbcdn-profile-a.akamaihd.net ajax.googleapis.com soccerleagues.comortais.com www.comortais.com dev.comortais.com test.comortais.com www.googletagmanager.com syndication.twitter.com data:; font-src 'self'; 3 script-src http: https: https://mcprod.distrinando.com/ 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.brevo.com *.sendinblue.com; style-src 'self' blob: https: 'unsafe-inline' https://mcprod.distrinando.com/; img-src data: http: https: *.googletagmanager.com *.google-analytics.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.botmaker.com *.brevo.com *.sendinblue.com *.google.com; 3 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com 3 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;media-src h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.unica.vn www.googletagmanager.com connect.facebook.net web.facebook.com www.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com translate.google.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io za.zdn.vn embed.tawk.to cdn.tailwindcss.com ipinfo.io *.googleapis.com apis.google.com *.edubit.vn www.wiris.net edubit.live www.pdftron.com fchat.vn cdn.fchat.vn embed.ybai.me salekit.page player.vimeo.com livechat.fpt.ai www.misa.vn a.pancake.vn api.webcake.io zigzag.vn yoga.vn app.chatbiz.vn player.vdocipher.com chatgpt.com sf-cdn.coze.com rc-help.pagefly.io *.chative.io ahachat.com app.ahachat.com app.preny.ai; worker-src blob: https:; 3 default-src 'self' https:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; 3 default-src ‘self’; script-src ‘self’ https://cdnjs.cloudflare.com; style-src ‘self’ https://fonts.googleapis.com; img-src ‘self’ data:; object-src ‘none’; upgrade-insecure-requests; block-all-mixed-content; 3 img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com wss://*.push.apple.com; frame-src 'self' blob: mailto: sms: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 2 default-src 'none'; script-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; img-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de data: ; font-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; connect-src 'self' https://sso.myfritz.net https://gateway.myfritz.net wss://gateway.myfritz.net https://piwik.avm.de; frame-src 'self' https://sso.myfritz.net https://www.google.com/recaptcha/; media-src 'none'; object-src 'none'; worker-src 'none'; manifest-src https://www.myfritz.net/static/manifest.json https://sso.myfritz.net/static/manifest.json; frame-ancestors https://sso.myfritz.net https://www.myfritz.net; form-action 'self' https://www.myfritz.net 2 frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests 2 default-src temu: *.temu.com *.kwcdn.com *.temucdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io *.pagoefectivo.pe wauth.teledit.com *.smartropay.co.kr *.mobilians.co.kr applepay.cdn-apple.com codigoqr.pagoefectivolatam.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; report-uri /api/sec-csp/110000006/enforce 2 default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com w.usabilla.com munchkin.marketo.net serve.nrich.ai ml314.com scout-cdn.salesloft.com snippet.maze.co www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com *.googlesyndication.com js.stripe.com d3js.org www.brighttalk.com cdnjs.cloudflare.com static.ads-twitter.com *.cdn.digitaloceanspaces.com www.redditstatic.com snap.licdn.com connect.facebook.net jspm.dev cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com www.tfaforms.com api.usabilla.com *.cloudfront.net cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' assets.ubuntu.com cdn.livechatinc.com secure.livechatinc.com fonts.google.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' *.googlesyndication.com www.google.com ubuntu.com analytics.google.com www.googletagmanager.com sentry.is.canonical.com www.google-analytics.com *.crazyegg.com scout.salesloft.com *.g.doubleclick.net js.zi-scripts.com *.mktoresp.com prompts.maze.co *.google-analytics.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com px.ads.linkedin.com ws.zoominfo.com api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com youtube.com google.com fonts.google.com api.text.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com js.stripe.com www.googletagmanager.com www.google.com www.brighttalk.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com *.cloudfront.net app3.trueability.com app.trueability.com; style-src *.cloudfront.net cdn.jsdelivr.net 'self' 'unsafe-inline'; media-src 'self' res.cloudinary.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; child-src api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com youtube.com google.com fonts.google.com 'self' blob:; frame-ancestors 'none'; 2 frame-ancestors 'self' https://*.un.org; 2 default-src https: 'unsafe-inline' data: blob:; frame-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; media-src https: 'unsafe-inline' data: blob:; img-src https: http: data: blob:; frame-ancestors https: 2 default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.botframework.com https://*.clarity.ms https://*.demandbase.com https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://ads.reddit.com https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.company-target.com https://api.userway.org https://bat.bing.com https://bat.bing.net https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://conversions-config.reddit.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://grsm.io https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://partnerlinks.io https://pixel-config.reddit.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://segments.company-target.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://tracking-api.g2.com https://www.facebook.com https://www.google-analytics.com https://www.google.by https://www.google.co.uz https://www.google.com https://www.google.es https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com wss://*.botframework.com wss://*.eset.com wss://*.hotjar.com; font-src 'self' data: https://*.eset.com https://*.gstatic.com https://*.web-assets.eset.com https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; form-action 'self' https://*.eset-la.com https://*.eset.com https://*.form.eset.com https://*.tienda.eset-la.com https://s1069307879.t.eloqua.com https://webto.salesforce.com https://www.facebook.com; frame-ancestors 'self' https://*.eset.com; frame-src 'self' https://*.eset.com https://*.fls.doubleclick.net https://*.sgtm.eset.com https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://s.company-target.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.eset.com https://*.hotjar.com https://*.rlcdn.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://bat.bing.net https://c.bing.com https://c.clarity.ms https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://s1069307879.t.eloqua.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://web-assets.esetstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; manifest-src 'self' https://*.eset.com https://*.web-assets.eset.com; media-src 'self' https://*.eset.com https://*.web-assets.eset.com https://api.userway.org https://cdn.userway.org; object-src 'self' https://*.eset.com https://*.web-assets.eset.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.eset.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://*.web-assets.eset.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.botframework.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn.userway.org https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.partnerstack.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking-api.g2.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.cg https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uz https://www.google.co.ve https://www.google.co.zw https://www.google.com https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.redditstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.eset.com https://*.hotjar.com https://*.web-assets.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io; worker-src 'self' https://*.eset.com; report-uri https://www-eset-com.api.cspconsole.com/v1/reports; report-to csp-endpoint; 2 frame-ancestors 'self' *.indiatimes.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2 require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/corplogin 2 frame-ancestors 'self' *.intranet *.uolinc.com; 2 frame-ancestors https://currently.att.yahoo.com https://start.att.net https://test-start.att.net https://test-www.att.net https://www.att.net http://test-start.att.net http://test-ww.att.net; 2 frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2 connect-src 'self' https://search.brave.com https://newsletter.brave.app https://analytics.brave.com; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://survey.brave.app https://contact.ads.brave.com https://html5-player.libsyn.com https://player.vimeo.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://www.youtube-nocookie.com https://app.boostr.com/; img-src 'self' data: https://imgs.search.brave.com https://analytics.brave.com https://boards.greenhouse.io https://job-boards.greenhouse.io; script-src 'self' https://boards.greenhouse.io https://job-boards.greenhouse.io; style-src 'self' 'unsafe-inline'; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests; 2 frame-ancestors https://platform.theverge.com https://*.theverge.com 'self' 2 default-src *.clarity.ms ml314.com *.romeo.liveclicker.com romeo.liveclicker.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src https://unpkg.com https://cdnjs.cloudflare.com *.hawksearch.net https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com code.jquery.com kendo.cdn.telerik.com maps.google.com z.moatads.com v1.addthisedge.com *.googletagmanager.com *.quantcast.com *.quantserve.com *.quantcount.com cltgtstor001.blob.core.windows.net *.slgnt.us cdn.polyfill.io googleads.g.doubleclick.net static.ads-twitter.com snap.licdn.com *.adroll.com t.co analytics.twitter.com *.google.com *.linkedin.com *.33across.com *.hotjar.com cdn.jsdelivr.net ml314.com *.clarity.ms *.romeo.liveclicker.com romeo.liveclicker.com *.sitescout.com cdn01.basis.net *.pixel.ad *.surveymonkey.com cmp.inmobi.com *.onetrust.com assistant.woorank.com app.wondering.com cdn.ribbonapp.com 'unsafe-inline' 'unsafe-eval' www.youtube.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net translate.google.com translate.googleapis.com translate-pa.googleapis.com https://translate.google.com/ cdn.wondering.com www.google-analytics.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self'; style-src https://unpkg.com *.hawksearch.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googletagmanager.com *.romeo.liveclicker.com romeo.liveclicker.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net www.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; connect-src *.hawksearch.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.googletagmanager.com maps.googleapis.com *.quantcast.com *.quantserve.com *.quantcount.com *.hawksearch.com www.google.com site-azp.slgnt.us googleads.g.doubleclick.net offer.slgnt.us stats.g.doubleclick.net *.google.com *.linkedin.com *.adroll.com cdn.linkedin.oribi.io *.hotjar.com wss://*.hotjar.com *.hotjar.io ml314.com *.clarity.ms cmp.inmobi.com api.cmp.inmobi.com google.com *.googlesyndication.com *.onetrust.com www.woorank.com api.wondering.com *.sagepub.com app-sfrenderer-ci-westus-001.azurewebsites.net app-sfrenderer-dev-westus-001.azurewebsites.net app-sfrenderer-qa-westus-001.azurewebsites.net app-sfrenderer-uat-westus-001.azurewebsites.net app-sfrenderer-stg-westus-001.azurewebsites.net nominatim.openstreetmap.org translate-pa.googleapis.com translate.googleapis.com www.google-analytics.com *.slgnt.us 'self'; frame-src players.brightcove.net corwin.slgnt.us www.youtube.com www.buzzsprout.com offer.slgnt.us *.sitescout.com *.surveymonkey.com *.sagepub.com www.googletagmanager.com; img-src https://cf-images.us-east-1.prod.boltdns.net https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com web-chat.nativechat.com maps.google.com *.quantserve.com *.quantcount.com t.co *.twitter.com *.google.com *.linkedin.com *.adroll.com x.bidswitch.net cm.g.doubleclick.net dsum-sec.casalemedia.com idsync.rlcdn.com pixel.rubiconproject.com us-u.openx.net sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com sync.taboola.com eb2.3lift.com ib.adnxs.com *.google-analytics.com *.googletagmanager.com corwinpress.azureedge.net *.clarity.ms ml314.com ps.eyeota.net sync.crwdcntrl.net match.adsrvr.org dpm.demdex.net *.sitescout.com www.google.com.ni googleads.g.doubleclick.net cmn-cdn-uat-001.sagepub.com cmn-cdn-001.sagepub.com https://sagepubcoreweb.blob.core.windows.net *.sagepub.com *.openstreetmap.org *.onetrust.com www.gstatic.com translate.googleapis.com fonts.gstatic.com https://cdn.insight.sitefinity.com 'self' data:; font-src fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com 'self' data:; media-src 'self' 2 default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://framerusercontent.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.google.com https://www.gstatic.com https://widget.kapa.ai https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://cdn-assets-prod.s3.amazonaws.com https://optimizely.s3.amazonaws.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net dnf20ypvrc856.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.framer.com https://framerusercontent.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://app.leandata.com https://cdn.leandata.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://*.optimizely.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://*.typeform.com https://use.typekit.net https://mxpnlcms.wpengine.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com wss://api.liveblocks.io https://api.liveblocks.io https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.sentry.io https://api.honeycomb.io https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://www.google.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://proxy.kapa.ai https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://cdn-assets-prod.s3.amazonaws.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.framer.com https://google.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.g2crowd.com https://app.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://*.optimizely.com https://cdn.linkedin.oribi.io https://*.reddit.com https://www.redditstatic.com/ads/ https://unpkg.com/@rive-app/canvas@1.2.4/rive.wasm https://public.rive.app https://*.singular.net https://mxpnlcms.wpengine.com https://thesignalprod.wpenginepowered.com https://*.zoominfo.com; img-src 'self' blob: data: https://*.chmln-cdn.com https://api.liveblocks.io https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://ct.capterra.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://framerusercontent.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://cdn.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://*.openx.net https://*.optimizely.com https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://thesignalprod.wpenginepowered.com https://*.analytics.yahoo.com https://i.ytimg.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://fonts.googleapis.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://framerusercontent.com https://*.gstatic.com https://cdn.leandata.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://cdn.mxpnl.com/static/ https://js.stripe.com https://www.google.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com dta8euw1l8gvs.cloudfront.net https://*.doubleclick.net https://*.framer.com https://*.google.com https://www.googletagmanager.com https://mixpanel.my.leandata.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://capture.navattic.com/ https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://rive.app https://*.typeform.com; worker-src 'self' blob:; 2 default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com www.mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net www.knotch-cdn.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 2 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; media-src 'self' https: data: blob:; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2 frame-ancestors 'self' https://as.com https://argentina.as.com https://chile.as.com https://colombia.as.com https://en.as.com https://mexico.as.com https://peru.as.com https://us.as.com https://apuestas.as.com 2 default-src https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; 2 default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.staples.com *.staplesadvantage.com 2 frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 2 report-uri /csp;child-src 'self' 'self' blob:;connect-src *;default-src 'self';img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com *.analytics.google.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://c0.adalyser.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://lux.speedcurve.com https://forms-eu1.hsforms.com/;font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/;object-src 'self';media-src 'self' 'self' data: https://wise.com/;manifest-src 'self' 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com https://c0.adalyser.com https://c.amazon-adsystem.com https://js-eu1.hs-scripts.com https://transferwise.com https://bidr.io https://cdn.speedcurve.com https://lux.speedcurve.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://js-eu1.hsforms.net;style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/;frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com;frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com https://transferwise.com https://wise.navattic.com https://www.google.com https://js-eu1.hsforms.net https://forms-eu1.hsforms.com/;worker-src 'self' blob:;form-action 'self' https://forms-eu1.hsforms.com/;base-uri 'self';script-src-attr 'none';upgrade-insecure-requests 2 upgrade-insecure-requests; frame-ancestors 'self' localhost:* *.aftonbladet.localhost *.aftonbladet.dev *.aftonbladet.se *.aftonbladet-cdn.se admarket.schibsted.se *.svd.se *.vg.no; default-src http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; 2 frame-ancestors http://*.wps.com https://*.wps.com 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2 frame-ancestors 'self' https://*.taboola.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 2 frame-ancestors https://*.orange.fr https://*.sosh.fr https://*.parnasse.fr https://*.soshcaraibe.fr https://*.sosh.re https://*.orange.re 2 frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2 frame-ancestors 'self'; script-src https://cfnimg.joyclub.de/ *.joyclub.de https://aa.joyclub.com/ https://edserver-ndev.joyclub.com/* https://maps.googleapis.com/ https://www.google.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://s.ytimg.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://connect.facebook.net/ blob: https://googleads.g.doubleclick.net/ https://paygate.novalnet.de/v2/ https://cdn.novalnet.de/js/v3/ https://static.zdassets.com/ https://www.joyclub.de/cdn-cgi/ https://www.joyclub.com/cdn-cgi/ https://pagead2.googlesyndication.com/; upgrade-insecure-requests 2 base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 2 frame-ancestors 'self' https://*.sweb.ru https://webvisor.com http://webvisor.com ; 2 frame-ancestors https://www.evernote.com https://evernote.com https://stage.evernote.com https://app.preprod3.evernote.com https://evernote.prismic.io/ 2 frame-ancestors https://platform.vox.com https://*.vox.com 'self' 2 default-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com data:;connect-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com data:;script-src 'self' 'unsafe-eval' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in;style-src 'self' 'unsafe-inline' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in;object-src 'self' data:;frame-src 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in app.powerbi.com data:;frame-ancestors 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in app.powerbi.com data:; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 2 default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.qualtrics.com; font-src 'self' data: https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com https://www.youtube.com https://content.zenimpact.io https://hub2.zenimpact.io https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com https://d-code.liadm.com https://idx.liadm.com; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://*.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com https://subscriber-incentives.pickaxe.ai https://content.zenimpact.io https://hub2.zenimpact.io https://idx.liadm.com https://rp.liadm.com https://rp4.liadm.com https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com; img-src 'self' data: localhost:* blob: https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com https://content.zenimpact.io https://hub2.zenimpact.io https://rp.liadm.com https://rp4.liadm.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com https://content.zenimpact.io https://hub2.zenimpact.io; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com https://content.zenimpact.io https://hub2.zenimpact.io; frame-src https://core.spreedly.com https://www.peacocktv.com/sas-3dsecure https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://s.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com https://open.spotify.com https://content.zenimpact.io https://hub2.zenimpact.io; block-all-mixed-content; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 2 frame-ancestors 'self' *.bazaarvoice.com 2 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com https://client.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabtrustbankcollectives.com 2 frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 2 frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 2 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' blob:;img-src * data: blob:;media-src * data:;font-src * data: https: 2 frame-ancestors 'none'; default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.scip.es *.paypal.com 2 frame-ancestors 'self'; upgrade-insecure-requests;form-action 'self' slashdot.org slashdot.us15.list-manage.com;fenced-frame-src https:; frame-src 'self' slashdot.org *.lijit.com btloader.com *.btloader.com *.btmessage.com http://*.pro-market.net *.crsspxl.com *.google.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net *.googleadservices.com *.adtrafficquality.google console.googletagservices.com *.amazon-adsystem.com challenges.cloudflare.com *.adnxs.com *.indexww.com *.rubiconproject.com *.pubmatic.com *.smartadserver.com *.tapad.com http://*.youtube.com http://*.youtube-nocookie.com slashdotmedia.com as.slashdot.org *.as.slashdot.org error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online *.criteo.com *.openx.net *.pghub.io; object-src http://*.youtube.com;script-src 'self' slashdot.org *.slashdot.org slashdot.org *.slashdotmedia.com a.fsdn.com challenges.cloudflare.com *.lijit.com *.moatads.com *.adsafeprotected.com *.sharethrough.com *.2mdn.net *.adnxs.com *.bing.com *.script.ac *.ybp.yahoo.com *.adnxs-simple.com *.truste.com *.adrta.com pghub.io/js/pandg-sdk.js *.pubmatic.com ml314.com *.stack-sonar.com *.licdn.com translate.googleapis.com *.doubleclick.net *.googleadservices.com *.adtrafficquality.google translate.google.cn *.gstatic.cn *.google.com *.ampproject.org *.amazon-adsystem.com *.criteo.net *.creativecdn.com *.crwdcntrl.net *.uidapi.com *.im-apps.net *.euid.eu *.openxcdn.net *.id5-sync.com cdn.jsdelivr.net/gh/prebid/shared-id/ *.consentmanager.net *.microsofttranslator.com *.gstatic.com *.googletagservices.com *.google-analytics.com *.googlesyndication.com *.cloudflareinsights.com d3tglifpd8whs6.cloudfront.net rpxnow.com btloader.com *.btmessage.com *.crsspxl.com http://*.pro-market.net *.4dex.io *.adnxs-simple.com *.s-onetag.com *.rubiconproject.com *.trustarc.com *.truste.com *.doubleverify.com *.tapad.com *.pghub.io pghub.io *.sharethru.com j.6sc.co as.slashdot.org *.as.slashdot.org html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online cmp.inmobi.com *.inmobicdn.net blob: adservice.google.ad adservice.google.ae adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.kr adservice.google.co.th adservice.google.co.uk adservice.google.co.zw adservice.google.com.au adservice.google.com.bo adservice.google.com.hk adservice.google.com.mx adservice.google.com.ph adservice.google.com.pk adservice.google.com.sa adservice.google.com.sg adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.hu adservice.google.ie adservice.google.it adservice.google.li adservice.google.lu adservice.google.mu adservice.google.mv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.se adservice.google.sk adservice.google.com.br adservice.google.com.ar adservice.google.cl adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.es adservice.google.hr adservice.google.im adservice.google.lk adservice.google.me adservice.google.mg adservice.google.com.mm adservice.google.com.ng adservice.google.com.np adservice.google.com.pr adservice.google.com.uy adservice.google.co.za adservice.google.jo adservice.google.bs adservice.google.al adservice.google.co.tz adservice.google.rw adservice.google.hn adservice.google.lt adservice.google.iq adservice.google.si adservice.google.bj adservice.google.co.ao adservice.google.com.gh adservice.google.kz adservice.google.com.eg adservice.google.com.ec adservice.google.co.ve adservice.google.com.py adservice.google.lv adservice.google.mn adservice.google.com.bn adservice.google.tn adservice.google.ml adservice.google.is adservice.google.com.sv adservice.google.com.bz adservice.google.az adservice.google.gt adservice.google.sn adservice.google.cm adservice.google.com.kh adservice.google.ge adservice.google.com.et adservice.google.com.pe adservice.google.com.ly adservice.google.co.mz adservice.google.com.bh adservice.google.com.mt adservice.google.ps adservice.google.so adservice.google.bf adservice.google.co.nz adservice.google.com.gt adservice.google.co.zm adservice.google.je adservice.google.cv adservice.google.la adservice.google.bi adservice.google.com.jm adservice.google.tt adservice.google.com.kw adservice.google.cd adservice.google.gy adservice.google.tg adservice.google.com.af adservice.google.com.lb adservice.google.sr adservice.google.com.ni adservice.google.ki adservice.google.com.na adservice.google.ht adservice.google.nr adservice.google.td adservice.google.co.ls adservice.google.gl adservice.google.bt adservice.google.tm adservice.google.com.vc adservice.google.co.bw adservice.google.vg adservice.google.as adservice.google.cg adservice.google.com.ag adservice.google.com.tj adservice.google.dm adservice.google.to adservice.google.dj adservice.google.cf adservice.google.ws adservice.google.st adservice.google.gm adservice.google.fm adservice.google.com.sb adservice.google.com.pg adservice.google.com.gi adservice.google.com.ai adservice.google.co.ck adservice.google.ru adservice.google.nu adservice.google.com.my adservice.google.com.bd adservice.google.ci adservice.google.co.cr adservice.google.co.ke adservice.google.co.ug adservice.google.co.uz adservice.google.co.vi adservice.google.ms adservice.google.com.fj adservice.google.com.om adservice.google.com.pa adservice.google.com.qa adservice.google.ga adservice.google.gg adservice.google.kg adservice.google.md adservice.google.mk adservice.google.mw adservice.google.ne adservice.google.sm adservice.google.tl adservice.google.sc adservice.google.vu 'unsafe-inline' 'unsafe-eval';report-uri https://sourceforge.report-uri.com/r/d/csp/enforce 2 default-src 'self'; font-src 'self' https://www.citrix.com; style-src-elem 'self' https://www.citrix.com 'unsafe-inline' 2 default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com www.brighttalk.com snap.licdn.com connect.facebook.net maps.googleapis.com www.redditstatic.com munchkin.marketo.net w.usabilla.com api.usabilla.com *.googlesyndication.com cdn.jsdelivr.net https://esm.sh https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' assets.ubuntu.com fonts.google.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' www.google.com ubuntu.com analytics.google.com www.googletagmanager.com sentry.is.canonical.com www.google-analytics.com *.crazyegg.com *.g.doubleclick.net js.zi-scripts.com *.google-analytics.com px.ads.linkedin.com ws.zoominfo.com youtube.com google.com fonts.google.com maps.googleapis.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://esm.sh https://lottie.host https://cdn.jsdelivr.net *.analytics.google.com www.facebook.com *.googlesyndication.com *.mktoresp.com assets.ubuntu.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com www.googletagmanager.com www.google.com www.brighttalk.com; style-src 'self' cdn.jsdelivr.net 'unsafe-inline'; media-src 'self' res.cloudinary.com assets.ubuntu.com; child-src 'self' youtube.com google.com fonts.google.com; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http://tpc.googlesyndication.com http://script.crazyegg.com/pages/scripts/0013/1464.js https://s-static.innovid.com; style-src 'self' 'unsafe-inline' https://s-static.innovid.com https://fonts.googleapis.com; img-src 'self' blob: data: https: http://www.google.com https://aetnavodglobaldev.112.2o7.net https://aetnavodglobal.112.2o7.net http://p1.parsely.com http://aepdaks3.aetndigital.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https: wss: http://p1.parsely.com/plogger; media-src 'self' blob: data: https:; object-src 'self' blob: data:; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://app.contentful.com https://www.google.com; frame-src 'self' https: http://ads.creative-serving.com http://imasdk.googleapis.com http://tpc.googlesyndication.com; ; 2 default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.intercom.io wss://*.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: tel: *.usercentrics.com https://vars.hotjar.com https://js.intercomcdn.com 2 frame-ancestors https://*.mintegral.com 2 default-src 'self';object-src 'none';manifest-src 'none';media-src 'self' blob: https://channel.sas.com https://service.sas.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.mrpfd.com d3js.org https://web.cvent.com *.boltdns.net players.brightcove.net *.brightcove.com *.akamaihd.net *.brightcovecdn.com vjs.zencdn.net;style-src 'self' data: 'unsafe-inline' https://cdn.developer.sas.com https://player.interactivity.brightcove.com players.brightcove.net https://fonts.googleapis.com https://script.crazyegg.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com assets.adobedtm.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com;font-src 'self' data: https://www.sas.com https://cdn.developer.sas.com https://www.jmp.com https://fonts.gstatic.com https://player.interactivity.brightcove.com players.brightcove.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com www.youtube.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.service-now.com *.visualize-roi.com *.brightcove.com players.brightcove.net https://www.googletagmanager.com https://px.anteriad.com https://web.cvent.com https://event-guestside-app-pr50.cvent-production.cvent.cloud;worker-src blob:;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics; 2 connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2 default-src 'self' 'unsafe-inline' rudderstack.com *.rudderstack.com bugsnag.com *.bugsnag.com usebasin.com *.usebasin.com sanity.io *.sanity.io arcade.software *.arcade.software demo.arcade.software *.demo.arcade.software youtube.com *.youtube.com algolianet.com *.algolianet.com algolia.net *.algolia.net run.app *.run.app google.com *.google.com google-analytics.com *.google-analytics.com pusher.com *.pusher.com jsdelivr.net *.jsdelivr.net adnxs.com *.adnxs.com reddit.com *.reddit.com redditstatic.com *.redditstatic.com qualified.com *.qualified.com 6sc.co *.6sc.co g2.com *.g2.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com githubusercontent.com *.githubusercontent.com t.co *.t.co twitter.com *.twitter.com vercel.com *.vercel.com vercel.live *.vercel.live hotjar.com *.hotjar.com hotjar.io *.hotjar.io speedcurve.com *.speedcurve.com ytimg.com *.ytimg.com partnerpage.io *.partnerpage.io fontawesome.com *.fontawesome.com wss://ws.hotjar.com wss://ws-us3.pusher.com wss://ws.qualified.com website-files.com *.website-files.com img.shields.io *.img.shields.io hex.tech *.hex.tech linkedin.com *.linkedin.com hockeystack.com *.hockeystack.com clarity.ms *.clarity.ms assets.calendly.com *.assets.calendly.com quora.com *.quora.com q.quora.com *.q.quora.com bat.bing.net *.bat.bing.net posthog.com *.posthog.com i.posthog.com *.i.posthog.com us-assets.i.posthog.com *.us-assets.i.posthog.com getseam.ai *.getseam.ai blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' rudderstack.com *.rudderstack.com jsdelivr.net *.jsdelivr.net rudderlabs.com *.rudderlabs.com vercel-scripts.com *.vercel-scripts.com licdn.com *.licdn.com ads-twitter.com *.ads-twitter.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com bing.com *.bing.com quora.com *.quora.com google.com *.google.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms doubleclick.net *.doubleclick.net bugsnag.com *.bugsnag.com jquery.com *.jquery.com kapa.ai *.kapa.ai skypack.dev *.skypack.dev g2crowd.com *.g2crowd.com adnxs.com *.adnxs.com qualified.com *.qualified.com 6sc.co *.6sc.co redditstatic.com *.redditstatic.com vercel.live *.vercel.live gstatic.com *.gstatic.com hotjar.com *.hotjar.com fullstory.com *.fullstory.com partnerpage.io *.partnerpage.io speedcurve.com *.speedcurve.com googleapis.com *.googleapis.com clarity.ms *.clarity.ms calendly.com *.calendly.com youtube.com *.youtube.com demo.arcade.software *.demo.arcade.software usebasin.com *.usebasin.com hackerone.com *.hackerone.com posthog.com *.posthog.com i.posthog.com *.i.posthog.com us-assets.i.posthog.com *.us-assets.i.posthog.com seamintent.ai *.seamintent.ai; frame-src 'self' rudderstack.com *.rudderstack.com jsdelivr.net *.jsdelivr.net rudderlabs.com *.rudderlabs.com vercel-scripts.com *.vercel-scripts.com licdn.com *.licdn.com ads-twitter.com *.ads-twitter.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com bing.com *.bing.com quora.com *.quora.com google.com *.google.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms doubleclick.net *.doubleclick.net bugsnag.com *.bugsnag.com jquery.com *.jquery.com kapa.ai *.kapa.ai skypack.dev *.skypack.dev g2crowd.com *.g2crowd.com adnxs.com *.adnxs.com qualified.com *.qualified.com 6sc.co *.6sc.co redditstatic.com *.redditstatic.com vercel.live *.vercel.live gstatic.com *.gstatic.com hotjar.com *.hotjar.com fullstory.com *.fullstory.com partnerpage.io *.partnerpage.io speedcurve.com *.speedcurve.com googleapis.com *.googleapis.com clarity.ms *.clarity.ms calendly.com *.calendly.com youtube.com *.youtube.com demo.arcade.software *.demo.arcade.software usebasin.com *.usebasin.com hackerone.com *.hackerone.com posthog.com *.posthog.com i.posthog.com *.i.posthog.com us-assets.i.posthog.com *.us-assets.i.posthog.com seamintent.ai *.seamintent.ai; img-src * http: https: blob: data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 2 frame-ancestors 'self' https://dp-downloads.broadcom.com *.broadcom.com; frame-src 'self' https://dp-downloads.broadcom.com https://www.addevent.com https://www.youtube.com *.broadcom.com http://pubs.vmware.com https://www.google.com https://google.com https://calendar.google.com https://docs.google.com https://accounts.google.com https://batchgeo.com https://players.brightcove.net https://airtable.com https://lookerstudio.google.com 2 default-src 'self'; connect-src 'self' https://*.grass.io https://*.getgrass.io https://*.ghost.io https://*.clarity.ms https://*.google-analytics.com https://*.grassfoundation.io https://*.convertexperiments.com https://*.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.clarity.ms https://*.googletagmanager.com https://*.youtube.com https://*.convertexperiments.com https://*.google-analytics.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com; img-src 'self' https://cdn.jsdelivr.net https://*.ghost.io https://*.medium.com https://*.googletagmanager.com https://*.google.com https://*.google.com.ph https://*.googleusercontent.com https://*.doubleclick.net https://*.google-analytics.com https://*.pagead2.googlesyndication.com blob: data:; font-src 'self' https://*.gstatic.com https://*.googleapis.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src 'self' https://*.youtube.com https://*.convertexperiments.com https://*.googletagmanager.com; 2 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn https://smb.apple.com swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2 default-src 'self' https:; font-src 'self' https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://fonts.gstatic.com/ https://p1.answerdash.com/ https://maxcdn.bootstrapcdn.com/; img-src 'self' data: https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.paypal.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com https://chart.googleapis.com/ https://www.google.com/ https://www.google.ca/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.zopim.io/ https://api.smooch.io/ https://hover.zendesk.com/ https://*.licdn.com/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ad.doubleclick.net/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.google-analytics.com/ https://www.googleadservices.com/ https://*.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com https://*.braintreegateway.com/ https://*.paypal.com/ https://*.marketingsolutions.yahoo.com/ https://cdnjs.cloudflare.com/ https://www.paypalobjects.com/ https://browser.sentry-cdn.com/ https://sentry.io/ https://js.sentry-cdn.com/ https://p1.answerdash.com/ https://utt.impactcdn.com/ https://*.impact.com/ https://hover-affiliates.pxf.io/ https://d33wwcok8lortz.cloudfront.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://static.zdassets.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://googleads.g.doubleclick.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://p1.answerdash.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.paypal.com/; frame-src 'self' https://assets.braintreegateway.com/ https://td.doubleclick.net/ https://hover-affiliates.pxf.io/ https://www.ojrq.net/ https://*.fls.doubleclick.net/ https://*.kaptcha.com/ https://*.paypal.com/ https://*.hsforms.net/ https://*.hsforms.com/; connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://analytics.google.com/ https://pagead2.googlesyndication.com/ https://px.ads.linkedin.com/ https://*.braintree-api.com/ https://*.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://*.paypal.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://ekr.zdassets.com/ https://ad.doubleclick.net/ https://stats.g.doubleclick.net/ wss://widget-mediator.zopim.com/ https://cdn.linkedin.oribi.io/ https://sentry.io/ https://js.sentry-cdn.com/ https://www.facebook.com/ https://*.hscollectedforms.net/ https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://px.ads.linkedin.com/ https://static.zdassets.com/ 2 default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allrecipes.com; upgrade-insecure-requests; 2 default-src 'self' *.trafficjunky.com *.trafficjunky.net blob: ; script-src 'self' *.trafficjunky.com 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com *.gstatic.com *.pendo.io *.googleapis.com blob: unpkg.com connect.facebook.net snap.licdn.com cdn.debugbear.com *.anura.io ; connect-src 'self' *.trafficjunky.com mgpg2.probiller.com mgpg.stage.pbk8s.com www.facebook.com www.google.com maps.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.pendo.io *.trafficjunky.net data.debugbear.com *.anura.io api.fpjs.io ; img-src 'self' https: data: ; style-src 'self' *.trafficjunky.com 'unsafe-inline' *.googleapis.com *.pendo.io ; font-src 'self' *.trafficjunky.com *.gstatic.com ; media-src 'self' https: ; frame-src 'self' *.trafficjunky.com *.trafficjunky.net static.trafficjunky.com www.google.com www.googletagmanager.com *.geekadm.net api.yoti.com www.youtube.com app.pendo.io ; frame-ancestors none 2 frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com https://philipsigtdpv.com 2 base-uri 'self' *.adform.net https://cdn.justpremium.com; font-src 'self' https: data: *.taboola.com; form-action 'self'; frame-ancestors *; img-src 'self' https: data: *.testfaz.net *.faz.net *.taboola.com; object-src 'self'; script-src-attr 'unsafe-inline'; style-src https: 'unsafe-inline' 'self' *.testfaz.net *.faz.net *.taboola.com; script-src 'unsafe-inline' 'unsafe-eval' https: *; upgrade-insecure-requests; connect-src *; default-src 'self' https:; frame-src *; media-src 'self' https: data:; worker-src * blob:; 2 default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src blob: https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2 default-src 'self'; manifest-src 'self'; worker-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://platform.twitter.com https://embedr.flickr.com https://widgets.flickr.com https://www.youtube.com https://player.vimeo.com/api/player.js https://*.vimeocdn.com https://p.trellocdn.com https://*.clarity.ms https://s.go-mpulse.net https://datawrapper.dwcdn.net; object-src 'none'; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com https://vjs.zencdn.net https://pt.dwcdn.net https://datawrapper.dwcdn.net; img-src 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com https://geoservices.un.org https://i.ytimg.com https://syndication.twitter.com https://pbs.twimg.com https://embedr.flickr.com https://*.staticflickr.com https://*.vimeocdn.com https://*.vimeo.com https://*.clarity.ms https://c.bing.com https://static.dwcdn.net https://datawrapper.dwcdn.net; media-src 'self'; form-action 'self'; frame-src 'self' https://*.soundcloud.com https://*.dwcdn.net https://*.x.com https://*.tiktok.com https://*.walls.io https://www.youtube.com https://www.youtube-nocookie.com https://*.youku.com https://youtu.be https://www.facebook.com https://*.instagram.com https://*.linkedin.com https://trello.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.flickr.com https://datawrapper.dwcdn.net; frame-ancestors 'self'; child-src 'self' https://*.soundcloud.com https://*.dwcdn.net https://*.x.com https://*.tiktok.com https://*.walls.io https://www.youtube.com https://www.youtube-nocookie.com https://*.youku.com https://youtu.be https://www.facebook.com https://*.instagram.com https://*.linkedin.com https://trello.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.flickr.com https://datawrapper.dwcdn.net; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://static.dwcdn.net; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://embedr.flickr.com https://vimeo.com https://bam.nr-data.net https://*.clarity.ms https://*.akstat.io https://c.go-mpulse.net https://*.akamaihd.net https://datawrapper.dwcdn.net; base-uri 'self'; report-uri https://ilopublic.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 2 default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com collector-47804.us.tvsquared.com/tv2track.js ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu https://preview.widgets.ninetailed.io/ ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com ; font-src 'self' cdn.robinhood.com data: ; media-src 'self' cdn.robinhood.com *.usercentrics.eu videos.ctfassets.net/ilblxxee70tt/ ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net downloads.ctfassets.net www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net pixel.pointmediatracker.com cnv.event.prod.bidr.io/log/cnv data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu cdn.blisspointmedia.com/assets/img/ px.ads.linkedin.com collector-47804.us.tvsquared.com/tv2track.php images.ctfassets.net/ilblxxee70tt/ ; frame-ancestors 'self' https://app.contentful.com ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.x1creditcard.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com analytics.tiktok.com boards-api.greenhouse.io preview.contentful.com cdn.contentful.com experience.ninetailed.co s.yimg.com *.usercentrics.eu api.instagram.com/ px.ads.linkedin.com assets.ctfassets.net/ilblxxee70tt/ https://ingest.insights.ninetailed.co ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 2 base-uri 'self'; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://gitlab.com/api/ https://analytics.python.org fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com https://billing.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ *.fastly-insights.com *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://analytics.python.org *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com 2 frame-ancestors 'self' *.adobe.com; default-src blob: https: data: *.sprinklr.com wss://*.sprinklr.com *.liveperson.net wss://*.liveperson.net 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' *.collegeboard.org; script-src 'self' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com assets.adobedtm.com cdn.cookielaw.org bat.bing.com www.clarity.ms d.clarity.ms 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net cdn.heapanalytics.com widgets.getsitecontrol.com www.youtube.com *.salesforceliveagent.com service.force.com s.yimg.com connect.facebook.net ajax.cloudflare.com st.getsitecontrol.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ www.google.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js tpc.googlesyndication.com cdn.aimtell.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com conoret.com ucads-cdn.ucweb.com www.google-analytics.com www.pagespeed-mod.com bytedance.com sp.analytics.yahoo.com static.jungroup.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com *.appcues.net cb-zscaler-pages.s3.amazonaws.com www.buzzsprout.com; style-src 'self' *.collegeboard.org 'unsafe-inline' service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com *.my.salesforce-sites.com cdn.tt.omtrdc.net/cdn/adobetarget/admin.css d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net fonts.googleapis.com fonts.google.com 'unsafe-inline'; img-src 'self' *.collegeboard.org data: bat.bing.com www.facebook.com www.google.com *.doubleclick.net googleads.g.doubleclick.net *.clarity.ms *.heapanalytics.com app.getsitecontrol.com *.analytics.yahoo.com *.bing.com heapanalytics.com www.googletagmanager.com www.google.co.jp www.google.ca www.googletagmanager.com www.google.co www.google.com www.google.jo translate.google.com ssl.google-analytics.com d10lpsik1i8c69.cloudfront.net adservice.google.com *.appcues.com *.appcues.net res.cloudinary.com twemoji.maxcdn.com *; frame-src 'self' *.collegeboard.org www.surveygizmo.com bid.g.doubleclick.net googleads.g.doubleclick.net service.force.com beacon.aimtell.com tpc.googlesyndication.com datacloudstat.com www.facebook.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com s3.amazonaws.com/cdn.aimtell.com/ *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org *.webcasts.com td.doubleclick.net www.googletagmanager.com cb-zscaler-pages.s3.amazonaws.com us-east-1.quicksight.aws.amazon.com www.buzzsprout.com; frame-ancestors 'self' credentialfinder.org; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: st.getsitecontrol.com moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/ fonts.gstatic.com; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com www.facebook.com *.clarity.ms bat.bing.com app.getsitecontrol.com lambda.us-east-1.amazonaws.com signals.aimtell.com bam.nr-data.net settings.luckyorange.net cdn.aimtell.io log.aimtell.com s.yimg.com cognito-identity.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com beacon.aimtell.com adservice.google.com www.google.com api.ultimateaderaser.com privacyportal.onetrust.com adtonus.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com gjtrack.ucweb.com/collect heapanalytics.com log.kslogs.ru/timesince plugin.ucads.ucweb.com/api rdtds.net/siblings/find stats.g.doubleclick.net www.google-analytics.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com get663.com support.adcleanerpage.com hm.baidu.com/hm.gif dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net static.doubleclick.net full-apform.cs190.force.com yt3.ggpht.com cdn.mouseflow.com n2.mouseflow.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2 frame-ancestors 'self' https://www.northpass.com 2 frame-ancestors 'self' https://*.dish.com; 2 img-src 'self' https: data:; font-src 'self' https://cookie.vrt.be; script-src 'self' https://t-stag.vrt.be https://t.vrt.be https://sso.vrt.be https://assets.adobedtm.com/ https://cmp-sp.vrt.be/ https://cookie.vrt.be/ https://interactief.vrt.be/ https://gabe.hit.gemius.pl/ https://platform.twitter.com/ https://www.instagram.com/ https://files.qualifio.com/ https://www.youtube.com/ https://www.vimeo.com/ https://znetjitvxsol8c1x7-vrt.siteintercept.qualtrics.com/ https://cdnjs.cloudflare.com/ https://pool-pebblemedia.adhese.com/ https://*.clarity.ms https://c.bing.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://backend.prod.vrt.hosted-temp.com; upgrade-insecure-requests; 2 frame-ancestors 'self' *.qnap.com *.qnap.com.cn *.qnap.com.tw; 2 frame-ancestors 'self' https://*.justia.com http://*.justia.com 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellhealth.com; upgrade-insecure-requests; 2 upgrade-insecure-requests;frame-ancestors 'self' https://*.sueddeutsche.de https://*.jetzt.de https://*.szcms.de https://*.szdm.io; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.ew.com; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' mod.calltouch.ru *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com app.cmd-online.ru balancer.voximplant.com ;style-src 'self' 'unsafe-inline' *.jivo.ru app.cmd-online.ru cdn.materialdesignicons.com cdn.jsdelivr.net ;connect-src 'self' 'unsafe-inline' wss: *.yandex.ru mod.calltouch.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com app.cmd-online.ru balancer.voximplant.com ;img-src * data: ;frame-ancestors 'self' *.yandex.ru yandex.ru;frame-src *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net app.cmd-online.ru;media-src * ;object-src 'none' ; base-uri 'self' ;form-action 'self' ;font-src * ; 2 frame-ancestors 'self' https://tpc.googlesyndication.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://www.netsuite.com https://us-approval.netsuite.com https://www-stage.oracle.com https://*.app.netsuite.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://guidedlearning.oracle.com https://sc-oal-en.custhelp.com https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat-fi.custhelp.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://netsuite-salechat-it.custhelp.com https://netsuite-salechat-pl.custhelp.com https://netsuite-salechat-ru.custhelp.com https://netsuite-salechat-tr.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://search-api.oracle.com https://tracking.netsuite.com https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net wss://idcs-oda-7fa1f5c9fa1841329f72d8695ac98c9a-da3.data.digitalassistant.oci.oraclecloud.com; font-src 'self' data: https://us-approval.netsuite.com https://www.netsuite.com; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2 frame-ancestors https://poshmark.lightning.force.com *.goshd.com *.goshd.ca *.poshmark.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 2 frame-ancestors 'self' https://*.familysearch.org https://*.familysearch.psdops.com https://*.church.brightspot.cloud 2 frame-ancestors 'none'; font-src 'self' 2 frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 2 default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com *.arkoselabs.com; block-all-mixed-content; upgrade-insecure-requests 2 default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.mutinycdn.com https://*.mutinyhq.io https://ajax.googleapis.com https://*.chilipiper.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.clearbit.com https://www.google.com https://www.googleanalytics.com https://*.qualified.com https://*.website-files.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsslider@1/cmsslider.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-queryparam@1/queryparam.js https://*.adroll.com https://tracking.g2crowd.com https://bat.bing.com https://tag.unifyintent.com https://www.redditstatic.com/ads/pixel.js https://*.opendns.com https://trk.crozdesk.com; connect-src blob: data: 'self' https://sprig.com https://*.sprig.com *.userleap.com *.ingest.sentry.io https://api.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://google.com https://googletagmanager.com https://*.googletagmanager.com https://*.doubleclick.net https://cdn.segment.com https://api.segment.io https://events.launchdarkly.com https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://ws.zoominfo.com https://scout-cdn.salesloft.com https://scout.salesloft.com https://api.ashbyhq.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.mutinyhq.com https://*.chilipiper.com https://*.mux.com https://storage.googleapis.com https://*.clearbit.com https://cdn.linkedin.oribi.io wss://ws.qualified.com https://*.website-files.com https://px.ads.linkedin.com https://forms.hscollectedforms.net https://bat.bing.com https://clientstream.launchdarkly.com https://tracking.g2crowd.com https://unifyintent.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://*.opendns.com https://trk.crozdesk.com; img-src https://*.sprig.com *.userleap.com *.assets-servd.host data: 'self' https://track.hubspot.com https://heapanalytics.com https://*.linkedin.com https://t.co https://p.adsymptotic.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.analytics.google.com https://*.doubleclick.net/ https://userleap.ghost.io https://*.hsforms.com https://i.vimeocdn.com https://www.gravatar.com https://*.googleadservices.com/ https://js.na.chilipiper.com https://*.mux.com https://*.mutinycdn.com https://*.mutinyhq.io https://analytics.twitter.com https://api.producthunt.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.adroll.com https://i.ytimg.com https://bat.bing.com https://api.urlbox.io https://logo.clearbit.com https://alb.reddit.com/rp.gif https://*.opendns.com https://pixel.tapad.com; style-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.na.chilipiper.com https://fonts.googleapis.com https://*.website-files.com https://*.opendns.com; worker-src blob:; font-src https://*.sprig.com *.userleap.com 'self' data: https://fonts.gstatic.com https://app.sprig.com https://*.mutinycdn.com https://fonts.gstatic.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.opendns.com; frame-src blob: https://sprig.com https://*.sprig.com *.userleap.com 'self' https://meetings.hubspot.com/ https://player.vimeo.com/ https://app.hubspot.com/ https://share.transistor.fm/ https://www.facebook.com/ https://*.hsforms.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://*.chilipiper.com https://*.wistia.net https://*.qualified.com https://cdn.embedly.com https://*.adroll.com https://*.opendns.com; media-src blob: 'self' https://*.mux.com https://sprig.com https://servd-white-cougar.b-cdn.net https://*.website-files.com https://*.opendns.com; form-action 'self' https://www.facebook.com/ https://*.hsforms.com/ https://*.opendns.com; frame-ancestors 'self' https://sprig.com/ https://*.sprig.com https://app.mutinyhq.com https://*.opendns.com; 2 upgrade-insecure-requests; frame-ancestors https://*.stern.de; 2 default-src 'self'; script-src 'self' 'report-sample' www.gstatic.com www.recaptcha.net; style-src 'self' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' www.recaptcha.net; frame-ancestors 'none'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none' 2 default-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co *.audima.co vlibras.gov.br *.vlibras.gov.br https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com s3.glbimg.com *.amplitude.com *.goadopt.io https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js secure.lomadee.com; img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.audima.co vlibras.gov.br *.vlibras.gov.br *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg; object-src 'none'; style-src 'unsafe-inline' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googleapis.com *.datadome.co *.hotjar.com; connect-src 'self' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://apigw-commons-prd.ecsbr.net https://apigw-commons-hml.ecsbr.net *.audima.co vlibras.gov.br *.vlibras.gov.br wss://*.hotjar.com *.hotjar.io *.hotjar.com *.tiktok.com *.facebook.com *.creativecdn.com *.criteo.com pixel.globo.com *.amplitude.com *.goadopt.io https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/target/playerweb.json; frame-ancestors 'self' *.builder.io builder.io *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net; worker-src 'self' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.builder.io builder.io https://browser-intake-datadoghq.com 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.eatingwell.com; upgrade-insecure-requests; 2 script-src 'self' gameloft.com *.gameloft.com gameloft.org *.gameloft.org *.google.com *.gstatic.com *.google-analytics.com *.youtube.com *.doubleclick.net *.amazonaws.com *.googletagmanager.com *.privacy-center.org *.crazyegg.com *.tiktok.com *.ads-twitter.com *.facebook.net *.singular.net *.gsght.com *.cloudflare.com 'unsafe-eval' 'unsafe-inline'; 2 Strict-Transport-Security: max-age=31556952; includeSubDomains; preload 2 frame-ancestors 'self' *.newgrounds.com 2 default-src 'self'; img-src 'self' data:; script-src 'self' 'sha256-J/tux0AP4WAYsCxprPoE+2XJ+XNJ8Esd8nCF8o/diiw='; style-src 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com giscus.app connect.facebook.net clearbit.com clearbitjs.com cdn.jsdelivr.net apis.google.com accounts.google.com www.googletagmanager.com tag.clearbitscripts.com platform.twitter.com vercel.live cdn.vercel-insights.com cdn.lr-ingest.com cdn.logr-ingest.com x.clearbitjs.com googleads.g.doubleclick.net googleadservices.com www.googleadservices.com analytics.tiktok.com snap.licdn.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsforms.net forms.hsforms.com js.usemessages.com https://decagon.ai/loaders/codeium.js https://decagon.ai/loaders/codeium_embed.js https://hubspot.com https://app.hubspot.com https://sibautomation.com https://challenges.cloudflare.com https://us-central1-exa2-fb170.cloudfunctions.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.vercel-insights.com js.stripe.com; img-src * blob: data: exafunction.github.io; media-src 'self' exafunction.github.io; connect-src * data: https://accounts.google.com/; font-src 'self' cdn.jsdelivr.net assets.vercel.com fonts.gstatic.com; frame-src 'self' giscus.app windsurf.com staging-real-2.windsurf.com codeium-staging-exafunction.vercel.app exa2-fb170.firebaseapp.com js.stripe.com platform.twitter.com vercel.live youtube.com www.youtube.com codeium-staging.firebaseapp.com exafunction.github.io https://github.com viewscreen.githubusercontent.com notebooks.githubusercontent.com td.doubleclick.net auth-staging.codeium.com auth.codeium.com auth-staging.windsurf.com auth.windsurf.com https://hubspot.com https://decagon.ai https://app.hubspot.com https://forms.hsforms.com/ https://challenges.cloudflare.com https://us-central1-exa2-fb170.cloudfunctions.net accounts.google.com docs.google.com www.googletagmanager.com; frame-ancestors 'self' https://github.com; worker-src blob:; 2 frame-ancestors 'self' embed-v1.handelsblatt.com hbapp.handelsblatt.com amp2.handelsblatt.com grafik.handelsblatt.com preview-www.handelsblatt.com preview-www.staging--hb.hmg.systems bugfix-preview-www.handelsblatt.com edit.cms.production.hmg.systems; 2 frame-ancestors 'self' zpfsmigration.zohostratus.com 2 frame-ancestors 'self' http://*.dji.com https://*.dji.com 2 default-src 'self' customer-cubrih08bflu3z2b.cloudflarestream.com pages.churnbuster.io ghbtns.com *.algolia.net help.ghost.io resources.ghost.io tutorials.ghost.io changelog.ghost.io t.firstpromoter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://cdn.firstpromoter.com proxy-assets.churnbuster.io https://static.ads-twitter.com https://www.dubcdn.com/analytics/script.js ingest.promptwatch.com; style-src 'self' 'unsafe-inline' proxy-assets.churnbuster.io; font-src 'self' rsms.me/inter/font-files/; img-src 'self' 'unsafe-inline' data: supapjpiqdfzuaordcdx.supabase.co/storage/ analytics.twitter.com https://t.co https://dubassets.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com analytics.twitter.com https://ads-api.twitter.com/ t.firstpromoter.com https://api.dub.co/track/click ingest.promptwatch.com; 2 frame-ancestors 'self' https://store-qa2.enphase.com https://store.enphase.com/; report-uri https://enphase.com/report-uri/enforce 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:* *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.walkme.com *.aptrinsic.com; style-src 'self' 'unsafe-inline' *.walkme.com *.aptrinsic.com fonts.googleapis.com; frame-src 'self' *.websense.com:* *.walkme.com s3.walkmeusercontent.com; font-src 'self' data: *.walkme.com fonts.gstatic.com; img-src 'self' data: *.walkme.com s3.walkmeusercontent.com d2qhvajt3imc89.cloudfront.net media-exp1.licdn.com *.forcepoint.com *.aptrinsic.com storage.googleapis.com *.websense.net *.mailcontrol.com *.forcepoint.net; connect-src 'self' *.walkme.com *.aptrinsic.com; worker-src 'self' blob: *.walkme.com; object-src 'self' *.walkme.com; frame-ancestors 'self' *.forcepointone.com:* *.forcepointone.eu:*; 2 connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' https://warteraum.elster.de ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-8iQ2C8eb3U8w2Ju2KXNjCyA/smg8byFgqNObcw1AX74=' 'sha256-YYGOQLmFupNssV6Yh7nuq54fYxTXHNrLhuEwg06WCkw=' 'sha256-uGLs916BWWd82O+HGlWvl29QI9Ql1zsRzxZP1/7F9xI=' https://chat.elster.de 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: android-webview-video-poster: goodrx.com *.goodrx.com *.goodrx.com. *.grxstatic.com *.grxweb.com *.heydoctor.com; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: mediastream: *.goodrx.com *.goodrx.com. *.grxstatic.com *.grxweb.com healthination.com *.heydoctor.com d2bnxibecyz4h5.cloudfront.net *.scorecardresearch.com unpkg.com s3.amazonaws.com descopecdn.com static.descope.com *.px-cdn.net *.videoamp.com gx9e.app.link app.link *.px-cloud.net rampjs-cdn.system1.com *.trustpilot.com *.riddle.com *.sentry-cdn.com *.affirm.com static.legitscript.com *.osano.com *.doubleverify.com *.googletagservices.com *.2mdn.net *.adsafeprotected.com *.parsely.com www.datadoghq-browser-agent.com trc.lhmos.com *.adnxs.com *.adnxs-simple.com *.segment.io *.segment.com js.stripe.com *.branch.io *.adtrafficquality.google *.googleadservices.com *.googletagmanager.com *.quantummetric.com *.qualtrics.com sync.graph.bluecava.com *.hcn.health *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com *.jwpcdn.com *.jwplayer.com *.jwplatform.com *.jwpltx.com *.jwpsrv.com videos-fms.jwpsrv.com videos-cloudflare.jwpsrv.com *.optimizely.com *.google-analytics.com *.getvim.com *.athenahealth.com *.ecwcloud.com *.eclinicalweb.com www.medtargetsystem.com site806-fyn1ivvp.chartwire.cloud ecw.desotoregional.com ecw.gsantosmd.com ecw.padderhealth.com site807-5c2melqa.chartwire.cloud cranium.rhgnc.org ecw.imgnh.com *.allscripts.com *.officeally.com *.oadomain.com *.drchrono.com *.elationemr.com *.mdland.com *.emedpractice.com; style-src data: 'self' 'unsafe-inline' *.goodrx.com *.goodrx.com. *.grxstatic.com *.gstatic.com *.google.com *.googleapis.com s3.amazonaws.com static.descope.com content.app.descope.com *.innovid.com; img-src data: blob: android-webview-video-poster: 'self' *.goodrx.com *.goodrx.com. *.grxstatic.com www.hellogoodrx.com *.heydoctor.com static.dwcdn.net *.scorecardresearch.com match.prod.bidr.io static.star2.descope.app static.descope.com *.insightexpressai.com bat.bing.com *.googleusercontent.com content.app.descope.com *.evidon.com *.doubleverify.com *.google-analytics.com *.innovid.com *.adsafeprotected.com goodrx-web-assets.s3.us-west-2.amazonaws.com sync.graph.bluecava.com s3.amazonaws.com *.ctfassets.net *.adtrafficquality.google syndicatedsearch.goog *.hcn.health trc.lhmos.com *.adnxs.com *.adnxs-simple.com p.alcmpn.com *.adsrvr.org *.googleapis.com *.googleadservices.com *.gstatic.com *.googlesyndication.com *.google.com *.doubleclick.net *.googletagmanager.com *.jwpcdn.com *.jwplayer.com *.jwplatform.com *.jwpltx.com *.jwpsrv.com videos-fms.jwpsrv.com videos-cloudflare.jwpsrv.com static.legitscript.com *.parsely.com *.qualtrics.com *.2mdn.net *.riddle.com *.easyvax.com d4fuqqd5l3dbz.cloudfront.net askchapter.org unpkg.com www.medtargetsystem.com; connect-src data: blob: 'self' goodrx.com *.goodrx.com *.goodrx.com. *.grxstatic.com *.grxweb.com *.heydoctor.com surveygizmobeacon.s3.amazonaws.com d2bnxibecyz4h5.cloudfront.net *.zapier.com *.scorecardresearch.com *.rlcdn.com *.adsafeprotected.com *.affirm.com gx9e.app.link app.link cdn.contentful.com soflopxl.com bat.bing.com static.star2.descope.app api.descope.com content.app.descope.com p.alcmpn.com *.googleadservices.com static.legitscript.com *.segment.com *.segment.io *.perimeterx.net *.pxchk.net *.perimeterx.net *.px-cdn.net *.parsely.com rampjs-cdn.system1.com trc.lhmos.com *.ctfassets.net rum.browser-intake-us5-datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.datadoghq.com *.googleadservices.com *.doubleverify.com *.sentry-cdn.com sentry.io *.ingest.sentry.io *.ingest.us.sentry.io *.optimizely.com *.px-cloud.net *.px-client.net *.doubleclick.net *.hcn.health *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.qualtrics.com sync.graph.bluecava.com *.quantummetric.com *.jwpcdn.com *.jwplayer.com *.jwplatform.com *.jwpltx.com *.jwpsrv.com videos-fms.jwpsrv.com videos-cloudflare.jwpsrv.com *.branch.io *.osano.com *.adtrafficquality.google globalsiteanalytics.com *.getvim.com *.athenahealth.com *.ecwcloud.com *.eclinicalweb.com www.medtargetsystem.com site806-fyn1ivvp.chartwire.cloud ecw.desotoregional.com ecw.gsantosmd.com ecw.padderhealth.com site807-5c2melqa.chartwire.cloud cranium.rhgnc.org ecw.imgnh.com *.allscripts.com *.officeally.com *.oadomain.com *.drchrono.com *.elationemr.com *.mdland.com *.emedpractice.com; font-src data: *.goodrx.com *.goodrx.com. *.heydoctor.com *.grxstatic.com *.gstatic.com *.innovid.com *.typekit.net *.googleapis.com *.googleusercontent.com descopecdn.com static.descope.com content.app.descope.com maxcdn.bootstrapcdn.com unpkg.com; media-src data: blob: *.goodrx.com *.goodrx.com. *.grxstatic.com *.gstatic.com *.googlevideo.com *.gvt1.com *.2mdn.net *.innovid.com *.jwpcdn.com *.jwplayer.com *.jwplatform.com *.jwpltx.com *.jwpsrv.com videos-fms.jwpsrv.com videos-cloudflare.jwpsrv.com; frame-ancestors 'self' data: blob: mediastream: android-webview-video-poster: *.goodrx.com *.goodrx.com. *.grxstatic.com *.osano.com *.rlcdn.com *.contentful.com adzerk-preview.com *.getvim.com *.athenahealth.com *.ecwcloud.com *.eclinicalweb.com www.medtargetsystem.com ecw.gsantosmd.com ecw.padderhealth.com site807-5c2melqa.chartwire.cloud cranium.rhgnc.org ecw.imgnh.com *.allscripts.com *.officeally.com *.oadomain.com *.drchrono.com *.elationemr.com *.mdland.com *.emedpractice.com; child-src blob: *.goodrx.com *.goodrx.com. *.grxstatic.com *.osano.com *.scorecardresearch.com *.googletagmanager.com *.qualtrics.com *.hcn.health *.doubleclick.net *.googleapis.com *.googlesyndication.com syndicatedsearch.goog *.google.com *.googleadservices.com *.2mdn.net js.stripe.com datawrapper.dwcdn.net *.riddle.com *.trustpilot.com; worker-src blob: chrome: *.goodrx.com *.goodrx.com.; frame-src 'self' *.goodrx.com *.goodrx.com. *.grxstatic.com *.osano.com *.scorecardresearch.com scores.securityscorecard.io *.rlcdn.com *.affirm.com *.adsrvr.org bat.bing.com js.stripe.com *.jwplayer.com www.youtube.com *.quantummetric.com partners-medicare.askchapter.org *.googletagservices.com *.adtrafficquality.google datawrapper.dwcdn.net *.hcn.health google.com *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.doubleclick.net *.trustpilot.com syndicatedsearch.goog *.googlesyndication.com *.riddle.com *.2mdn.net *.qualtrics.com *.innovid.com survey.alchemer.com *.medtargetsystem.com site806-fyn1ivvp.chartwire.cloud ecw.desotoregional.com; fenced-frame-src 'self' *.google.com *.googlesyndication.com; script-src-elem blob: data: 'unsafe-inline' *.goodrx.com *.goodrx.com. *.grxstatic.com *.heydoctor.com d2bnxibecyz4h5.cloudfront.net *.scorecardresearch.com unpkg.com bat.bing.com s3.amazonaws.com js.stripe.com *.jwpcdn.com *.adnxs.com trc.lhmos.com *.osano.com *.px-cloud.net *.px-cdn.net descopecdn.com static.descope.com content.app.descope.com rampjs-cdn.system1.com *.parsely.com *.segment.com *.segment.io gx9e.app.link app.link *.evidon.com *.quantummetric.com *.trustpilot.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.google.com *.qualtrics.com *.hcn.health *.sentry-cdn.com *.videoamp.com *.adtrafficquality.google *.gstatic.com *.adsafeprotected.com choices.truste.com choices.trustarc.com *.innovid.com *.googleapis.com *.googleadservices.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.affirm.com static.legitscript.com *.branch.io *.optimizely.com sync.graph.bluecava.com *.datadoghq-browser-agent.com *.2mdn.net *.riddle.com *.jwplatform.com *.jwplayer.com *.jwpcdn.co healthination.com *.getvim.com *.athenahealth.com *.ecwcloud.com *.eclinicalweb.com site806-fyn1ivvp.chartwire.cloud ecw.desotoregional.com ecw.gsantosmd.com ecw.padderhealth.com site807-5c2melqa.chartwire.cloud cranium.rhgnc.org ecw.imgnh.com *.allscripts.com *.officeally.com *.oadomain.com *.drchrono.com *.elationemr.com *.mdland.com *.emedpractice.com; style-src-elem blob: data: 'unsafe-inline' *.goodrx.com *.goodrx.com. *.grxstatic.com *.evidon.com *.innovid.com s3.amazonaws.com *.gstatic.com *.google.com *.googleapis.com static.descope.com content.app.descope.com p.typekit.net pt.dwcdn.net; object-src sync.graph.bluecava.com; report-uri https://sentry.io/api/5148329/security/?sentry_key=b77e90b1f5654f2e83a0238f4cf07987 2 connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ; 2 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/ThinkWithGoogle/cspreport/allowlist;worker-src blob: 'self' 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' https://*.dynamicyield.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://www.googletagmanager.com https://www.google-analytics.com; connect-src * data: https://*.dy-api.com https://*.dynamicyield.com https://www.googletagmanager.com https://www.google-analytics.com; style-src * 'unsafe-inline' https://*.dynamicyield.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/*; img-src * data: https://*.dynamicyield.com https://images.ctfassets.net; font-src * https://fonts.googleapis.com https://fonts.gstatic.com; frame-src *; frame-ancestors * https://app.contentful.com; media-src *; worker-src 'self' blob:; 2 frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com https://appnews.ajc.com http://localhost:* https://*.pugpig.com https://stage-appnews.ajc.com/ https://stage-ajcnews-ajc.content.pugpig-stage.com 2 connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://*.adobemsbasic.com https://*.adobe.com https://*.lingotek.com https://*.nuance.com https://nuance.seismic.com; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.bhg.com; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.treehugger.com; upgrade-insecure-requests; 2 frame-ancestors 'self' *.kameleoon.com *.services.local; base-uri 'self' *.pagesjaunes.fr; 2 default-src 'self' data: https://cloud.ccm19.de wss://api.session-replays.io https://api.session-replays.io https://lb-api.visitor-analytics.io https://app-worker.visitor-analytics.io https://visits.visitor-analytics.io https://*.tum.de https://tum.de https://www.google.com/ https://ajax.googleapis.com https://cse.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.br.de https://maps.google.de https://geoportal.bayern.de https://www.googleapis.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://ngp.zdf.de https://www.arte.tv https://zdfvodnone-vh.akamaihd.net https://img.youtube.com https://www.ardaudiothek.de https://tum.cloud.panopto.eu https://vimeo.com https://player.vimeo.com https://open.spotify.com https://spotify.com https://anchor.fm/ https://www.ardmediathek.de 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry2.in2code.de/api/19/security/?sentry_key=3eebfda547ed55b0e7f39fdf229429f9 2 frame-ancestors 'self' *.kugou.com 2 form-action 'self *.myqnapcloud.com *.myqnapcloud.cn'; base-uri 'self'; default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn *.event.qnap.com *.static.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src data: wss: http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com *.firebaseio.com 2 base-uri 'self'; default-src 'self' *.photonengine.com; block-all-mixed-content; connect-src 'self' *.photonengine.com *.azure.com *.addsearch.com *.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://static.cloudflareinsights.com; frame-ancestors 'self'; frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.photonengine.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com blob: data:; object-src 'self' *.photonengine.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://www.gstatic.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de https://*.kicker-vereinsheim.de 2 frame-ancestors 'self' https://*.momoshop.com.tw http://*.momoshop.com.tw; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2 object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net js.createsend1.com www.createsend.com *.blackbaudhosting.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js *.simpli.fi https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src * 'report-sample' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com *.blackbaudhosting.com js.createsend1.com *.nla.gov.au *.payments.blackbaud.com; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.foodandwine.com; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.degruyterbrill.com; object-src 'self' www.googletagmanager.com; script-src 'nonce-Vair1fXaMH08zYV1Ds+Wlw==' 'strict-dynamic' 'self' 'wasm-unsafe-eval' dgbricks.foxycart.com cdnjs.cloudflare.com www.google-analytics.com connect.liblynx.com www.googletagmanager.com tag.manager.google.com mozilla.github.io cc.cdn.civiccomputing.com; base-uri 'none' 2 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 2 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.skype.com 2 frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2 frame-ancestors 'self' *.ncaa.com *.sdata-cloud.com *.ampproject.org; 2 frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com *.rchsd.org *.ceros.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.parismatch.com https://*.lejdd.fr 2 default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; script-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com payanyway.ru https://pay.google.com https://pay.yandex.ru https://mc.yandex.ru https://yastatic.net https://cdn-ru.bitrix24.ru 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru www.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; connect-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru sbp.payanyway.ru *.payanyway.com https://mc.yandex.ru https://qr.nspk.ru https://widget.cbrpay.ru https://b24-eye5y3.bitrix24.ru ; frame-src https: sberpay: sbolpay: qr.nspk.ru mc.yandex.ru ; child-src blob: https://mc.yandex.ru ; report-uri /cspreport.htm 2 frame-ancestors 'self' https://*.contentful.com 2 require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 2 upgrade-insecure-requests, upgrade-insecure-requests 2 child-src blob:; connect-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://www.google.com https://www.google.se https://www.googletagmanager.com privacyportal-de.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com wss://*.giosg.com *.whisbi.com static.customersaas.com teliase-259.qelpcare.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com ssgtm.telia.se https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se *.smartrefill.se captive.apple.com connectivitycheck.gstatic.com https://go.telia.se https://*.adyen.com https://*.tf-b2c.com; default-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; font-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://cdn.giosgusercontent.com data: *.smartrefill.se https://*.adyen.com https://*.tf-b2c.com; frame-src https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se ssgtm.telia.se https://*.doubleclick.net https://telia.bbvms.com static.customersaas.com static-accept.customersaas.com https://*.giosg.com https://*.giosgusercontent.com *.kampyle.com *.medallia.eu *.ace.teliacompany.com telia.humany.net https://optimizely.teliacompany.com bankid: https://app.bankid.com *.smartrefill.se https://*.adyen.com https://*.tf-b2c.com; img-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com *.whisbi.com https://dcosix8as1189.cloudfront.net https://s3-eu-west-1.amazonaws.com/whi-deck-bucket-001/ https://*.giosgusercontent.com https://www.facebook.com/ d35v9wsdymy32b.cloudfront.net d3mwk3f7r8fv9u.cloudfront.net images.customersaas.com horizon-cms.s3.eu-central-1.amazonaws.com *.ace.teliacompany.com telia.humany.net https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net *.kampyle.com *.medallia.eu https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://optimizely.teliacompany.com https://webbshop.telia.se data: *.smartrefill.se https://*.adyen.com https://*.tf-b2c.com; object-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; report-uri /.api/csp-report/v1/report; script-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://www.google.com https://www.google.se https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com *.whisbi.com https://connect.facebook.net static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com https://www.googletagmanager.com ssgtm.telia.se blob: https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se 'unsafe-inline' 'unsafe-eval' telia-sweden.smartrefill.se teliase.smartrefill.se https://go.telia.se https://*.adyen.com https://*.tf-b2c.com; style-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://www.googletagmanager.com https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net 'unsafe-inline' *.smartrefill.se https://*.adyen.com https://*.tf-b2c.com; worker-src blob: 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.website-files.com https://*.prod.website-files.com https://uploads-ssl.webflow.com https://webflow.com https://*.survicate.com https://*.survicate-cdn.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://static.intercomassets.com https://*.cookiebot.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://analytics.google.com https://adservice.google.com www.googleadservices.com https://stats.g.doubleclick.net https://td.doubleclick.net https://rec.smartlook.com https://*.smartlook.cloud https://web-sdk.smartlook.com https://assets.calendly.com https://tracking.g2crowd.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://snap.licdn.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.hsforms.net *.hsforms.com https://forms.hubspot.com https://tag.clearbitscripts.com https://*.clearbit.com https://x.clearbitjs.com https://js.partnerstack.com partnerlinks.io https://grsm.io https://*.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com *.sharethis.com ipapi.co https://www.youtube-nocookie.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://calendly.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.linkedin.com/ https://bcp.crwdcntrl.net https://survicate.traffit.com https://cdn.embedly.com/ https://*.demio.com https://tube.rvere.com https://*.storylane.io https://*.g2.com https://app.getcontrast.io; media-src https: data:; img-src https: data:; worker-src 'self' blob:; report-to csp-endpoint-landing; 2 object-src 'none'; connect-src https://stats-stg.jiosaavn.com https://stats.jiosaavn.com https://qa-api.jiosaavn.com https://staging-api.jiosaavn.com https://api1.jiosaavn.com https://public.releases.juspay.in 'self' wss://wsstaging.jiosaavn.com wss://ws.jiosaavn.com https://identitytoolkit.googleapis.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://hbopenbid.pubmatic.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com *.pubmatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.juspay.in/ https://payments.juspay.in/ https://api.assets.juspay.in/ https://sandbox.assets.juspay.in/ https://js.stripe.com https://public.releases.juspay.in https://api.juspay.in https://sandbox.juspay.in tez://upi/pay phonepe://pay paytmmp://upi/pay paytmmp://pay credpay://upi/pay upi://pay upi://mandate paytmmp://mandate paytmmp://upi/mandate phonepe://mandate tez://upi/mandate *.googlesyndication.com *.safeframe.googlesyndication.com https://ads.pubmatic.com https://www.google.com data: tez: upi: paytmmp: phonepe:; worker-src 'none';manifest-src 'self'; 2 frame-ancestors 'self' *.boursorama.com *.boursobank.com 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 frame-ancestors 'self' https://cms.bolt.eu https://cms.prelive.bolt.eu; 2 base-uri 'self'; frame-ancestors 'self'; 2 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com marketing-forms-api.github.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com s88570519.t.eloqua.com/e/f2; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com octocaptcha.com play.vidyard.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2 frame-ancestors https://offers.monlix.com https://freecash.com 2 frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://*.ujet.co https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://cdnjs.cloudflare.com https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link https://*.gbqofs.com https://*.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://*.cookielaw.org 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca; 2 img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 2 frame-ancestors 'self' https://*.weheartit.com https://weheartit.com https://*.fooducate.com https://fooducate.com 2 default-src 'self' https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru *.zonatelecom.ru *.zt.ru zt.ru ws://*.zonatelecom.ru wss://*.zonatelecom.ru *.svc.team https://vk.com https://mc.yandex.ru https://yastatic.net https://*.doubleclick.net http://*.zonatelecom.ru https://*.mail.ru https://*.yandex.ru https://*.yandex.com https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://*.payselection.com wss://*.payselection.com ws://*.payselection.com;base-uri 'none';style-src 'self' 'unsafe-inline' https://*.zonatelecom.ru https://*.zt.ru https://zt.ru blob:;img-src 'self' https://cdn.zt.ru https://cdn.zt.ru *.svc.team *.zonatelecom.ru *.zt.ru zt.ru https://vk.com https://*.vk.com https://*.yandex.ru https://*.yandex.com https://*.mail.ru https://*.maps.yandex.net https://*.yandex.ru data: blob: https:;connect-src https: 'self' wss: ws://b24.zt.ru uaas.yandex.ru *.zonatelecom.ru *.zt.ru zt.ru wss://*.payselection.com https://*.yandex.ru https://*.yandex.com;font-src 'self';manifest-src 'self' *.zonatelecom.ru *.zt.ru zt.ru;object-src 'none';child-src blob: https://mc.yandex.ru blob: https://mc.yandex.com https://*.yandex.com https://*.yandex.ru;script-src 'self' https://sdk.inappstory.ru https://api.inappstory.com https://*.svc.team http://*.svc.team https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru https://*.zt.ru https://zt.ru 'unsafe-inline' 'unsafe-eval' https://vk.com https://mc.yandex.ru https://mc.yandex.com https://yastatic.net https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js abt.s3.yandex.net https://*.payselection.com;frame-src 'self' https://*.payselection.com https://widget.cloudpayments.ru https://b24.zt.ru/ https://*.yandex.ru https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://zt.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team blob: https://mc.yandex.ru https://*.yandex.ru https://*.yandex.com;frame-ancestors 'self' https://*.payselection.com https://widget.cloudpayments.ru https://b24.zt.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru/ https://*.zt.ru/ https://zt.ru https://www.zonatelecom.ru/ https://zt.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team https://*.yandex.ru https://*.yandex.com;report-uri /api/csp-report 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://anniversaire-lidl-fr.speedi.org https://*.criteo.net https://*.adyen.com https://*.demoup.com https://www.dwin1.com https://*.lidl.fr data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://anniversaire-lidl-fr.speedi.org https://*.adyen.com https://*.demoup.com https://*.lidl.fr; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adnxs.com https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.rubiconproject.com https://*.taboola.com https://*.teads.tv https://lantern.roeye.com https://*.lidl.fr data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.criteo.net https://*.adyen.com https://*.demoup.com https://lantern.roeyecdn.com https://www.dwin1.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors *.procore.com https://app.contentful.com 2 default-src 'self' *.snai.it ws: wss: www.datocms-assets.com * *.google-analytics.com snai-pscp.mstchannel.com; connect-src 'self' *.snai.it ws: wss: www.datocms-assets.com acsbapp.com captainup.com registry.spid.gov.it api.livestreaming.imgarena.com widgets.sir.sportradar.com www.googletagmanager.com * *.geniussports.com *.llnwd.net *.typekit.net *.go-mpulse.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.sportradar.com *.akstat.io *.googleapis.com *.akamaihd.net onetag-sys.com *.akamaized.net *.google-analytics.com *.applicationinsights.azure.com; script-src 'self' *.snai.it blob: acsbapp.com mpsnare.iesnare.com www.googletagmanager.com * *.typekit.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.com *.rfihub.net www.snaiabilita.it skill-sn.gioconlineitalia.it b2b.betpoint.it snaiwpprod.game360.it game-launcher-lux.isoftbet.com login-it.casino.pokersnai.it captainup.com vetrina.gntn-pgd.it snai.live.giocaonline.casino www.gntn-pgd.it litlobby.grattaevinci.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.snai.it extstg1-login.ptstaging.eu acsbapp.com b2b.betpoint.it captainup.com www.snaiabilita.it mpsnare.iesnare.com skill-sn.gioconlineitalia.it widgets.sir.sportradar.com www.googletagmanager.com *.gntn-pgd.it * *.go-mpulse.net *.game360.it *.isoftbet.com *.woosmap.com *.betpoint.it snai-pscp.mstchannel.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.net *.rfihub.com *.qa.gameaccount.com *.sisal.it *.googleapis.com lit.grattaevinci.com onetag-sys.com *.gioconlineitalia.it snai-pscp-staging.mstchannel.com *.giocaonline.casino snai.live.giocaonline.casino webapp.woosmap.com 'unsafe-inline'; style-src 'self' *.snai.it fonts.cdnfonts.com widgets.sir.sportradar.com * *.typekit.net *.googleapis.com 'unsafe-inline'; frame-src 'self' *.snai.it acquistionlinetest.poste.it *.safecharge.com *.sisal.it *.gntn-pgd.it * *.mstchannel.com *.cookiebot.com *.ptstaging.eu *.pokersnai.it *.jumio.ai *.rfihub.net *.rfihub.com snai-pscp-staging.mstchannel.com report.liveg24.com login-it.casino.pokersnai.it snai.betstream.betgenius.com www.snaigiochi.it vetrina.giocodellotto.it litlobby.grattaevinci.com cachedownload-poker.casino.pokersnai.it mobile.casino.pokersnai.it cachedownload.casino.pokersnai.it 'unsafe-inline'; media-src 'self' *.snai.it blob: data: mpsnare.iesnare.com api.livestreaming.imgarena.com * *.geniussports.com *.llnwd.net *.akstat.io *.akamaized.net; font-src 'self' *.snai.it data: fonts.cdnfonts.com * *.typekit.net *.gstatic.com *.googleapis.com login-it.casino.pokersnai.it; img-src 'self' *.snai.it blob: data: www.datocms-assets.com login-pza.techonlinecorp.com imgsct.cookiebot.com * *.woosmap.com *.gstatic.com *.amazonaws.com *.sportradar.com *.googleapis.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com; form-action 'self' *.snai.it; base-uri 'self' *.snai.it; frame-ancestors 'self' *.snai.it *.gntn-pgd.it * *.snaitech.net; object-src 'self' *.snai.it blob: data: *; block-all-mixed-content; upgrade-insecure-requests; 2 font-src 'self' https://maxcdn.bootstrapcdn.com/; 2 frame-ancestors 'self' https://*.amtrak.com http://*.amtrak.ad.nrpc https://upg.plusgrade.com https://bidup.amtrak.com https://*.nuance.com https://*.inq.com https://*.touchcommerce.com; 2 wss://*.sptpub.com 2 frame-ancestors 'self' https://*.mobiauto.com.br https://*.mobigestor.com.br https://*.passecarros.com.br https://*.suaoficinaonline.com.br https://*.evergage.com 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net fonts.gstatic.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com dudodiprj2sv7.cloudfront.net cdn.cookielaw.org geolocation.onetrust.com api.lever.co *.algolia.net *.algolianet.com boards.greenhouse.io www.googletagmanager.com *.googlesyndication.com *.googleapis.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net platform.twitter.com static.ads-twitter.com munchkin.marketo.net *.mktoutil.com tag.demandbase.com d20519brkbo4nz.cloudfront.net tag.clearbitscripts.com api-preview.luckyorange.com wss://realtime.luckyorange.com settings.luckyorange.com tools.luckyorange.com api.company-target.com 161-fbe-733.mktoresp.com app.clearbit.com reveal.clearbit.com x.clearbitjs.com wss://in.visitors.live in.visitors.live client-registry.mutinycdn.com px.ads.linkedin.com *.reddit.com cdn.rudderlabs.com api-v2.mutinyhq.io api.rudderlabs.com pdat.matterlytics.com segments.company-target.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.6sc.co *.6sense.com secure.adnxs.com *.qualified.com wss://*.qualified.com embed.typeform.com api.typeform.com; style-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net p.typekit.net fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com *.qualified.com embed.typeform.com; img-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net media.trustradius.com secure.gravatar.com fast.wistia.com embed-ssl.wistia.com cdn.cookielaw.org www.googletagmanager.com fonts.gstatic.com user-images.githubusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat t.co analytics.twitter.com id.rlcdn.com alb.reddit.com *.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com www.facebook.com *.6sc.co *.6sense.com *.qualified.com; frame-src mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net fast.wistia.net forms.mattermost.com capture.navattic.com *.productboard.com *.youtube.com job-boards.greenhouse.io s.company-target.com td.doubleclick.net *.facebook.com hemsync.clickagy.com *.googletagmanager.com *.qualified.com form.typeform.com; 2 default-src 'self'; script-src 'self' 'unsafe-eval' https://static.siege-amazon.com https://www.googletagmanager.com https://*.doubleclick.net https://d3.wholefoodsmarket.com https://c.la4-c3-ia2.salesforceliveagent.com https://c.la2-c1-phx.salesforceliveagent.com https://service.force.com https://dev.wholelabs.com:3333 https://dev.wholefoodsmarket.com:3031 https://s.amazon-adsystem.com https://*.googleapis.com https://*.amazon.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.media-amazon.com https://media-amazon.com 'nonce-MDZiM2Y3NDMtMWRmZC00YjIzLTliZDYtNWZkMjQ0YmU1YTBl'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.amazon.com; img-src 'self' blob: data: https://picsum.photos https://www.googletagmanager.com https://*.media-amazon.com https://media-amazon.com https://*.google.com https://google.com https://assets.wholefoodsmarket.com https://images-na.ssl-images-amazon.com https://s.amazon-adsystem.com https://media-origin-na-ssl.integ.amazon.com https://sage.blob.core.windows.net https://via.placeholder.com https://*.googleapis.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://amazon.com https://*.amazon.com; font-src 'self' data: https://fonts.gstatic.com https://*.wholefoodsmarket.com; object-src data:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://doubleclick.net; connect-src 'self' https://*.amazonaws.com https://fls-na.amazon.com https://wfm.integ.amazon.com https://*.wholefoodsmarket.com https://wholefoodsmarket.com https://*.google.com https://google.com https://www.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://googleapis.com https://*.googleapis.com https://amazon.com https://*.amazon.com; upgrade-insecure-requests; 2 frame-ancestors 'none'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com api.userback.io logx.optimizely.com 287-ugb-469.mktoresp.com px.ads.linkedin.com events.rm-api.com stats.g.doubleclick.net ws.zoominfo.com play.vidyard.com https://lottie.host https://sockjs.pusher.com https://analytics.google.com *.google.com https://connect.facebook.net connect.facebook.net http://c.6sc.co/ https://ipv6.6sc.co/ https://eps.6sc.co/v3/company/details https://v.eps.6sc.co/v https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://api.hubapi.com https://epsilon.6sense.com/v3/company/details https://forms.hubspot.com https://cdn.jsdelivr.net https://ipmeta.io; object-src blend.localhost blendcom.localhost blendcom2.localhost blend.com blendcom2-blend.pantheonsite.io blend25-blend.pantheonsite.io; img-src 'self' blob: blendcom2-blend.pantheonsite.io blend25-blend.pantheonsite.io blend.com p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.cloudfront.net https://sidebar.bugherd.com https://bugherd-attachments.s3.amazonaws.com *.google-analytics.com *.analytics.google.com px.ads.linkedin.com cdn.bizible.com px4.ads.linkedin.com *.google.com *.google.com.tr *.facebook.com *.hubspot.com t.co analytics.twitter.com cdn.bizibly.com videos.blend.com play.vidyard.com cdn.vidyard.com image.cnbcfm.com https://www.google.ba/ https://b.6sc.co/ https://forms-na1.hsforms.com https://forms.hsforms.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.bugherd.com devserver.blend.localhost devserver.blendcom2.localhost https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com static.userback.io/widget/v1.js cdn.optimizely.com *.googletagmanager.com static.ads-twitter.com connect.facebook.net snap.licdn.com munchkin.marketo.net ws.zoominfo.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com assets.rampmetrics.com cdn.bizible.com info.blend.com cdnjs.cloudflare.com play.vidyard.com https://unpkg.com/@lottiefiles/ https://unpkg.com/@dotlottie/ https://googleads.g.doubleclick.net https://j.6sc.co/j/d33c7c8c-8e24-425f-b6ab-1506d07b624b.js https://j.6sc.co/6si.min.js https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net/fb.js https://js.hs-banner.com https://js-na1.hs-scripts.com/ http://js.hsforms.net/forms/embed/v2.js https://ipmeta.io; style-src 'unsafe-inline' 'self' info.blend.com; font-src 'self' data: *.typekit.net at.alicdn.com; frame-src 'self' *.youtube.com https://sidebar.bugherd.com info.blend.com play.vidyard.com docs.google.com player.cnbc.com td.doubleclick.net www.googletagmanager.com https://forms.hsforms.com/; base-uri 'none' 2 frame-ancestors 'self' https://webhare.utwente.nl https://portal-test.utsp.utwente.nl 2 frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 2 frame-ancestors https://hpsecurity.my.salesforce.com; 2 default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com https://analytics.twitter.com https://s.yimg.com https://analytics.tiktok.com https://c.clarity.ms https://k.clarity.ms https://n.clarity.ms https://v.clarity.ms https://s.clarity.ms https://p.clarity.ms; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com https://livechat.maybank2u.com.my *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com https://livechat.maybank2u.com.my; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my https://analytics.tiktok.com https://bat.bing.com https://www.clarity.ms https://s.yimg.com https://analytics.twitter.com https://static.ads-twitter.com; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my https://search-prod.maybanksandbox.com; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://bat.bing.com https://c.clarity.ms https://c.bing.com 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://*.emjcd.com https://etracker.de https://facebook.com https://fonts.gstatic.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://*.kdukvh.com https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://frame.mapy.cz https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://mapy.cz https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.openx.net https://*.pubmatic.com https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://content.odj.cloud https://contextual.media.net https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://*.emjcd.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://*.kdukvh.com https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://lidl.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://match.sharethrough.com https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://yahoo.com https://yieldlab.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com https://*.mczbf.com; 2 base-uri 'self'; default-src 'self'; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cancerresearchuk.org https://main.int.cruk.org https://acdn.adnxs.com https://connect.facebook.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://www.googleadservices.com https://*.googletagmanager.com https://tagmanager.google.com https://platform.twitter.com https://cdn.plot.ly https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com https://ads.nextdoor.com https://*.cookielaw.org https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://tags.tiqcdn.com https://analytics.tiktok.com https://ads.tiktok.com https://static.ads-twitter.com https://googletagmanager.com https://cdn.cookielaw.org https://secure.quantserve.com https://rules.quantcount.com https://ct.pinterest.com https://s.pinimg.com https://maps.googleapis.com https://www.youtube.com https://s.ytimg.com https://www.youtube.com/iframe_api https://chat.gnatta.com https://chat.system.gnatta.com; connect-src 'self' wss://*.hotjar.com ws://*.hotjar.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://*.cookielaw.org https://*.optimizely.com https://logx.optimizely.com https://collect.tealiumiq.com https://analytics.tiktok.com https://ads.tiktok.com https://ads-api.twitter.com https://analytics.twitter.com https://cdn.cookielaw.org https://*.onetrust.com https://connect.facebook.net https://www.facebook.com https://*.analytics.google.com https://pixel.quantcount.com https://collect.tealium.com https://ct.pinterest.com https://ib.adnxs.com https://flask.nextdoor.com https://maps.googleapis.com https://chat.gnatta.com https://chat.system.gnatta.com; img-src 'self' data: https://*.cancerresearchuk.org https://main.int.cruk.org https://tr.blismedia.com https://www.w3.org https://ib.adnxs.com https://tracking.audio.thisisdax.com https://ade.googlesyndication.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://*.analytics.google.com https://*.google.com https://www.google.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://maps.googleapis.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://px.ads.linkedin.com https://cdn.optimizely.com https://analytics.tiktok.com https://ads.tiktok.com https://ads-api.twitter.com https://analytics.twitter.com https://googletagmanager.com https://cdn.cookielaw.org https://www.facebook.com https://connect.facebook.net https://*.hotjar.com https://pixel.quantcount.com https://pixel.quantserve.com https://collect.tealium.com https://secure.adnxs.com https://google.com https://ct.pinterest.com https://flask.nextdoor.com; style-src 'self' 'unsafe-inline' https://*.cancerresearchuk.org https://main.int.cruk.org https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com; font-src 'self' https://*.cancerresearchuk.org data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://td.doubleclick.net https://*.doubleclick.net https://www.googletagmanager.com https://platform.twitter.com https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://player.vimeo.com https://www.youtube.com https://youtube.com https://chat.gnatta.com https://chat.system.gnatta.com https://www.pinterest.com https://*.pinterest.com https://results.resultsbase.net; 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com https://airbus2024eutfm.q4web.com; child-src blob: https://airbus2024eutfm.q4web.com; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org https://*.forethought.ai live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org; img-src * data: blob:; media-src * blob:; font-src * https://*.aptrinsic.com data:; 2 frame-ancestors 'self'; img-src 'self' data: https:; 2 object-src 'none', frame-ancestors https://www.facebook.com 2 base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 2 default-src 'self' 'unsafe-inline' *.criipto.id cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com; 2 media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2 frame-ancestors *.toast.com *.dooray.com dooray.com 2 frame-ancestors 'self' *.telekurier.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; worker-src 'self' blob:; 2 default-src 'none'; frame-ancestors https://*.sr.se http://localhost:* https://lookerstudio.google.com https://app.kilkaya.com; form-action 'self' https://www.sverigesradio.se; base-uri 'self'; connect-src 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se https://*.cdn.svt.se https://sr.reco.ebu.io https://*.google-analytics.com https://*.ingest.de.sentry.io https://cl-eu6.k5a.io https://statistics-event-api-fe.sr.se; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cl-eu6.k5a.io https://sr.neobox.ebu.io https://*.ebu.io/news-reco-sr.js https://analytics.codigo.se https://trafficgateway.research-int.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://sr.se https://*.sr.se https://www.googletagmanager.com https://trafficgateway.research-int.se; font-src 'self' data:; manifest-src 'self'; worker-src 'self' blob:; media-src https://*.sverigesradio.se https://sverigesradio.se https://*.sr.se blob:; frame-src https://*.reco.ebu.io https://sr.neobox.ebu.io; 2 default-src 'self'; script-src 'self' 'unsafe-inline' www.gstatic.com www.google.com stats.epic.com; child-src embed-ssl.ted.com embed.ted.com e.issuu.com secure.quantserve.com sentry.issuu.com pingback.issuu.com www.youtube.com player.vimeo.com www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' www.google.com stats.epic.com; img-src 'self' data: stats.epic.com i.ytimg.com media.epic.com media.epic.com epicshare.blob.core.windows.net media.epic.com; 2 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none' 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com info.pornorama.com www.tjk-njk.com age.yoti.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.trackingtraffo.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com *.trackingtraffo.com; report-uri https://www.pornorama.com/csp-reports; report-to csp-endpoint 2 upgrade-insecure-requests; frame-ancestors 'self' https://explore.sugarcrm.com *.demo.sugarcrm.eu *.demo.sugarcrm.com *.sugarondemand.com *.service.sugarcrm.com *.service.sugarcrm.eu *.sugarapps.com *.msqa.sugarcrm.com *.training.sugarcrm.com; 2 default-src 'self'; connect-src 'self' rdap.nic.scb rdap1.nic.scb rdap2.nic.scb rdap.thains.co.th www.google-analytics.com; frame-src 'self' www.google.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com; img-src 'self' www.thnic.or.th www.google-analytics.com data:; 2 frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 2 upgrade-insecure-requests; frame-ancestors https://www.reutersconnect.com 2 frame-ancestors 'self' *.trekbikes.com 2 connect-src cdn.cookielaw.org *.onetrust.com *.mypurecloud.de *.nr-data.net *.newrelic.com shyrka-prod-euw1.s3.eu-west-1.amazonaws.com *.euw1.pure.cloud wss://*.euw1.pure.cloud wss://*.mypurecloud.de telenor.psplugin.com wss://telenor.psplugin.com *.qualtrics.com 'self' telenorsverigeab.tt.omtrdc.net tsab.tt.omtrdc.net dpm.demdex.net sstats.telenor.se telenorsverigeab.tt.omtrdc.net aff.telenor.se log.adtraction.fail aax-eu.amazon-adsystem.com ara.paa-reporting-advertising.amazon dataplane.rum.eu-north-1.amazonaws.com cognito-identity.eu-north-1.amazonaws.com sts.eu-north-1.amazonaws.com bat.bing.com bat.bing.net google.com *.google.com *.google-analytics.com pagead2.googlesyndication.com googleadservices.com www.google.com google.com www.googletagmanager.com *.mouseflow.com *.snapchat.com; img-src cdn.cookielaw.org mb.cision.com *.mypurecloud.de *.euw1.pure.cloud *.psplugin.com *.qualtrics.com images.ctfassets.net 'self' blob: data: static.telenor.se d9er92kyodqy7.cloudfront.net *.telenorcdn.net *.scene7.com sstats.telenor.se bat.bing.com bat.bing.net www.gstatic.com www.google.com www.google.se www.googletagmanager.com googleads.g.doubleclick.net www.google.com pagead2.googlesyndication.com www.googleadservices.com google.com www.google.com ad.doubleclick.net ade.googlesyndication.com *.mouseflow.com www.facebook.com *.typeform.com; script-src cdn.cookielaw.org www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ 'unsafe-inline' *.mypurecloud.de *.nr-data.net *.newrelic.com *.euw1.pure.cloud content.vergic.com *.psplugin.com account.psplugin.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com 'self' 'unsafe-inline' 'unsafe-eval' d9er92kyodqy7.cloudfront.net static.telenor.se dmjgpsfuea8g9.cloudfront.net cdn.tt.omtrdc.net activitymap.adobe.com assets.adobedtm.com sstats.telenor.se cdn.adt348.net c.amazon-adsystem.com client.rum.us-east-1.amazonaws.com bat.bing.com bat.bing.net www.googleadservices.com www.youtube.com www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net 'unsafe-inline' www.googletagmanager.com cdn.mouseflow.com *.mouseflow.com sc-static.net *.snapchat.com connect.facebook.net *.typeform.com; frame-src service.conmodo.com smartid.smartrefill.se stgsimreg.smartrefill.se www.smartify.se smartify.lime-forms.com *.mypurecloud.de *.euw1.pure.cloud *.qualtrics.com 'self' activitymap.adobe.com aax-eu.amazon-adsystem.com www.google.com www.googletagmanager.com td.doubleclick.net 9775878.fls.doubleclick.net *.mouseflow.com *.snapchat.com *.typeform.com; child-src *.mypurecloud.de *.euw1.pure.cloud *.mouseflow.com; media-src *.mypurecloud.de *.euw1.pure.cloud 'self'; object-src *.mypurecloud.de *.euw1.pure.cloud; font-src *.psplugin.com 'self' data: static.telenor.se fonts.gstatic.com *.mouseflow.com *.typeform.com; frame-ancestors *.psplugin.com app.contentful.com 'self'; style-src *.psplugin.com 'self' 'unsafe-inline' d9er92kyodqy7.cloudfront.net static.telenor.se dmjgpsfuea8g9.cloudfront.net fonts.googleapis.com *.typeform.com; form-action telenorse.eu.qualtrics.com; base-uri 'self'; default-src 'self'; manifest-src 'self' dmjgpsfuea8g9.cloudfront.net; worker-src blob: 2 frame-ancestors 'self' https://app.contentful.com *.saucelabs.com:8000 *.saucelabs.com *.saucelabs.net; 2 default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googleadservices.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com https://images.phonepe.com https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://adservice.google.com https://css.page-source.com https://www.google.com https://www.google.co.in https://www.facebook.com https://analytics.twitter.com https://t.co; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://www.google-analytics.com https://boards-api.greenhouse.io https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com https://sentry.phonepe.com https://page-source.com https://css.page-source.com https://logo.page-source.com https://cdn.page-source.com https://hcaptcha.com https://*.hcaptcha.com 'self'; frame-src https://www.greenhouse.io https://script.google.com/a/macros/phonepe.com/ https://boards.greenhouse.io https://boards-api.greenhouse.io https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com https://hcaptcha.com https://*.hcaptcha.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/ https://*.doubleclick.net https://bugbase.ai; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com https://bugbase.ai; base-uri 'self'; object-src 'none'; report-uri https://csp.phonepe.com/log 2 style-src 'self' 'unsafe-inline' api-maps.yandex.ru fonts.googleapis.com www.youtube.com broker-vb-temp.halykbank.kz; 2 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline' 'unsafe-hashes';img-src * data:;media-src *;font-src 'self' https://fonts.gstatic.com data:;frame-ancestors 'self';object-src 'none';base-uri 'self';form-action 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 base-uri 'self'; default-src 'self' blob: data: https: ; worker-src 'self' blob:; frame-ancestors 'self' http://localhost:9999 *.paddle.com *.prismic.io https://www.profitwell.com https://paddle.enablix.com; media-src 'self' blob: data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com tag.unifyintent.com unifyintent.com *.stackadapt.com *.twitter.com *.iubenda.com connect.facebook.net *.cloudfront.net *.hsforms.com googleads.g.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.net *.hsleadflows.net *.hotjar.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.redditstatic.com *.youtube.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net prod-assets.sequelvideo.com https: ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com tag.unifyintent.com unifyintent.com *.youtube.com *.wistia.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.hotjar.com *.redditstatic.com *.profitwell.com *.bing.com js.hubspot.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net www.clarity.ms *.hs-scripts.com connect.facebook.net *.rudderlabs.com *.influ2.com *.stackadapt.com *.metadata.io *.clearbitscripts.com *.clearbitjs.com *.kustomerapp.com *.qualified.com *.iubenda.com *.netlify.app *.hsforms.net *.googletagmanager.com *.googleapis.com prismic.io *.prismic.io *.mplat-ppcprotect.com status.io dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net tracking.g2crowd.com cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack-qualified.min.js js.stripe.com/v3/ cdnjs.cloudflare.com/polyfill/ prod-assets.sequelvideo.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.cloudfront.net *.youtube.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net s3.amazonaws.com https: blob: ; object-src 'none'; font-src 'self' *.cloudfront.net *.gstatic.com data: https: ; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net *.qualified.com ws: wss: https: data: ; img-src 'self' *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.googletagmanager.com *.ctfassets.net *.reddit.com *.cloudfront.net *.ytimg.com *.adsymptotic.com *.ads.linkedin.com t.co *.hubspot.com *.facebook.com *.google.com *.youtube.com *.ggpht.com dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net chart.googleapis.com wingify-assets.s3.amazonaws.com data: https:; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com paddle.prismic.io www.googletagmanager.com *.youtube.com *.wistia.net *.wistia.com *.hsforms.com paddle.kustomer.help *.kustomerapp.com *.qualified.com app.netlify.com *.doubleclick.net *.prismic.io www.slideshare.net dnf20ypvrc856.cloudfront.net dta8euw1l8gvs.cloudfront.net js.stripe.com *.sequel.io; upgrade-insecure-requests; 2 default-src 'self' *; font-src * data:;img-src * data:; frame-src * 'self' 'unsafe-inline' ;worker-src blob:; connect-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' ;frame-ancestors * 'self'; form-action * 'self'; 2 frame-ancestors 'self' btprt.dj snip.ly 2 frame-ancestors 'self' https://*.jabra.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: webpack-internal: webpack: blob: https://*.calltouch.ru https://*.calltouch.net wss://ws.calltouch.ru https://ab-ct.ru https://aw-demo.ru https://*.addevent.com https://addevent.com https://*.adriver.ru push4site.com https://ads.betweendigital.com https://adservice.google.com https://*.ad.smaato.net https://*.analytics.google.com https://analytics.google.com https://an.yandex.ru https://anycomment.io https://api.enkod.ru https://api-maps.yandex.ru https://api.tomi.ai https://*.bidswitch.net https://bitrix.info https://*.botfaqtor.ru https://*.bumlam.com https://calltouchru.push4site.com https://cdn.accutics.net https://cdn.anycomment.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-migrate-1.4.1.min.js https://connect.facebook.net https://const.uno *.digitaltarget.ru https://dm.hybrid.ai https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.hybrid.ai https://ib.adnxs.com https://*.integrations-hub.ru https://inv-nets.admixer.net https://leonardo.osnova.io https://linur.dj https://madte.st https://*.mail.ru https://manalyticshub.com https://match.new-programmatic.com/userbind https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://*.openx.net https://*.beeline.ru https://*.ops.beeline.ru https://pixel.onaudience.com https://push4site.com https://redirect.frontend.weborama.fr https://*.witstroom.com https://secure.gravatar.com https://ssp.bestssp.com https://static.terratraf.io https://smartcaptcha.yandexcloud.net https://sync.bumlam.com https://tags.soloway.ru https://td.doubleclick.net https://tech.rtb.mts.ru https://*.tildacdn.com https://track.onef.pro https://*.turbotargeting.io https://unpkg.com/swiper@7/ https://us.ck-ie.com https://vk.com https://widget.anycomment.io https://www.1c-bitrix.ru https://www.googleadservices.com https://www.google-analytics.com https://www.google.by https://www.google.bg https://www.google.co.id https://www.google.com https://www.google.com.cy https://www.google.de https://www.google.me https://www.google.nl https://www.googleoptimize.com https://www.google.pt https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://www.w3.org https://www.youtube-nocookie.com https://youtu.be https://x01.aidata.io https://yandex.ru https://yastatic.net https://*.youtube.com https://*.ytimg.com https://kinescope.io wss://mc.yandex.ru ; report-uri https://sentry.calltouch.ru/api/49/security/?sentry_key=051618c290784f49b8f0714d8f3295e5 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liveabout.com; upgrade-insecure-requests; 2 frame-ancestors *.reviews.co.uk *.reviews.io 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' *.destatis.de *.bewacherregister.de; base-uri 'self' *.bewacherregister.de; connect-src 'self' *.destatis.de interamt.de piwik.itzbund.de *.itzbund.de *.bewacherregister.de; style-src 'self' 'unsafe-inline' *.destatis.de piwik.itzbund.de *.bewacherregister.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.destatis.de piwik.itzbund.de doo.net c19.bundesbots.de *.bewacherregister.de;object-src 'self' multimedia.gsb.bund.de *.destatis.de piwik.itzbund.de c19.bundesbots.de ; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.destatis.de piwik.itzbund.de c19.bundesbots.de ; child-src blob: *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.destatis.de *.itzbund.de *.stba.de *.euro-area-statistics.org *.ims-cms.net *.kemweb.de *.teambits.events c19.bundesbots.de doo.net/de-de/widget/ www9.idev.nrw.de www.idev.nrw.de storymaps.arcgis.com stba.maps.arcgis.com *.dashboard-deutschland.de shinymikrosimapp.azurewebsites.net start.video-stream-hosting.de data: ; img-src 'self' data: blob: *.google.com *.gstatic.com *.youtube.com *.destatis.de piwik.itzbund.de c19.bundesbots.de *.bewacherregister.de; frame-ancestors 'self' *.destatis.de statistikportal.bwl.doi-de.net *.statistikportal.de ; upgrade-insecure-requests; 2 default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com static.hotjar.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com plugin.handtalk.me px.ads.linkedin.com snap.licdn.com *.hsappstatic.net unpkg.com *.hubspot.com *.hubspotusercontent-na1.net cdn.jsdelivr.net *.cloudfront.net *.bing.com *.albacross.com *.privacytools.com.br *.linkedin.com *.googletagmanager.com www.gupy.io *.gupy.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com *.gupy.io *.hubspot.com cdn-uicons.flaticon.com *.privacytools.com.br www.gupy.io; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io; connect-src 'self' blob: 'self' fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *; media-src *.hubspotusercontent-na1.net *.hubspot.com *.gupy.io www.gupy.io; frame-src gupy.com.br gupy.io www.youtube.com app.hubspot.com td.doubleclick.net www.facebook.com forms.hsforms.com; frame-ancestors 'self' gupy.com.br gupy.io *.uc.r.appspot.com googletagmanager.com; 2 default-src 'self' *.amazonaws.com *.getunleash.io *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.liadm.com *.list-manage.com *.plausible.io *.youtube.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.analytics.google.com *.calendly.com *.clarity.ms *.clearbitjs.com *.clearbitscripts.com *.getunleash.io *.google-analytics.com *.google.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.net *.hubspot.com *.liadm.com *.lfeeder.com *.youtube.com cdn-cookieyes.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net ipapi.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net optimize.google.com plausible.io snap.licdn.com static.ads-twitter.com static.hsappstatic.net static.reo.dev tracker.ub-analytics.com tracking-api.g2.com unpkg.com vercel.live; style-src 'report-sample' 'self' 'unsafe-inline' *.calendly.com *.getunleash.io *.googletagmanager.com *.hubspot.com fonts.googleapis.com optimize.google.com vercel.live; object-src 'none'; base-uri 'self'; connect-src 'self' *.algolia.net *.algolianet.com *.amazonaws.com *.analytics.google.com *.clarity.ms *.clearbit.com *.cookieyes.com *.getunleash.io *.github.com *.google-analytics.com *.googleadservices.com *.google.com *.google.pl *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hscollectedforms.net *.hsforms.com *.hubspot.com *.liadm.com *.linkedin.com *.oribi.io *.pusher.com *.unleash-hosted.com *.usbrowserspeed.com alocdn.com api.hubapi.com api.reo.dev cdn-cookieyes.com calendly.com forms.hubspot.com google.com googleads.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com ipapi.co js.hs-banner.com plausible.io pro.ip-api.com stats.g.doubleclick.net tracking-api.g2.com wss://*.hotjar.com; font-src 'self' *.hubspot.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src *.doubleclick.net *.google.com *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.youtube.com app.hubspot.com calendly.com meetings.hubspot.com optimize.google.com vercel.live; frame-ancestors 'self' *.google.com *.hubspot.com; img-src 'self' data: *.analytics.google.com *.bing.com *.calendly.com *.clarity.ms *.doubleclick.net *.getunleash.io *.githubusercontent.com *.google-analytics.com *.google.com *.google.de *.google.no *.google.pl *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.lfeeder.com *.linkedin.com *.youtube.com *.ytimg.com analytics.twitter.com cdn-cookieyes.com optimize.google.com t.co track.hubspot.com; worker-src 'none' 2 default-src 'none'; img-src wtfismyip.com myip.wtf; script-src ipv4.wtfismyip.com wtfismyip.com myip.wtf ipv4.myip.wtf; style-src 'unsafe-inline' 2 default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com https://*.ads-twitter.com https://cdn.jsdelivr.net/npm/tesseract.js@v5.0.4/ https://cdn.jsdelivr.net/npm/tesseract.js-core@v5.0.0/; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://pagead2.googlesyndication.com *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com https://ade.googlesyndication.com https://cms-scdn.airtime.geemedia.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.safetravel.amadeus.com https://wasm.oho.prd.icm.aero; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://sst.finnair.com https://*.force.com https://*.salesforce.com https://*.my.site.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com https://product-router.cartrawler.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com; 2 default-src 'self'; font-src data: https://apps.bazaarvoice.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets.dm.de https://cdn.revieve.com https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://web.cmp.usercentrics.eu https://www.dm.de; worker-src 'self' blob:; connect-src 'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://cdn.revieve.com https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.de https://partner.revieve.com https://predictive-shopping-service.services.dmtech.com https://product-based-recos.services.dmtech.com https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.de https://staedtetour.dm-fb2.de https://stars.services.dmtech.com https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://v1.api.service.cmp.usercentrics.eu https://www.google-analytics.com https://cartnext.services.dmtech.com https://products.dm.de https://products.intern.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://giftcard-checkout.dm.de/api/checkout https://signin.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://editorial-content.dm-static.com https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://products.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://cdn.revieve.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://kinderwunschsprechstunde.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://web.cmp.usercentrics.eu https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 2 frame-ancestors 'self' https://addeventinc.github.io/; 2 frame-ancestors view.publitas.com www.publitas.com app.spott.ai 2 frame-ancestors 'self' avto-trast.info *.avto-trast.info ati.su *.ati.su metrika.yandex.ru; report-uri https://s1.ati.su/api/250/security/?sentry_key=26fdc7599dca4410ae3f3212919d17b9&sentry_environment=production 2 default-src *.jsdelivr.net *.citymotion.io go.actionfigure.ai 3lift.com a.ad.gt *.adentro.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp4.liadm.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net spo-partner-api.azure-api.net www.simoncentral.com cloudfront.net trailers.movie-previews.com; frame-ancestors 'self'; img-src cdn.prod.website-files.com theedit.simon.com cdn.prod.website-files.com *.demdex.net trkn.us ids4.ad.gt *.citymotion.io 3lift.com a.ad.gt *.adentro.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org lh3.googleusercontent.com *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp4.liadm.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net collector-48194.us.tvsquared.com px4.ads.linkedin.com sync.1rx.io www.premiumoutlets.com.mx; script-src cdn.prod.website-files.com theedit.simon.com cdn.prod.website-files.com d3e54v103j8qbb.cloudfront.net *.citymotion.io 3lift.com a.ad.gt *.adentro.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp4.liadm.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src-elem go.actionfigure.ai *.yottaa.com *.jsdelivr.net 3lift.com a.ad.gt *.adentro.com *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com api.simon.com assets.pinterest.com *.azurewebsites.net *.bambuser.com *.bambuser.net b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net *.cloudfunctions.net connect.facebook.net connect.facecook.net connect.nosto.com *.cookielaw.org data: *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org *.licdn.com linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp4.liadm.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com *.spotify.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.datocms-assets.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net collector-48194.us.tvsquared.com 2 frame-ancestors 'self' cdn.adkaora.space 2 frame-ancestors localhost:* 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.photoshelter.com *.jquery.com blob: cdnjs.cloudflare.com fe.sitedataprocessing.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.googletagmanager.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com *.twimg.com data: blob: novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.google-analytics.com https://www.googletagmanager.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com twitter.com *.twitter.com use.fontawesome.com *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net *.photoshelter.com *.googletagmanager.com web-chat.nativechat.com; connect-src *.google-analytics.com *.informz.net polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com *.photoshelter.com *.googletagmanager.com fe.sitedataprocessing.com 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com *.photoshelter.com; child-src 'self' blob: web-chat.nativechat.com 2 frame-src 'self' bat.bing.com *.blackbaudhosting.com *.blackbaud.com blackbaud.com *.doubleclick.net embed.tawk.to www.facebook.com connect.facebook.net *.hotjar.com cdn.jsdelivr.net *.kaltura.com snap.licdn.com www.podbean.com sc-static.net *.snapchat.com www.youtube-nocookie.com www.youtube.com discoveruni.gov.uk widget.discoveruni.gov.uk *.google.com libraryhelp.shef.ac.uk theaccessplatform.com tappage.theaccessplatform.com www.googletagmanager.com www.findaphd.com player.vimeo.com app.geckoform.com roundme.com *.wondavr.com wvr.li api3-eu.libcal.com *.shef.ac.uk my.matterport.com universityofsheffield.my.site.com universityofsheffield.my.salesforce-scrt.com sky.blackbaudcdn.net; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.blackbaud.com *.onetrust.com *.bing.com *.blackbaudhosting.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.kaltura.com *.shef.ac.uk *.sheffield.ac.uk *.snapchat.com *.theaccessplatform.com theaccessplatform.com *.twitter.com ajax.googleapis.com analytics.tiktok.com app.geckoform.com bat.bing.com blackbaud.com connect.facebook.net discoveruni.gov.uk embed.geckochat.io embed.tawk.to libraryhelp.shef.ac.uk player.vimeo.com sc-static.net snap.licdn.com static.ads-twitter.com static.cloudflareinsights.com widget.discoveruni.gov.uk www.facebook.com www.findaphd.com www.google.co.uk *.google.com google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.podbean.com www.youtube-nocookie.com www.youtube.com *.newrelic.com *.ttl.ai universityofsheffield.my.site.com sheffield.libcal.com sky.blackbaudcdn.net https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.sheffield.ac.uk *.theaccessplatform.com bbox.blackbaudhosting.com payments.blackbaud.com embed.geckochat.io fonts.geckoform.com fonts.googleapis.com www.findaphd.com www.googletagmanager.com www.gstatic.com *.ttl.ai universityofsheffield.my.site.com universityofsheffield.my.salesforce-scrt.com sky.blackbaudcdn.net https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' search.sheffield.ac.uk; frame-ancestors 'self' 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' *.usask.ca https: data: blob:; media-src 'self' *.usask.ca https: blob:; font-src 'self' *.usask.ca https: data:; worker-src 'self' *.usask.ca https: blob:; frame-ancestors self *.usask.ca; 2 default-src 'self'; connect-src 'self' *.pusher.com sessions.bugsnag.com *.bugherd.com bugcrowd.com assets.bugcrowdusercontent.com *.execute-api.us-east-1.amazonaws.com *.adobedc.net *.demdex.net www.juicer.io app.smartsheet.com https://yz72p3rzwh.execute-api.us-east-1.amazonaws.com https://labcorp.tt.omtrdc.net https://ekr.zdassets.com wss://widget-mediator.zopim.com https://pixel-by-labcorp.zendesk.com *.labcorp.com *.scene7.com *.onetrust.com *.cookielaw.org vimeo.com labcorp-qa.oktapreview.com labcorp.oktapreview.com sc.omtrdc.net assets.adobedtm.com *.linkedin.oribi.io *.algolianet.com https://6pskq0iljc-dsn.algolia.net https://labcorp-holdings.okta.com https://labcorp-holdings-stage.oktapreview.com https://bcbolt446c5271-a.akamaihd.net https://manifest.prod.boltdns.net https://edge.api.brightcove.com https://www.snapengage.com https://s722592.t.eloqua.com *.adobecqms.net https://kit-pro.fontawesome.com https://www.google-analytics.com *.iperceptions.com https://covance.sc.omtrdc.net https://covanceinc.tt.omtrdc.net https://stats.g.doubleclick.net https://viewlicense.adobe.io https://maps.googleapis.com https://amcglobal.sc.omtrdc.net https://covancecom.mpeasylink.com; style-src 'unsafe-inline' 'self' https://use.fontawesome.com https://assets.juicer.io https://cdn.jsdelivr.net https://ok1static.oktacdn.com *.scene7.com *.drugdevelopment.labcorp.com *.biopharma.labcorp.com https://covancecom.mpeasylink.com https://fonts.googleapis.com *.typekit.net; font-src 'self' *.typekit.net https://storage.googleapis.com https://ok1static.oktacdn.com https://fonts.gstatic.com https://static.juicer.io https://use.fontawesome.com data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.bugherd.com *.pusher.com bugcrowd.com assets.bugcrowdusercontent.com *.adobe.com *.demdex.net *.labcorp.com https://assets.juicer.io https://challenges.cloudflare.com https://widget-mediator.zopim.com https://static.zdassets.com https://static.cloudflareinsights.com *.scene7.com *.cookielaw.org player.vimeo.com https://bh.contextweb.com *.brandcdn.com https://tracking1.labcorp.com https://img.en25.com https://cdn.jsdelivr.net https://ok1static.oktacdn.com https://view.ceros.com https://analytics.convertlanguage.com https://drugdevelopment.labcorp.com *.drugdevelopment.labcorp.com https://biopharma.labcorp.com *.biopharma.labcorp.com https://vjs.zencdn.net https://map.brightcove.com https://assets.map.brightcove.com https://cdn5.userzoom.com https://kit-pro.fontawesome.com https://assets.adobedtm.com https://covancecom.mpeasylink.com https://www.google-analytics.com https://urldefense.com https://www.googletagmanager.com https://tag.simpli.fi *.iperceptions.com https://snap.licdn.com https://js.adsrvr.org https://static.ads-twitter.com https://www.googleadservices.com https://analytics.twitter.com https://i.simpli.fi https://googleads.g.doubleclick.net https://maps.googleapis.com https://storage.googleapis.com https://www.google.com https://www.snapengage.com https://www.gstatic.com https://www.youtube.com https://l2.io https://ssl.google-analytics.com https://players.brightcove.net https://img03.en25.com blob:; img-src 'self' d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.net *.bugherd.com *.labcorp.com *.vimeocdn.com *.scene7.com *.cookielaw.org *.businesswire.com mma.prnewswire.com metrics.labcorp.com *.juicer.io *.demdex.net *.iperceptions.com labcorp.sc.omtrdc.net https://www.snapengage.com https://analytics.twitter.com *.brandcdn.com https://insight.adsrvr.org https://tracking1.labcorp.com https://www.googletagmanager.com https://ok1static.oktacdn.com https://analytics.convertlanguage.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://googleads.g.doubleclick.net *.linkedin.com *.linkedin.oribi.io https://t.co https://p.adsymptotic.com https://www.google.com https://www.google.com.gt https://www.google-analytics.com https://drugdevelopment.labcorp.com https://biopharma.labcorp.com https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://cm.everesttech.net https://amcglobal.sc.omtrdc.net https://s409256115.t.eloqua.com https://um.simpli.fi https://www.googleadservices.com https://cm.g.doubleclick.net https://covance.sc.omtrdc.net data:; frame-ancestors 'self' https://match.adsrvr.org; frame-src 'self' *.bugherd.com bugcrowd.com assets.bugcrowdusercontent.com *.demdex.net *.adobe.com *.cloudflare.com player.vimeo.com *.brandcdn.com https://webforms.labcorp.com https://app.smartsheet.com https://view.ceros.com https://10644661.fls.doubleclick.net https://players.brightcove.net *.iperceptions.com https://insight.adsrvr.org https://covancecom.mpeasylink.com https://bid.g.doubleclick.net https://www.google.com https://match.adsrvr.org; media-src *.scene7.com https://static.zdassets.com https://www.snapengage.com blob: ; object-src 'none'; 2 default-src 'self' 'unsafe-inline' blob: data: *.contentful.com *.ctfassets.net *.idomoo.com web.ccpgamescdn.com; base-uri 'self'; object-src 'self' ctfassets.net https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.clarity.ms *.google.com *.googlesyndication.com *.linksynergy.com *.rakuten.com *.redditstatic.com *.twitch.tv *.twitter.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com app.getstream.com b92.yahoo.co.jp ccpcommunity.zendesk.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com ethn.io google.com google.co.jp google.co.uk google.co.za google.de googleoptimize.com graphql.contentful.com hello.myfonts.net https://bat.bing.com https://cdn.taboola.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/cBaCB1PHCwXVd4yY/delighted.js https://googleads.g.doubleclick.net https://player.idomoo.com https://s.yimg.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://tagmanager.google.com https://widget-mediator.zopim.com https://www.artfut.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://maps.googleapis.com mc.yandex.com mc.yandex.ru paperform.co recaptcha.net s.yimg.jp s.ytimg.jp s.ytimg.com speedof.me static.ads-twitter.com tpc.googlesyndication.com web.ccpgamescdn.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.cn www.gstatic.com www.youtube.com yastatic.net yimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net https://tagmanager.google.com optimize.google.com web.ccpgamescdn.com; connect-src 'self' *.clarity.ms *.cloudapp.azure.com *.extccp.com *.eveonline.com *.evetech.net *.google.com *.idomoo.co *.idomoo.com *.launchdarkly.com *.linksynergy.com *.rakuten.com *.taboola.com *.testeveonline.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com api.ccpgames.com app.getstream.com b92.yahoo.co.jp cb2dzccayg.execute-api.eu-west-1.amazonaws.com ccp-gap-export.ew.r.appspot.com ccp-recruitmentservice-dev.azurewebsites.net ccpcommunity.zendesk.com consentcdn.cookiebot.com ethn.io graphql.contentful.com google.is google.com google.co.jp google.co.uk google.co.za google.de googleoptimize.com http://localhost:3274 https://bat.bing.com https://ccp-gap-export.ew.r.appspot.com https://consentcdn.cookiebot.com https://eur-api.idomoo.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://login.microsoftonline.com https://login.windows.net https://peerserver.westus.cloudapp.azure.com https://s.yimg.com https://s.ytimg.com https://s3.amazonaws.com images.ctfassets.net j62tyvg8r3.execute-api.eu-west-1.amazonaws.com mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz run.mocky.io s.yimg.jp sentry.io signup.ccpeveweb.com speedof.me stats.g.doubleclick.net steamdatasuite.com umip1v3tqb.execute-api.eu-west-1.amazonaws.com w778zk1gu3.execute-api.eu-west-1.amazonaws.com web.delighted.com wss://peerserver.westus.cloudapp.azure.com wss://*.cloudapp.azure.com wss://widget-mediator.zopim.com www.endgame42.com www.facebook.com www.google-analytics.com www.google.com www.google.co.kr www.mocky.io/v2/5e1ed5ca3100003600189501 yo2vtgum73.execute-api.eu-west-1.amazonaws.com localhost:3274; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com hello.myfonts.net web.ccpgamescdn.com; img-src 'self' https: data: blob: *.ctfassets.net *.reddit.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' *.ctfassets.net *.doubleclick.net *.paperform.co *.twitch.tv challonge.com *.challonge.com cdn.knightlab.com consentcdn.cookiebot.com https://recaptcha.net https://www.facebook.com optimize.google.com mc.yandex.com mc.yandex.ru speedof.me tpc.googlesyndication.com videos.ctfassets.net webvisor.com www.google.com www.googletagmanager.com www.ostlon.com www.youtube.com open.spotify.com; frame-ancestors 'self' http://webvisor.com app.contentful.com; report-uri https://ccpgames.report-uri.com/r/t/csp/enforce; 2 frame-src 'self' *.google.com *.gstatic.com *.scrmtech.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com *.youtube.com *.googletagmanager.com *.adform.net payoneer.kinsta.cloud; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.gstatic.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com server-side-tagging-sbyzlt5hyq-uc.a.run.app *.trackjs.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com optimizely.s3.amazonaws.com *.youtube.com *.adform.net 2 frame-ancestors 'self' https://www.conservativereview.com/ 2 frame-ancestors 'self' *.simplilearn.com gamooga.com careerkarma.com ifacet.iitk.ac.in eicta.iitk.ac.in *.ifacet.in 2 default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 2 default-src 'self' 'unsafe-inline' miraheze.org donate.miraheze.org static.miraheze.org static.wikitide.net cdnjs.cloudflare.com cdn.jsdelivr.net analytics.wikitide.net; 2 default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com *.googletagmanager.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.googletagmanager.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com *.googletagmanager.com http://mackeeper.com https://mackeeper.com *.shopperapproved.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ 2 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 2 default-src blob: data: ws: 'unsafe-inline' 'unsafe-eval' *.hoka.com dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net d3nocrch4qti4v.cloudfront.net *.arcot.com api.v2.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net nono-hoka.stage.onelink-translations.com cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com cobranding.dashlx.com cdn.segment.com api.segment.io api.dashlx.com *.klarna.com *.klarnauserservices.com dfp.bouncex.net *.bounceexchange.com pixels.spotify.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.dgdeepai.com chat.digitalgenius.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com *.datadome.co accretivemedia.go2cloud.org rum.browser-intake-datadoghq.com browser-intake-datadoghq.com *.irewind.com irewind.com pixels.spotify.com *.captcha-delivery.com pixel.pub.lilyai.net cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com js.squareup.com *.squarecdn.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com *.prod.unidays.io *.myunidays.com cdn.unidays.world *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.integrations.etrusted.com *.etrusted.com integrations.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai edge.fullstory.com rs.fullstory.com *.lightboxcdn.com *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca google.com www.google.com translate.google.com api.fillr.com analytics.tiktok.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org app.midtrans.com *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.klaviyo.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com map9067.zendesk.com pod-15-sunco-ws.zendesk.com hokaid.zendesk.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com hokaph.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.smooch.io gladly-production.sinter-collect.com chat-sdk.cdn.gladly.com *.us-1.cdn.gladly.chat *.us-1.gladly.chat chat-assets.cdn.gladly.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net d2lxqodqbpy7c2.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.captcha-delivery.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com ara.paa-reporting-advertising.amazon tr6.snapchat.com tr.snapchat.com pixel-config.reddit.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com hoka.review.eprize.com hoka.promo.eprize.com cdn.attn.tv events.attentivemobile.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashsocial.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; style-src blob: data: 'unsafe-inline' *.hoka.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com cobranding.dashlx.com integrations.etrusted.com *.klarnacdn.net *.klarnaservices.com ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com static.klaviyo.com nono-hoka.stage.onelink-translations.com *.global-e.com *.truefitcorp.com www.lightboxcdn.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com assets.sprocket.bz *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com; font-src data: *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud chat.digitalgenius.com cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com static.rakuten.com fonts.gstatic.com fonts1.unidays.world use.fontawesome.com cdn.ivaws.com static.klaviyo.com *.strut.fit nono-hoka.stage.onelink-translations.com *.deckers.layer0-perma.link *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net *.medallia.eu www.paypalobjects.com *.kampyle.com; media-src blob: *.hoka.com dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com cdn8.forter.com chat-sdk.cdn.gladly.com cdn.gladly.com media.cdn.gladly.com; child-src *.hoka.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com www.googletagmanger.com *.osano.com *.doubleclick.net vars.hotjar.com chat-sdk.cdn.gladly.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.securesuite.co.uk sg-3ds-vdm.wlp-acs.com *.rsa3dsauth.co.uk verify.monzo.com 3ds.redsys.es *.klarna.com *.klarnaservices.com *.wlp-acs.com acs2-3dsecure.cic.fr *.cardinalcommerce.com 3ds.nexigroup.com 3dspayment.paylife.at tdschmut.monext.fr *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com cdn.dynamicyield.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.arcot.com assets.v2.sprocket.bz *.datadome.co *.captcha-delivery.com *.studentbeans.com pci-connect.squareup.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com irewind.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com tr6.snapchat.com connect.facebook.net sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com hoka.promo.eprize.com hoka.review.eprize.com d.emails.teva.com creatives.attn.tv cdn.attn.tv *.artlabs.ai *.medallia.eu app.midtrans.com app.collectivevoice.com *.kampyle.com; worker-src blob: *.hoka.com *.osano.com *.captcha-delivery.com 2 frame-ancestors 'self' https://login.sans.org 2 default-src 'self' *.coccoc.com *.google.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.facebook.net *.bing.com *.clarity.ms *.googleapis.com; object-src 'none'; style-src 'unsafe-inline' 'self' *.coccoc.com *.gstatic.com *.googleapis.com; font-src 'self' data: *.coccoc.com *.gstatic.com; script-src 'unsafe-inline' 'self' *.coccoc.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.net *.bing.com *.clarity.ms *.googleapis.com *.youtube.com; img-src 'self' data: https:; frame-ancestors 'none'; form-action *.coccoc.com coccoc.com *.coccoc.vn; frame-src *.coccoc.com coccoc.com *.coccoc.vn *.youtube.com *.google.com *.doubleclick.net *.googletagmanager.com *.gstatic.com *.facebook.net *.bing.com *.clarity.ms *.googleapis.com; 2 default-src https: blob: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com *.crazyegg.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com *.crazyegg.com https://analytics.tiktok.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://www.googletagmanager.com https://templates-images-dev.s3.eu-west-1.amazonaws.com https://templates-images-prod.s3.eu-west-1.amazonaws.com https://*.cookiebot.com *.crazyegg.com https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; worker-src blob: https://mailsuite.me https://mailsuite.com ; media-src 'self' data: blob: https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; 2 default-src 'self' 'unsafe-inline' *.coveo.com *.google-analytics.com *.google.com *.googletagmanager.com *.imgix.net *.leadoo.com *.sgs.com *.sgsgroup.com.cn cdn.cookielaw.org cdn.jsdelivr.net f7132108c1tst-store.occa.ocs.oraclecloud.com1 fonts.googleapis.com jobpal-sm.s3.amazonaws.com pagead2.googlesyndication.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com *.hotjar.io *.smooch.io jobpal-sm.s3.amazonaws.com res.leadoo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.beyondwords.io *.cloudfront.net *.cookielaw.org *.coveo.com *.doubleclick.net *.eloqua.com *.en25.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googleanalytics.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.leadoo.com *.mapbox.com *.sgsmall.com.cn *.sgsonline.com.cn *.smooch.io *.storerocket.io *.youtube.com cdn.jsdelivr.net https://challenges.cloudflare.com https://connect.facebook.net https://content.linkedin.com https://maps.googleapis.com https://platform.linkedin.com https://snap.licdn.com https://static-exp1.licdn.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://unpkg.com https://www.recaptcha.net https://www.storemapper.co jobpal-sm.s3.amazonaws.com pagead2.googlesyndication.com s.go-mpulse.net; style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com jobpal-sm.s3.amazonaws.com *.leadoo.com *.sgs-next.com *.coveo.com https://maps.googleapis.com *.cloudfront.net; frame-src 'self' tools.eurolandir.com *.google.com youtu.be *.sgs.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.sgs.com *.sgs.pl *.sgsgroup.com.cn *.hotjar.com *.hotjar.io *.smooch.io *.doubleclick.net *.linkedin.com *.facebook.com connect.facebook.net *.leadoo.com https://www.recaptcha.net *.doubleclick.net https://*.acast.com *.spotify.com https://view.genial.ly *.baidu.com https://challenges.cloudflare.com *.flippingbook.com *.sgsonline.com.cn *.genially.com; child-src 'self' *.youtube-nocookie.com *.youtube.com v.qq.com *.google.com *.sgs.com *.facebook.com connect.facebook.net; frame-ancestors 'self' *.googletagmanager.com *.sgs.com *.sgs.pl *.flippingbook.com; connect-src 'self' *.sgsgroup.com.cn *.sgs.com *.sgs-next.com f7132108c1tst-store.occa.ocs.oraclecloud.com cdn.cookielaw.org *.leadoo.com anl.leadoo.com pagead2.googlesyndication.com *.google-analytics.com *.google.com *.doubleclick.net privacyportal-de.onetrust.com *.go-mpulse.net jobpal-sm.s3.amazonaws.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.smooch.io *.googletagmanager.com *.linkedin.com *.licdn.com *.facebook.com connect.facebook.net *.akstat.io https://cdn.linkedin.oribi.io https://geolocation.onetrust.com *.coveo.com https://*.beyondwords.io https://maps.googleapis.com *.cloudfront.net *.flippingbook.com *.sgsonline.com.cn storerocket.io *.mapbox.com; img-src 'self' data: *.sgsgroup.com.cn *.sgs.com *.sgs-next.com *.imgix.net *.leadoo.com *.eloqua.com i.ytimg.com cdn.cookielaw.org *.cdninstagram.com *.hotjar.com *.hotjar.io *.doubleclick.net *.smooch.io *.gstatic.com *.linkedin.com *.licdn.com p.adsymptotic.com *.facebook.com *.facebook.net *.fbcdn.net *.google.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.baidu.com *.cpsc.gov *.productsafety.gov.au ec.europa.eu https://maps.googleapis.com *.cloudfront.net *.sgsonline.com.cn *.google.ca *.google.de *.google.pl *.google.co.in *.google.es *.google.nl *.google.be *.google.com.hk *.google.com.au *.google.com.br *.google.co.za *.google.ae *.google.com.co *.google.com.pe *.google.com.sg *.google.ch *.google.com.tr *.google.co.id *.google.pt *.google.hu *.google.ro *.google.co.uk *.google.co.th *.google.fr *.google.com.tw *.google.com.my *.google.com.mx *.google.co.nz *.storerocket.io; worker-src 'self' https: blob:; media-src 'self' blob: media.licdn.com *.cloudfront.net; form-action 'self' *.facebook.com connect.facebook.net; 2 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google.com.sg *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com www.redditstatic.com *.linkedin.com *.bilibili.com *.youtube-nocookie.com https://player.vimeo.com https://platform.twitter.com fonts.gstatic.com kendo.cdn.telerik.com https://libapp.ntu.edu.sg https://syndication.twitter.com https://static.licdn.com *.insight.sitefinity.com https://dec.azureedge.net/ https://*.dec.sitefinity.com https://dc.services.visualstudio.com pbs.twimg.com track.hubspot.com https://i.ytimg.com netdna.bootstrapcdn.com *.cloudfront.net https://www.thinglink.com data: blob: js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org *.ntu.edu.sg https://ntu-cris-test.4science.cloud https://az416426.vo.msecnd.net/scripts/a/ai.0.js *.mapsindoors.com https://cdn.applozic.com/applozic/applozic.chat-6.1.min.js *.cognitoforms.com *.usetiful.com https://snap.licdn.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net *.g.doubleclick.net badge.stumbleupon.com wss://socket2.applozic.com *.typeform.com *.hubspotusercontent40.net *.hubapi.com *.hubspot.com *.hsforms.com *.dialogflow.com walls.io *.walls.io *.surveysparrow.com app.sli.do www.pbrain.biz cdn.unibuddy.co unibuddy.co *.launchpad6.com *.hscta.net *.hscollectedforms.net *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent-na1.net *.tableau.com www.google.co.id https://analytics.tiktok.com *.accredify.io cdnjs.cloudflare.com schemata.openattestation.com *.viziofly.com *.hs-sites.com https://popcard.unibuddy.co/ http://cdn.thinglink.me/jse/responsive.js *.dacast.com https://ntu.imail-host.com https://cdn.jsdelivr.net *.maglr.com https://forms.office.com *.superchar.xyz https://assets.pxlecdn.com/assets/pixlee_widget_1_0_0.js https://assets.pixlee.com/assets/fp.js https://photos.pixlee.co superchar.xyz https://*.ntuinnovates.world https://ntuinnovates.world https://app-script.monsido.com https://*.doubleclick.net https://14120583.fls.doubleclick.net https://cdn.mathjax.org *.sharethis.com https://lib-essential.netlify.app https://api.sg.kaltura.com https://www.usetiful.com https://youtu.be https://www.google-analytics.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com https://ntu-imail-host.com https://embed.maglr.com https://www.cognitoforms.com eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://*.tiktok.com https://*.instagram.com https://heatmaps.monsido.com https://sf16-website-login.neutral.ttwstatic.com https://*.omappapi.com https://*.srv.stackadapt.com https://*.usemessages.com https://*.hs-sites.com http://js.hscta.net *.hsadspixel.net *.hs-analytics.net *.usemessages.com *.hs-banner.com *.hsleadflows.net *.hs-scripts.com https://*.ntu.edu.sg https://www.pbrain.biz https://ntu-uat-tms.dev.edutechonline.org https://edustoragemazuat4sg.blob.core.windows.net/ web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://app.mapsindoors.com https://www.usetiful.com https://platform.twitter.com https://youtu.be https://www.google-analytics.com https://player.vimeo.com https://publish.twitter.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com https://ntu-imail-host.com https://embed.maglr.com https://forms.office.com https://www.cognitoforms.com *.cloudfront.net eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://libapp.ntu.edu.sg https://sf16-website-login.neutral.ttwstatic.com https://*.maglr.com https://*.fs1.hubspotusercontent-na1.net https://*.hsforms.com https://*.omappapi.com https://www.pbrain.biz https://tags.srv.stackadapt.com https://*.hs-sites.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent40.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com https://*.ntu.edu.sg https://my.walls.io *.hubspotusercontent-na1.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.sharethis.com https://*.mapsindoors.com https://www.usetiful.com https://platform.twitter.com https://youtu.be https://www.google-analytics.com https://player.vimeo.com https://publish.twitter.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com https://ntu-imail-host.com https://embed.maglr.com https://forms.office.com https://www.cognitoforms.com *.cloudfront.net eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://libapp.ntu.edu.sg https://tracking.monsido.com https://vodcdn.sg.kaltura.com https://*.hubspot.com https://ntu-cris-test.4science.cloud/ https://ntu-sg-dr.prod.4science.cloud/ https://dr.ntu.edu.sg/ https://ntu-sg-dr.staging.4science.cloud https://*.maglr.com https://*.doubleclick.net https://px.ads.linkedin.com https://www.google.com https://www.google.com.my https://*.hsforms.com https://tags.srv.stackadapt.com https://*.hs-sites.com http://js.hscta.net *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent40.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com https://*.hsappstatic.net https://*.ntu.edu.sg https://www.pbrain.biz https://*.omappapi.com https://my.walls.io *.hubspotusercontent-na1.net https://*.fs1.hubspotusercontent-na1.net https://*.turn.com https://ntu-uat-tms.dev.edutechonline.org https://edustoragemazuat4sg.blob.core.windows.net/ web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com https://platform.twitter.com https://youtu.be https://www.google-analytics.com https://player.vimeo.com https://publish.twitter.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com *.googleapis.com https://ntu-imail-host.com https://embed.maglr.com https://forms.office.com https://www.cognitoforms.com *.cloudfront.net eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://libapp.ntu.edu.sg https://api.sg.kaltura.com https://*.hsforms.com https://*.hs-sites.com http://js.hscta.net *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent40.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com https://*.ntu.edu.sg https://my.walls.io *.hubspotusercontent-na1.net; frame-src 'self' superchar.xyz *.superchar.xyz *.sharethis.com https://www.youtube.com https://platform.twitter.com https://youtu.be https://www.google-analytics.com https://player.vimeo.com https://publish.twitter.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com *.googleapis.com https://ntu-imail-host.com https://embed.maglr.com https://forms.office.com https://www.cognitoforms.com *.cloudfront.net eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://libapp.ntu.edu.sg https://walls.io *.facebook.com/ *.bilibili.com/ https://www.thinglink.com/ https://*.zscaler.net https://*.unibuddy.co https://*.instagram.com https://unibuddy.co/ https://www.tiktok.com/ https://ntu-cris-test.4science.cloud/ https://ntu-sg-dr.prod.4science.cloud/ https://dr.ntu.edu.sg/ https://ntu-sg-dr.staging.4science.cloud/ https://www.googletagmanager.com https://*.fls.doubleclick.net https://www.youtube-nocookie.com https://www.google.com https://www.linkedin.com https://*.hsforms.com https://www.pbrain.biz https://*.hs-sites.com http://js.hscta.net https://cdn.knightlab.com https://pace-ntu-8688058.hs-sites.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent40.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com https://lib-essential.netlify.app https://*.ntu.edu.sg https://*.omappapi.com https://my.walls.io *.hubspotusercontent-na1.net https://cdn.forms-content.sg-form.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com https://maps.googleapis.com *.mapsindoors.com https://dialogflow.cloud.google.com https://api.ntu.edu.sg/ariba/supplierportal https://www.google-analytics.com https://www.usetiful.com https://platform.twitter.com https://youtu.be https://player.vimeo.com https://publish.twitter.com https://analytics.google.com https://www.google.com.sg https://td.doubleclick.net https://www.facebook.com https://w.soundcloud.com *.googleapis.com https://ntu-imail-host.com https://embed.maglr.com https://forms.office.com https://www.cognitoforms.com *.cloudfront.net eBooks.ntu.edu.sg https://player.bilibili.com https://assets.tumblr.com https://libapp.ntu.edu.sg https://c.ltmsphrcl.net https://analytics.sg.kaltura.com https://data.stbuttons.click https://*.crwdcntrl.net https://*.monsido.com https://www.google.com https://px.ads.linkedin.com https://analytics.tiktok.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://*.hubspot.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://www.linkedin.com https://*.omappapi.com https://tags.srv.stackadapt.com https://*.hs-sites.com http://js.hscta.net *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent40.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com https://*.ntu.edu.sg https://www.pbrain.biz https://my.walls.io *.hubspotusercontent-na1.net *.g.doubleclick.net https://google.com https://api.sendgrid.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://*.kaltura.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 2 frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net *.helpdocsite.com teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com teams.cloud.microsoft outlook.cloud.microsoft m365.cloud.microsoft app.hubspot.com app-eu1.hubspot.com *.canva.com; 2 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.hk *.interactivebrokers.ch *.interactivebrokers.eu *.interactivebrokers.ie *.interactivebrokers.lu *.interactivebrokers.hu *.interactivebrokers.com.sg *.ibkr.com.sg *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.lynxbroker.com impact.interactivebrokers.com widgets.tipranks.com site.recognia.com *.portfolioanalyst.com portfolioanalyst.com www.portfolioanalyst.com www.interactivebrokers.com https://www.interactivebrokers.com/ ibkr.paxosclients.com worldtrader.hsbc.ae *.xstaging.tv *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.greenwichcompliance.com; 2 default-src https: 'self' data: blob:; font-src https: data:; img-src https: data:; script-src https: 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-src 'self' blob: https: data:; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.aspnetcdn.com https://consent.cookiebot.com https://visualisation.polimapper.co.uk https://consentcdn.cookiebot.com https://www.youtube.com https://app.five9.eu https://*.gleap.io https://*.cloudfront.net https://connect.facebook.net https://sc-static.net https://*.redditstatic.com https://static.ads-twitter.com https://js.adsrvr.org https://*.snapchat.com;object-src 'none';style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;img-src 'self' https://dashboard.umbraco.com data: https://www.googletagmanager.com https://*.googlesyndication.com https://*.gleap.io https://img.youtube.com https://imgsct.cookiebot.com https://2673654.fls.doubleclick.net https://*.twitter.com https://t.co https://*.doubleclick.net https://*.reddit.net https://*.reddit.com https://adservice.google.com;media-src 'self' https://*.gleap.io;frame-src 'self' https://*.snapchat.com https://*.gleap.io https://insight.adsrvr.org https://www.youtube.com https://consentcdn.cookiebot.com https://2673654.fls.doubleclick.net https://ad.doubleclick.net https://visualisation.polimapper.co.uk https://td.doubleclick.net https://img.youtube.com https://app.five9.eu;font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://maxcdn.bootstrapcdn.com;connect-src 'self' https://*.snapchat.com https://*.cookiebot.com https://settings.luckyorange.net https://*.reddit.com https://*.redditstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.gleap.io wss://ws.gleap.io 2 frame-src https://*.farnell.com https://*.element14.com https://*.newark.com 2 img-src * data:; font-src * data:; connect-src * data:; media-src * data: blob:; object-src *; frame-ancestors 'self' https://advancedmd-hub.knowledgeowl.com https://static-100.advancedmd.com https://static-999.advancedmd.com; 2 style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 2 frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu public.tableau.com ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 129.210.247.132 2 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; worker-src blob:; img-src 'self' https: data:; font-src 'self' https: data: 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 frame-ancestors 'self' aemauthor.barclaycardus.com www.aviatormastercard.com www.emiratesskywardscards.com www.hawaiianbohcard.com www.myluxurycard.com www.hawaiiancreditcard.com www.jetbluemastercard.com www.pricelinerewardsvisa.com www.breezeairwaysvisa.com www.barclaycardus.com gap.barclaysus.com oldnavy.barclaysus.com athleta.barclaysus.com bananarepublic.barclaysus.com staging-www.barclaycardus.com prod-test-www.barclaycardus.com prod-pi-www.barclaycardus.com prod-cn-www.barclaycardus.com; 2 frame-ancestors 'self' https://*.ccma.cat https://*.3cat.cat; 2 base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.mbiscuit.mbank.pl https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://googleads.g.doubleclick.net https://img.youtube.com https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://cdn.mbiscuit.mbank.pl https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://svc.mbank.pl https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.pl https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://skk.erecruiter.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 2 frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 2 default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://matomo.ria.ee/ https://search.service.vportal.ee/v1/search/ria https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://matomo.ria.ee/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' fozzy.com *.fozzy.com; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 2 default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.twitter.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.youtube.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.spexlive.net *.gstatic.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.botframework.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.peerspot.com *.sketchfab.com *.quantummetric.com *.fiservapps.com *.quora.com sierra.chat *.algorecs.com *.cimulate.ai *.officeperceptioninstinct.com *.oktapreview.com *.okta.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.spexlive.net *.turnto.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com sierra.chat;img-src 'self' *.cdw.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.akamaihd.net *.google.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.youtube.com *.amazonaws.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com *.prod.bidr.io cdn.optimizely.com p.adsymptotic.com um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com *.adobe.com *.sc.omtrdc.net *.spexlive.net *.windows.net *.turnto.com *.edgecastcdn.net *.licdn.com *.ispot.tv *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.pactsafe.io *.administratehq.com *.peerspot.com *.sketchfab.com *.quora.com sierra.chat *.officeperceptioninstinct.com *.oktapreview.com *.okta.com;frame-src 'self' *.cdw.com *.qualtrics.com *.needle.com *.liadm.com *.doubleclick.net *.google.com *.twitter.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.youtube.com *.facebook.com *.rlcdn.com *.cloudfront.net *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.spexlive.net *.swcontentsyndication.com *.cisco.com *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com *.fiservapps.com;font-src * data:;connect-src 'self' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.demdex.net *.d41.co *.cxense.com *.googletagmanager.com *.googletagservices.com *.go-mpulse.net *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.spexlive.net *.turnto.com *.ispot.tv *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.botframework.com wss://*.botframework.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com *.quantummetric.com sierra.chat *.algorecs.com *.cimulate.ai wss://*.cimulate.ai p11.techlab-cdn.com;object-src 'self' *.cdw.com *.scene7.com;media-src 'self' *.cdw.com *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob: *.quantummetric.com *.cimulate.ai; 2 frame-ancestors https://*.kennesaw.edu; 2 base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' *.ibm.com ; child-src blob: * 2 object-src 'none'; frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://www.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp https://bkoffice.sov.gs.corp https://networkofsavings.aaa.biz https://shdwbkoffice.sov.gs.corp; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.corp *.santanderbank.com *.openbank.us *.tealiumiq.com *.smarterhq.io *.optimizely.com *.optimizely-static.com *.googletagmanager.com *.tiqcdn.com *.teads.tv *.facebook.net *.online-metrix.net *.pinimg.com *.santandersandi.com *.cloudfront.net *.cloudflare.com *.google.com *.gstatic.com *.amazonaws.com blob:; 2 base-uri 'self'; default-src 'none'; img-src 'self' https: data: blob:; worker-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; frame-src https:; frame-ancestors 'none'; connect-src 'self' https: blob: data: ws:; font-src 'self' data:; manifest-src 'self' 2 frame-ancestors 'self' https://*.timesinternet.in https://*.sli.ke https://economictimes.indiatimes.com https://navbharattimes.indiatimes.com https://m.timesofindia.com https://m.economictimes.com https://gadgetsnow.com https://www.gadgetsnow.com https://gadgetsnow.indiatimes.com https://www.google.com https://google.com https://static-toiimg-com.cdn.ampproject.org https://m-timesofindia-com.cdn.ampproject.org https://www.newspointapp.com https://timesofindia.indiatimes.com https://auto.timesofindia.com https://timesofindia-indiatimes-com.cdn.ampproject.org https://vijaykarnataka.com https://*.samayam.com https://*.iamgujarat.com https://*.indiatimes.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://api.rss2json.com data: 2 frame-ancestors 'self' https://myaccount.pge.com 2 child-src *.hsforms.com; connect-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hs-banner.com *.hsforms.com *.hubapi.com *.hubspot.com api.cr-relay.com app.clearbit.com app.navattic.com cdn.linkedin.oribi.io cdn.prod.website-files.com conversions-config.reddit.com hubspot-forms-static-embed.s3.amazonaws.com js.hscta.net material-site.cdn.prismic.io pagead2.googlesyndication.com pixel-config.reddit.com px.ads.linkedin.com www.redditstatic.com; default-src 'self'; font-src 'self' assets.website-files.com cdn.prod.website-files.com data: uploads-ssl.webflow.com; frame-src 'self' *.hs-sites.com *.hsforms.com *.hsforms.net *.hubspot.com capture.navattic.com cdn.embedly.com material-site.prismic.io open.spotify.com player.vimeo.com td.doubleclick.net www.googletagmanager.com www.vimeo.com www.youtube.com; img-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hsforms.com *.hsforms.net *.hubspot.com alb.reddit.com cdn.prod.website-files.com d3e54v103j8qbb.cloudfront.net/img/ data: google.com googleads.g.doubleclick.net i.vimeocdn.com i.ytimg.com images.prismic.io js.hscta.net material-site.cdn.prismic.io/material-site/ no-cache.hubspot.com pagead2.googlesyndication.com prismic-io.s3.amazonaws.com/material-site/ px.ads.linkedin.com px4.ads.linkedin.com www.google.com www.linkedin.com; media-src 'self' cdn.prod.website-files.com material-site.cdn.prismic.io; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.com *.hsforms.net *.hubspot.com *.usemessages.com cdn.cr-relay.com cdn.jsdelivr.net/npm/@finsweet/ cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com cdnjs.cloudflare.com/ajax/libs/ d3e54v103j8qbb.cloudfront.net/js/ joinamply.github.io/amply-motion/dist/index.js js.hscta.net js.navattic.com material.security/pageload.js player.vimeo.com prismic.io px.ads.linkedin.com snap.licdn.com static.cdn.prismic.io tag.clearbitscripts.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com x.clearbitjs.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com joinamply.github.io/amply-motion/styles.css 2 img-src 'self' data: https:; object-src 'none'; frame-ancestors 'self'; report-to csp-endpoint; style-src 'self' data: https: 'unsafe-inline'; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; 2 default-src data: https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 2 default-src 'self' https://*.wistia.com https://*.wistia.net https://*.crazyegg.com https://*.qualified.com https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: https:; connect-src 'self' https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://*.crazyegg.com https://ws.zoominfo.com https://*.qualified.com wss://*.qualified.com https: wss:; img-src 'self' data: https://images.ctfassets.net/st43jm402pmo/ https://videos.ctfassets.net/st43jm402pmo/ https://*.wistia.com https://*.wistia.net https://*.crazyegg.com https://*.qualified.com; font-src 'self' data: https://*.wistia.com https: data:; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://*.qualified.com https:; child-src https://*.qualified.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://videos.ctfassets.net/st43jm402pmo/ mediastream: https://*.qualified.com; script-src 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.crazyegg.com https://js.zi-scripts.com https://jws-assets.zoominfo.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://*.qualified.com https:; object-src 'none'; frame-ancestors https://app.contentful.com 2 font-src 'self'; frame-ancestors 'self'; 2 default-src 'self'; script-src 'self' https://challenges.cloudflare.com https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src * data:; font-src 'self'; connect-src 'self' https://challenges.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://challenges.cloudflare.com; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; upgrade-insecure-requests; 2 default-src 'self'; font-src 'self' data:; img-src 'self' data: toegankelijkheidsverklaring.nl www.toegankelijkheidsverklaring.nl; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', form-action 'self', img-src 'self' data: https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net https://plausible.io https://web-sdk-cdn.singular.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', 2 frame-ancestors 'self' http://localhost:80 https://localhost:443 http://127.0.0.1:80 https://127.0.0.1:443; 2 default-src 'self' https://*.pixelcut.app https://auth.prod.pixelcut.ai https://accounts.google.com/gsi/; img-src 'self' https: data: blob: gs: https://d33v4339jhl8k0.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://*.iubenda.com https://assets.churnkey.co; font-src 'self' 'unsafe-inline' https://*.pixelcut.app https://fonts.gstatic.com https://assets.churnkey.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://accounts.google.com/gsi/client https://*.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://cdn-cookieyes.com https://*.cookieyes.com https://challenges.cloudflare.com/turnstile/v0/api.js https://www.dropbox.com/static/api/2/dropins.js https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://js.stripe.com/v3 https://js.stripe.com/v3/ https://assets.churnkey.co https://*.iubenda.com https://r.wdfl.co todesktop-internal://*; object-src 'self' blob:; media-src 'self' https://beacon-v2.helpscout.net https://cdn3.pixelcut.app https://storage.googleapis.com/ https://*.pixelcut.app https://*.pixelcut.ai; frame-src 'self' https://accounts.google.com/gsi/ https://auth.prod.pixelcut.ai https://challenges.cloudflare.com/ https://content.googleapis.com/ https://docs.google.com/ https://accounts.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.facebook.com https://js.stripe.com/; connect-src 'self' file: data: blob: filesystem: ws: https://images.unsplash.com https://images.pexels.com https://*.pixelcut.app https://d3hb14vkzrxvla.cloudfront.net https://*.pixelcut.app https://accounts.google.com/gsi/ https://*.googleapis.com https://www.googleadservices.com https://*.sentry.io https://*.mixpanel.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://endpoint1.collection.us2.sumologic.com https://cdn-cookieyes.com https://*.cookieyes.com https://dl.dropboxusercontent.com/1/ https://apis.google.com/ https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://stripe.com https://*.stripe.com https://api.churnkey.co https://fal.media https://*.fal.media https://content.pixelcut.ai https://content-staging.pixelcut.ai https://assets.pixelcut.ai https://assets.staging.pixelcut.app https://api.getrewardful.com https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://api.statsigcdn.com https://featureassets.org https://assetsconfigcdn.org https://prodregistryv2.org https://cloudflare-dns.com https://beyondwickedmapping.org; worker-src 'self' blob:; child-src 'self' blob: 2 default-src 'self'; style-src 'self'; img-src 'self' data: hosted.weblate.org blog.cihar.com gate.thepay.cz *.githubusercontent.com; script-src 'self' browser.sentry-cdn.com de.sentry.io; connect-src 'self' de.sentry.io; object-src 'none'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'self' weblate.org hosted.weblate.org gate.thepay.cz thepay.cz;report-uri https://o4507304895905792.ingest.de.sentry.io/api/4507486269866064/security/?sentry_key=5eb5194266692a262a4f8a6aad7a25b6 2 default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 2 frame-ancestors 'self' https://mgmt-prod-gcp.keurig.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://*.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.executiveinterviews.com https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.youtube-nocookie.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://fonts.googleapis.com https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://*.force.com https://*.my.salesforce-sites.com https://cdn.fonts.net https://analytics.tiktok.com https://i.ytimg.com https://*.nextdoor.com https://go.chevron.email https://acrobatservices.adobe.com https://viewlicense.adobe.io https://sc-static.net https://*.snapchat.com/ https://*.adsrvr.org https://*.googlesyndication.com https://get.geojs.io; upgrade-insecure-requests; block-all-mixed-content; 2 default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 2 default-src 'self' https:; font-src 'self' data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; frame-ancestors https://vtr.com https://*.vtr.com https://ww2.movistar.cl https://www.clarochile.cl; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://alteryx.lookbookhq.com https://alteryx.lookbookhq.com http://alteryx.pathfactory.com https://alteryx.pathfactory.com https://int.bender.rocks https://ayx-sandbox.bender.rocks https://flexo.bender.rocks https://fry.bender.rocks https://perf.bender.rocks https://aml.bender.rocks https://au1.alteryxcloud.com https://eu1.alteryxcloud.com https://preprod.alteryxcloud.com https://us1.alteryxcloud.com; 2 frame-ancestors 'self' https://products.bestreviews.com/ https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/ https://www.snntv.com/ https://www.wavy.com/ https://cw33.com/ https://www.dcnewsnow.com/ https://www.ketk.com/ https://www.ktalnews.com/ https://www.qcnews.com/ https://fox56news.com/ https://www.wtaj.com/ https://www.newsnationnow.com/ https://thehill.com/; 2 default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae rum.hlx.page bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com snap.licdn.com *.recaptcha.net s.yimg.com *.askus.hsbc.co.uk *.appspot.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org pixel.everesttech.net liveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.google-analytics.com www.google.com www.gstatic.cn *.hsbc.com.cn *.isstprod.hsbc.com.cn *.akamaihd.net *.tt.omtrdc.net; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net px.ads.linkedin.com *.hsbc.co.uk *.qualtrics.com *.amazonaws.com *.we-stats.com *.hsbc.com wss://*.hsbc.com *.onfido.com *.appspot.com *.facebook.com tt.omtrdc.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net code.jquery.com *.isstprod.hsbc.com.cn *.eu.v2.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.online-metrix.net *.hsbc.com.hk *.walkme.com liveperson.com *.qualtrics.com tags.tiqcdn.com *.hsbc.co.uk *.facebook.com *.recaptcha.net bid.g.doubleclick.net cdntm.hsbc.co.uk *.akamaihd.net *.ibosscloud.com m.hbeu.dxp1.preprod.eu.dynp.cloud1.vv1865.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net *.hsbc.co.uk; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net *.avast.com *.alicdn.com fonts.googleapis.com *.hsbc.co.uk; worker-src 'self' blob: tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net *.liveperson.net *.optimizely.com *.walkme.com; object-src 'self' blob: players.brightcove.net; child-src 'self' *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com blob: tags.tiqcdn.com; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net *.lpsnmedia.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2 frame-ancestors 'self' https://www.stems-music.com https://blog.native-instruments.com; 2 base-uri 'self'; frame-ancestors 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://logs.betterstack.com; connect-src 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://logs.betterstack.com cdnjs.betterstack.com betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com *.okta.com *.sentry.io https://api.stripe.com https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com https://eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com/pagead www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com https://upload.imagedelivery.net; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://logs.betterstack.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://www.facebook.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com newsletter.betterstack.com betterstack.substack.com www.loom.com; form-action *; style-src 'report-sample' 'self' 'unsafe-inline' cdnjs.betterstack.com https://fonts.googleapis.com blob:; script-src 'report-sample' 'self' 'unsafe-eval' cdnjs.betterstack.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.js.stripe.com https://js.stripe.com https://chat-assets.frontapp.com *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com/pagead www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com 'nonce-eaa7b9b8b1d948cdc7e7bb95d0faca46'; worker-src 'report-sample' 'self' blob: cdnjs.betterstack.com; img-src 'self' blob: data: cdnjs.betterstack.com www.gravatar.com ui-avatars.com https://*.wp.com/ui-avatars.com/api/ betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com https://imagedelivery.net https://betterstack.com/cdn-cgi/image/ https://chat.frontapp.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://nibbler.frontapp.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com *.doubleclick.net www.google.com google.com https://alb.reddit.com linkedin.com *.linkedin.com bat.bing.com bat.bing.net https://www.facebook.com www.googletagmanager.com https://t.co/i/ https://t.co/1/ https://analytics.twitter.com cdn.loom.com; default-src 'self' 2 frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.keysight.com.cn 2 frame-ancestors https://*.1stdibs.com; 2 frame-src 'self' blob: 'self' https://www.google.com.ua https://secure.wayforpay.com https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://apis.google.com https://accounts.google.com https://www.google.com https://embed.tawk.to https://cdn.datatables.net https://play.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.ukrnames.com https://secure.wayforpay.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://secure.wayforpay.com https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com https://*.tawk.to https://analytics.google.com https://stats.g.doubleclick.net 2 default-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com csxd.exclaimer.net csxd.exclaimer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com t.contentsquare.net app.contentsquare.com; worker-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com; img-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.contentsquare.net data: blob:; font-src 'self' a.storyblok.com maxcdn.bootstrapcdn.com fast.wistia.com data:; media-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com data: blob:; object-src 'none'; frame-ancestors 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com; connect-src 'self' https://www.gstatic.com/ exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.contentsquare.net *.litix.io blob: data:; child-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com; style-src 'self' 'unsafe-inline' data: blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com; 2 connect-src 'self' *.analytics.google.com distillery.pixlee.co *.clarity.ms *.cloudflare.com *.g.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googletagmanager.com *.heidelpay.com *.liebherr.com *.liebherr.i *.paypal.com *.siteintercept.qualtrics.com *.usercentrics.eu maps.googleapis.com stats.g.doubleclick.net www.google.com www.google.de *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.kameleoon.net bat.bing.com bat.bing.net; default-src 'self' *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.kameleoon.net; font-src 'self' data: *.bing.com *.clarity.ms *.cloudflare.com *.gstatic.com *.heidelpay.com *.liebherr.com *.liebherr.i *.zencdn.net; frame-src 'self' *.cloudflare.com *.google.com *.heidelpay.com *.hpcgw.net *.liebherr.com *.liebherr.i *.usercentrics.eu *.youtube-nocookie.com *.doubleclick.net www.youtube.com *.googletagmanager.com; img-src 'self' data: blob: *.analytics.google.com *.googleadservices.com *.azurewebsites.net *.cloudflare.com *.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleapis.com *.googletagmanager.com *.gstatic.com *.heidelpay.com *.liebherr.com *.liebherr.i *.paypal.com *.siteintercept.qualtrics.com *.usercentrics.eu *.ytimg.com googleads.g.doubleclick.net siteintercept.qualtrics.com bat.bing.com static.pxlecdn.com; media-src 'self' *.cloudflare.com *.liebherr.i *.liebherr.com static.pxlecdn.com static.pixlee.com; object-src 'self' *.cloudflare.com *.liebherr.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.heidelpay.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.kameleoon.net *.liebherr.com *.liebherr.i *.paypal.com *.paypalobjects.com *.siteintercept.qualtrics.com *.usercentrics.eu *.youtube-nocookies.com *.youtube.com *.zencdn.net aframe.io bat.bing.com bing.com c.evidon.com cdn.jsdelivr.net googleads.g.doubleclick.net s.ytimg.com siteintercept.qualtrics.com siteseal.quovadisglobal.com www.googleadservices.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.gstatic.com *.liebherr.com *.liebherr.i *.zencdn.net fonts.googleapis.com; 2 frame-ancestors self https://*.asianetnews.com https://*.asianetnews.co http://*.annpl.org https://*.asianetnews.org https://jionews.com https://jionewsdev1.jio.ril.com 2 default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com europe.directline.botframework.com wss://europe.directline.botframework.com export.highcharts.com; font-src 'self' data: fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org ablok-portal-next.azurewebsites.net; img-src data: blob: *; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; object-src 'none'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com; style-src 'unsafe-inline' www.youtube.com; base-uri 'none'; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://portal.daad.de https://*.daad.com http://*.daad.com 2 frame-ancestors 'self' https://*.uk.pri.o2.com 2 script-src 'self' 'unsafe-inline' https://mw.thghosting.com https://request.eprotect.vantivcnp.com https://www.dwin1.com https://lantern.roeyecdn.com https://bat.bing.com https://*.pingdom.net https://connect.facebook.com https://connect.facebook.net/ https://www.googletagmanager.com https://code.jquery.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://snap.licdn.com/li.lms-analytics/ https://www.googleadservices.com/pagead/; img-src 'self' 'unsafe-inline' data: https://support.thgingenuity.com https://img.zohostatic.eu https://googletagmanager.com https://www.gstatic.com/recaptcha/ https://bat.bing.com https://bat.bing.net https://*.pingdom.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://www.google.pl https://www.google-analytics.com https://www.facebook.com https://lantern.roeye.com/ https://www.zenaps.com/a/ https://px.ads.linkedin.com/; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.uk2.net https://*.pingdom.net https://fonts.gstatic.com https://www.google.com https://fonts.googleapis.com https://fonts.googleapis.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://cdn.forms-content.sg-form.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/static/ https://player.vimeo.com https://www.youtube.com https://accounts.google.com https://td.doubleclick.net/ https://www.facebook.com/; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com https://*.google-analytics.com https://*.paypal.com https://mw.thghosting.com https://googleadservices.com https://stats.g.doubleclick.net https://*.pingdom.net https://fonts.googleapis.com https://www.gstatic.com https://bat.bing.com https://bat.bing.net https://*.sentry.io https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://rum-collector-2.pingdom.net/img/ https://region1.google-analytics.com/g/ https://px.ads.linkedin.com/ https://www.google.com/ccm/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; default-src 'self'; object-src 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: blob: data:; font-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://app.contentful.com; 2 frame-ancestors 'self' *.crestron.com *.crestron.com:81; 2 default-src 'none';connect-src 'self' https://cdn77.com https://*.cdn77.com https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.doubleclick.net https://*.cdn77.eu https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://bat.bing.net https://*.ads.linkedin.com https://www.facebook.com;script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://static.hotjar.com https://*.hotjar.com https://bat.bing.com https://*.ads-twitter.com https://*.licdn.com https://*.facebook.net https://*.hcaptcha.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.typekit.net;font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.intercomcdn.com;img-src * data:;frame-src 'self' https://www.facebook.com https://*.hcaptcha.com;media-src 'self' https://*.intercomcdn.com;form-action 'self';manifest-src 'self';worker-src 'self' blob:;child-src 'self' blob:;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2 default-src ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.textexpander.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google-analytics.com https://*.googleadservices.com https://*.facebook.net https://*.pvd.to https://*.dwin1.com https://*.doubleclick.net https://*.google.at https://*.twitter.com https://*.iubenda.com https://*.vimeocdn.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.calendly.com https://*.usemessages.com https://*.recruitee.com https://d10zminp1cyta8.cloudfront.net https://cdnjs.cloudflare.com https://unpkg.com https://*.paddle.com https://*.helpscout.net https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://*.googleoptimize.com https://vimeo.com https://*.yoast.com https://*.vimeo.com https://*.google.com https://*.fontawesome.com https://*.hsappstatic.net https://ads.yahoo.com https://*.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com https://*.adsymptotic.com https://*.advertising.com https://*.rubiconproject.com https://simage2.pubmatic.com https://*.licdn.com https://*.outbrain.com https://*.taboola.com https://ups.analytics.yahoo.com https://*.bidswitch.net https://*.facebook.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.hsforms.com https://*.hsforms.net https://*.bing.com https://*.linkedin.com https://*.gstatic.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.g2crowd.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.clarity.ms https://google.com https://google.com https://*.segment.com https://*.getreditus.com/ https://*.mountain.com;style-src https://*.textexpander.com https://sentry.io 'unsafe-inline' 'self' https://*.helpscout.net https://unpkg.com https://*.google.com https://*.fontawesome.com https://*.calendly.com https://*.googleapis.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://s3.amazonaws.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://google.com https://google.com https://*.typekit.net;font-src https://*.textexpander.com https://*.gstatic.com data: 'self' https://*.googletagmanager.com https://*.helpscout.net https://*.googleoptimize.com https://*.fontawesome.com https://textexpander.com https://*.intercomcdn.com https://*.typekit.net;img-src * data:;connect-src https://*.textexpander.com wss://visitors.live https://*.hubapi.com https://*.fontawesome.com wss://*.visitors.live https://*.googleapis.com https://*.linkedin.com https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://*.sumologic.com https://cdn.linkedin.oribi.io 'self' https://*.analytics.google.com https://*.hubspot.com https://*.iubenda.com https://*.pvd.to https://*.recruitee.com https://*.helpscout.net https://sentry.io https://*.facebook.com https://*.google-analytics.com https://*.yoast.com https://*.google.com https://*.adroll.com https://*.googlesyndication.com https://*.clearbit.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.bing.com https://*.doubleclick.net https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.com https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io https://*.clarity.ms https://google.com https://google.com https://*.g2crowd.com https://*.segment.com https://*.segment.io https://bat.bing.net https://*.g2.com;media-src https://*.textexpander.com https://*.youtu.be https://vod-progressive.akamaized.net 'self' https://*.vimeocdn.com https://*.helpscout.net https://download-video.akamaized.net https://vimeo.com https://*.vimeo.com https://*.youtube.com https://textexpander.com https://*.intercomcdn.com;object-src https://*.textexpander.com blob: 'self' https://*.helpscout.net https://textexpander.com;frame-src https://*.textexpander.com https://10fastfingers.com https://calendly.com https://*.wufoo.com 'self' https://*.twitter.com https://*.hubspot.com https://*.iubenda.com https://*.vimeocdn.com https://*.helpscout.net https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.gr https://*.google.com.mx https://*.google.com.pk https://*.google.com.tr https://*.google.com.tw https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.pl https://*.google.pt https://vimeo.com https://*.vimeo.com https://*.google.com https://*.youtube-nocookie.com https://*.adroll.com https://*.hsforms.com https://*.youtube.com https://*.doubleclick.net https://*.facebook.com https://textexpander.com *.visualwebsiteoptimizer.com app.vwo.com https://*.attributionapp.com https://*.intercom.io https://*.intercom.com https://*.intercomcdn.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net https://google.com https://google.com https://*.googletagmanager.com https://js.hsforms.net;worker-src https://*.textexpander.com 'self' blob: https://textexpander.com https://*.intercom-reporting.com https://intercom-sheets.com https://fast.wistia.net https://vimeo.com https://*.youtube.com; 2 default-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft https://m365.cloud.microsoft https://sbrprodprv.www.office.com https://scuprodprv.www.office.com https://fa000000174.resources.office.net https://outlook.office.com; base-uri 'none'; manifest-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; script-src 'self' 'unsafe-eval' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-VCkGe6AeV2B4vV7flXt9Dkkp04wMc8zq7faHdRwhOx0=' 'sha256-Wmg7miLkEVn5v393z4Ch7lbKnpNnLZhnVOk/iJN1miE='; style-src 'self' 'unsafe-inline' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://whiteboard.svc.cloud.microsoft/sync wss://whiteboard.svc.cloud.dev.microsoft/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://int.augloop.svc.cloud.dev.microsoft wss://*.int.augloop.svc.cloud.dev.microsoft wss://*.augloop-int.officeppe.com wss://augloop-int.officeppe.com wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; media-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' *.cdnpandadoc.com http: data:; connect-src 'self' http:; font-src 'self' 'unsafe-inline' data: http:; media-src 'self' blob: https:; frame-ancestors 'self' app.hubspot.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: https: 'unsafe-inline'; 2 base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com https://pagemanager.sharecare.com https://www.sharecare.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-na01.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://vjs.zencdn.net https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://about.sharecare.com https://cdnjs.cloudflare.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com https://pagemanager.sharecare.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io https://cdn.cookielaw.org https://www.googletagmanager.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://about.sharecare.com; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io https://ssl.google-analytics.com https://code.jquery.com https://privacyportal-na01.onetrust.com https://players.brightcove.net https://ajax.googleapis.com https://cdn.krxd.net https://vjs.zencdn.net https://edge.api.brightcove.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://ingestion.webanalytics.italia.it; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://cercaportale.salute.gov.it https://api.salute.gov.it https://ingestion.webanalytics.italia.it; frame-src 'self' https://www.youtube-nocookie.com 2 default-src https:; font-src https: data:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: https://pagead2.googlesyndication.com https://www.googletagmanager.com; style-src https: 'unsafe-inline'; connect-src https: wss: data: https://pagead2.googlesyndication.com https://connect.facebook.net https://log.cookieyes.com; worker-src https: blob:; media-src https: data: blob:; report-to csp-endpoint; 2 frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 2 frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 2 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://vorschau.computerbild.de https://rendering.computerbild.de 2 object-src 'none';frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net https://*.powerdms.com https://*.agency360.com https://*.schooljobs.com https://*.governmentjobs.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://live.flyp.tv https://dashboard.stage.bio; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://cdn.stage.bio https://about.stage.bio; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.3qsdn.com https://api.stage.bio; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://*.3qsdn.com blob: https://cdn.stage.bio; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv; frame-ancestors 'self' http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.init-ag.de; 2 frame-ancestors 'self' *.eur.nl 2 base-uri 2 frame-ancestors 'self' https://prod.sitecore.seismic.com https://resources.seismic.com; 2 frame-ancestors 'self' *.bonhams.com 2 frame-ancestors 'self' *.dimelochat.com *.engagement.dimelo.com 2 default-src 'self' https://*.aau.dk https://*.azurewebsites.net https://*.dropbox.com https://*.dropboxusercontent.com https://podcastpusher.com https://*.doubleclick.net https://*.fonts.net https://*.linkedin.com https://*.facebook.com https://*.snapchat.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.survey-xact.dk https://*.microsoftonline.com https://*.office.com https://*.gstatic.com https://*.cookieinformation.com; font-src 'self' data: fonts.gstatic.com; script-src https://www.clarity.ms https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://www.clarity.ms/tag/n87ghf3gw4?ref=gtm2 https://www.googletagmanager.com/ https://www.youtube-nocookie.com 'self' 'unsafe-inline' https://*.scratcher.io https://*.elfsightcdn.com https://*.snapchat.com https://*.readpeak.com https://*.sc-static.net https://*.licdn.com https://*.google.com https://*.googleapis.com https://*.elfsight.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.twitter.com https://*.cookieinformation.com https://*.youtube.com https://*.vimeo.com; connect-src https://widget-data.service.elfsight.com https://core.service.elfsight.com https://public-eur.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ 'self' wss://aau-its-caai-shared-haandbog-prod.azurewebsites.net/ https://prod-aaudxp-vacancy-app.azurewebsites.net/ wss://aau-its-caai-studieservice-adgangstjek-prod.azurewebsites.net https://*.azurewebsites.net https://*.elfsightcdn.com https://*.aau.dk https://*.licdn.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.snapchat.com https://*.oribi.io https://*.analytics.google.com https://*.googleapis.com https://*.elfsight.com https://*.google-analytics.com https://*.cookieinformation.com; img-src 'self' data: image/* https://*.aau.dk https://*.plan2learn.dk https://*.elfsight.com https://*.linkedin.com https://*.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ivanenko.workers.dev https://*.taboola.com https://*.doubleclick.net https://*.adnxs.com https://*.readpeak.com https://*.google.dk https://*.gstatic.com https://*.dropbox.com https://*.dropboxusercontent.com https://*.google.com https://*.twimg.com https://*.facebook.com https://*.vimeocdn.com https://*.ytimg.com https://*.youtube.com https://*.googleapis.com https://*.elfsightcdn.com; frame-src https://aaublanketterdev.powerappsportals.com/ http://mfc-print03.aau.dk https://assets-eur.mkt.dynamics.com/ https://www.clarity.ms https://serviceinfo.dk 'self' https://www.youtube-nocookie.com/ https://www.googletagmanager.com/ https://public-eur.mkt.dynamics.com https://*.geckobooking.dk https://*.powerapps.com https://*.cobe.dk https://*.powerbi.com https://*.scratcher.io https://*.youtube.com https://*.plandisc.com https://*.moodle.aau.dk https://*.matterport.com https://*.microsoftonline.com https://*.360company.dk https://*.snapchat.com https://*.doubleclick.net https://*.spotify.com https://*.google.com https://*.vercel.app https://*.serviceinfo.dk https://*.libraryh3lp.com https://*.aau.dk https://*.facebook.com https://*.survey-xact.dk *.svc.dynamics.com https://*.office.com https://*.kuula.co https://*.cookieinformation.com https://*.vimeo.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors 'none'; 2 default-src 'self' https://static.eurostar.com https://www.eurostar.com; frame-ancestors 'self' https://cms.eurostar.com https://eurostar.moment.tech https://onboard.eurostar.com; child-src blob: 'self' https://*.doubleclick.net https://ams.creativecdn.com https://api.prod.eurostar.com https://checkoutshopper-test.adyen.com https://console-d2-eus-v3.conductrics.com https://d6tizftlrpuof.cloudfront.net https://insight.adsrvr.org https://match.adsrvr.org https://static.eurostar.com https://www.facebook.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube-nocookie.com https://www.youtube.com https://campaigns.lucky-cycle.com; connect-src 'self' https://*.contentsquare.net https://*.doubleclick.net https://*.eurostar.com https://*.launchdarkly.com https://1wyn2xo2.apicdn.sanity.io https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://api.kommunicate.io https://api.musement.com https://api.usabilla.com https://ams.creativecdn.com https://bat.bing.com https://beacon.speedcurve.com https://bots.applozic.com https://bots.kommunicate.io https://cdn.kommunicate.io https://cdn.speedcurve.com https://chat.kommunicate.io https://checkoutshopper-live.adyen.com https://cognito-idp.eu-west-1.amazonaws.com https://collect.tealiumiq.com https://collect-eu-west-1.tealiumiq.com https://eus-events.conductrics.com https://faro-collector-prod-eu-west-0.grafana.net https://fonts.googleapis.com https://insight.adsrvr.org https://k-aeu1.contentsquare.net https://labs.observepoint.com https://lux.speedcurve.com https://maps.googleapis.com https://o1269418.ingest.sentry.io https://pagead2.googlesyndication.com https://r.contentsquare.net https://region1.analytics.google.com https://region1.google-analytics.com https://t.co https://www.bing.com https://www.facebook.com https://www.googleadservices.com https://www.google.be https://www.google.co.uk https://www.google.com https://www.google.de https://www.google.fr https://www.google.nl https://www.google-analytics.com https://www.paypal.com wss://socket.applozic.com:80 wss://socket5.applozic.com wss://socket5.kommunicate.io; font-src 'self' data: https://content.eurostar.com https://d6tizftlrpuof.cloudfront.net https://fonts.gstatic.com https://static.eurostar.com https://appdown.pstatic.net; img-src 'self' data: https://*.contentsquare.net https://*.doubleclick.net https://*.tealiumiq.com https://1wyn2xo2.apicdn.sanity.io https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://analytics.tiktok.com https://bat.bing.com https://cdn.sanity.io https://cdn.speedcurve.com https://chatbot.eurostar.com https://checkoutshopper-live.adyen.com https://d6tizftlrpuof.cloudfront.net https://ib.adnxs.com https://images.ctfassets.net https://lux.speedcurve.com https://maps.googleapis.com https://maps.gstatic.com https://match.adsrvr.org https://images.musement.com https://packages-assets.eurostar.com https://packages.eurostar.com https://pixel.mediaiqdigital.com https://px.adnxs.com https://pxl.qccerttest.com https://region1.google-analytics.com https://s0.2mdn.net https://s3.amazonaws.com/kommunicate.s3/profile_pic/ https://seal.digicert.com https://secure.adnxs.com https://static.eurostar.com https://t.co https://t.paypal.com https://tag.yieldoptimizer.com https://w.usabilla.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.cr https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pe https://www.google.com.pk https://www.google.com.pr https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.lt https://www.google.lu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.se https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://statics.lucky-cycle.com; media-src https://cdn.kommunicate.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.eurostar.com https://*.launchdarkly.com https://*.usabilla.com https://acdn.adnxs.com https://analytics.twitter.com https://apply.workable.com https://bat.bing.com https://cdn.applozic.com https://cdn.kommunicate.io https://connect.facebook.net https://console-d2-eus-v3.conductrics.com https://chatbot.eurostar.com https://eus.cdn-v3.conductrics.com https://js.time1.me https://labs.observepoint.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://s.yimg.com https://snap.licdn.com https://static.ads-twitter.com https://tag.yieldoptimizer.com https://tags.tiqcdn.com https://visitor-service.tealiumiq.com https://visitor-service-eu-west-1.tealiumiq.com https://widget.kommunicate.io https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.paypal.com https://statics.lucky-cycle.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.tealiumiq.com https://acdn.adnxs.com https://ad.doubleclick.net https://adservice.google.be https://adservice.google.com https://analytics.tiktok.com https://analytics.twitter.com https://api.usabilla.com https://app.contentsquare.com https://apply.workable.com https://bat.bing.com https://cdn.applozic.com https://cdn.kommunicate.io https://cdn.speedcurve.com https://connect.facebook.net https://console-d2-eus-v3.conductrics.com https://chatbot.eurostar.com https://d6tizftlrpuof.cloudfront.net https://eus.cdn-v3.conductrics.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://scripts.eurostar.com https://secure-scripts.eurostar.com https://static.eurostar.com https://statics.lucky-cycle.com https://tags.creativecdn.com https://tags.tiqcdn.com https://w.usabilla.com https://widget.kommunicate.io https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.workable.com; style-src 'unsafe-inline' 'self' https://cdn.kommunicate.io https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' 'self' https://cdn.kommunicate.io https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.gstatic.com; worker-src blob:; report-uri https://o1269418.ingest.sentry.io/api/4504559978545152/security/?sentry_key=c1b8b0d601d4479ca2508495c83b4e29&sentry_environment=www-prod 2 block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' data:; media-src data: about:; frame-src 'self' about: https:; object-src 'self' about: 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; 2 frame-ancestors 'none'; report-uri https://shoptetwww.report-uri.com/r/t/csp/enforce; report-to default 2 frame-ancestors 'self' https://microsites.audi.com *.audi-boerse.de https://mtt.avp.tech; 2 default-src 'none'; media-src *; font-src 'self' *.typekit.net *.cloudfront.net fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com platform.x.com substackapi.com boards.greenhouse.io job-boards.greenhouse.io cdn.jsdelivr.net cdn.optimizely.com *.parsely.com connect.facebook.net info.a16z.com munchkin.marketo.net plausible.io px.ads.linkedin.com snap.licdn.com static.ads-twitter.com www.youtube.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com a16z.com blob:; style-src 'unsafe-inline' *.typekit.net fonts.googleapis.com info.a16z.com a16z.com; connect-src *; frame-src 'self' platform.twitter.com *.googletagmanager.com *.loom.com *.cdn.optimizely.com speedrun.substack.com *.simplecast.com gamma.app boards.greenhouse.io job-boards.greenhouse.io www.youtube.com info.a16z.com; base-uri 'none'; form-action 'self' info.a16z.com; frame-ancestors 'self' 2 default-src 'self'; script-src 'unsafe-inline' https://*.cdn.us2.com *.addevent.com info.factsmgt.com transcend-cdn.com assets.apollo.io tracking-api.g2.com js.ipredictive.com *.storylane.io nelnet.jotform.com *.gstatic.com snap.licdn.com embed.eventbookings.com *.vimeo.com 'self' *.cookielaw.org *.hotjar.com *.google-analytics.com *.google.com ajax.googleapis.com *.facebook.net googleads.g.doubleclick.net *.facebook.com addevent.com static.addtoany.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com *.pardot.com *.googletagmanager.com whova.com *.factsmgt.com factsmgt.com *.cloudfront.net *.googleadservices.com 'unsafe-eval'; style-src https://*.cdn.us2.com *.bootstrapcdn.com cdnjs.cloudflare.com transcend-cdn.com www.googletagmanager.com 'unsafe-inline' *.fontawesome.com 'self' *.googleapis.com *.cloudfront.net; img-src 'self' https://*.cdn.us2.com *.google.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net i.vimeocdn.com ct.capterra.com px.ads.linkedin.com *.cookielaw.org *.w.org *.facebook.com *.gravatar.com *.nelnet.net data: *.s3.amazonaws.com *.cloudfront.net; connect-src 'self' *.bugsnag.com *; font-src *.fontawesome.com *.gstatic.com 'self' * data:; media-src 'self'; frame-src *.pardot.com info.factsmgt.com.au ad.ipredictive.com nelnet.jotform.com *.storylane.io embed.eventbookings.com *.evnt.is *.google.com *.vimeo.com *.factsmgt.com www.googletagmanager.com *.addtoany.com *.hotjar.com factsmgt.com *.facebook.com *.doubleclick.net *.youtube.com https://whova.com *.whova.com; 2 default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self'; connect-src 'self' https://*.stripe.com https://*.cloudflare.com https://*.paypal.com; frame-src 'self' https://*.stripe.com https://*.cloudflare.com https://*.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.cloudflare.com https://*.paypal.com https://*.hcaptcha.com https://*.stripe.network; img-src 'self' data: https://*.stripe.com https://*.cloudflare.com https://*.paypal.com; 2 default-src 'self' *.blinkist.com *.blinkist.io; font-src 'self' use.typekit.net data: *; frame-src *; frame-ancestors 'self' *.blinkist.com *.optimizely.com https://*.hygraph.com; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: *; connect-src *; img-src data: *; worker-src 'self' blob:; object-src 'none'; media-src * blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub9eac233acd1d4a5885c5b6095292de05&dd-evp-origin=content-security-policy&ddsource=csp-report 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; media-src https: blob:; img-src https: data:; font-src https: data:; worker-src https: blob:; connect-src https: wss: 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: cid:; connect-src https: wss:; worker-src 'self' blob: ; child-src 'self' https: blob: ; 2 object-src none 2 default-src 'self'; connect-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://px.ads.linkedin.com https://assets.adobedtm.com https://safgtechnologies.demdex.net https://cdn2.gbqofs.com https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://live.cloud.api.corebridgefinancial.com https://uat.cloud.api.corebridgefinancial.com https://my.valic.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://pdfgen.dmp.corebridgefinancial.com https://pdfgen-prod.dmp.corebridgefinancial.com https://americangenerallife.us-5.evergage.com https://fonts.googleapis.com https://fonts.gstatic.com https://corebridgefinancial.onlineprospectus.net https://reporting.mobular.net https://apis.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net https://streams-edge.web.sundaysky.com https://www.facebook.com https://adobedc.demdex.net https://edge.adobedc.net https://www.google.com https://dmp.uat.connector.corebridgefinancial.com https://dmp.live.connector.corebridgefinancial.com https://viewlicense.adobe.io https://cloud.rs.corebridgefinancial.com https://cloud.life.corebridgefinancial.com https://siteintercept.qualtrics.com https://cloud.ir.corebridgefinancial.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://alb.reddit.com; script-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://assets.corebridgefinancial.com https://cdn.gbqofs.com https://players.brightcove.net https://assets.map.brightcove.com https://map.brightcove.com https://platform.twitter.com https://aig.onlineprospectus.net https://corebridgefinancial.onlineprospectus.net https://valic.onlineprospectus.net https://play.sundaysky.com https://americangenerallife.us-5.evergage.com https://unpkg.com https://acrobatservices.adobe.com https://znbd5u06jodgh7tkj-crbg.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.redditstatic.com 'unsafe-inline' 'unsafe-eval' blob:; style-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://fonts.googleapis.com https://americangenerallife.us-5.evergage.com 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://safgtechnologies.demdex.net https://www.google.com https://platform.twitter.com https://players.brightcove.net https://14505161.fls.doubleclick.net https://td.doubleclick.net https://cbf.instech-app.com https://view.ceros.com https://acrobatservices.adobe.com https://player.vimeo.com https://hackerone.com; img-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://safgtechnologiesdev1cbf.112.2o7.net https://www.linkedin.com https://www.facebook.com https://assets.corebridgefinancial.com https://metrics.brightcove.com https://map.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hdr.sundaysky.com https://d21o24qxwf7uku.cloudfront.net https://play.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net https://ad.doubleclick.net https://alb.reddit.com data:; media-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://bcbolt446c5271-a.akamaihd.net https://streams-edge.web.sundaysky.com blob:; font-src 'self' https://fonts.gstatic.com https://americangenerallife.us-5.evergage.com data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.maplesoft.com/ https://js.zi-scripts.com/ https://tags.clickagy.com https://pi.pardot.com/ https://www.maplesoft.com/JS/hbx.js https://platform.twitter.com/ https://us-serve.nrich.ai/ https://js.stripe.com/ https://*.termly.io https://us-tag.nrich.ai/ https://www.youtube.com/ https://apis.google.com/ https://static.ads-twitter.com https://connect.facebook.net https://assets.adobedtm.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://j.6sc.co/ https://bat.bing.com/ https://snap.licdn.com/ https://www.googleadservices.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://scripts.demandbase.com/ https://api.company-target.com/ https://cdn.tt.omtrdc.net https://www.clarity.ms https://maplesoftinc.tt.omtrdc.net/ https://code.jquery.com https://dpm.demdex.net/ https://googleads.g.doubleclick.net/ https://tag.demandbase.com/ https://maple.cloud/ https://www.mapleprimes.com/ https://www.maplesoft.com/ https://use.fontawesome.com/ https://code.jquery.com/ https://reports.hrmdirect.com/ https://sibautomation.com/ https://cdn.brevo.com/ https://s3.amazonaws.com/; connect-src 'self' https://js.zi-scripts.com/ https://hemsync.clickagy.com https://aorta.clickagy.com https://eps.6sc.co/ https://v.eps.6sc.co/ https://ws.zoominfo.com/ https://maplesoftinc.tt.omtrdc.net/ https://px.ads.linkedin.com/ https://google-analytics.com *.google-analytics.com https://stats.g.doubleclick.net/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com https://googleads.g.doubleclick.net https://in-automate.brevo.com/ https://epsilon-globalaccelerator.6sense.com/ https://*.termly.io/ https://epsilon.6sense.com/ https://dpm.demdex.net/ https://google.com/ https://dpm.demdex.net/ https://api.company-target.com https://www.facebook.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://maplesoftcom.112.2o7.net/ https://analytics.google.com *.analytics.google.com https://bat.bing.com/ https://pagead2.googlesyndication.com/ https://api.maplesoft.com/ *.quantserve.com *.clarity.ms; img-src 'self' https://www.mapleprimes.com/ https://www.facebook.com/ https://analytics.twitter.com/ https://t.co/ https://us-tag.nrich.ai/ https://google-analytics.com https://analytics.google.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com/ https://bat.bing.com/ https://pixel.quantserve.com *.clarity.ms https://b.6sc.co data: https://www.google.com https://www.google.ca https://creative-assets.mailinblue.com/ https://img.mailinblue.com/ https://pixel-ssn.quantserve.com/ https://px4.ads.linkedin.com/ https://cm.everesttech.net/ https://maplesoftcom.112.2o7.net/ https://maplesoft.112.2o7.net/ https://id.rlcdn.com/ https://www.maplesoft.com/ https://segments.company-target.com/ *.bing.com https://www.gravatar.com/ https://dpm.demdex.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ https://www.linkedin.com/ https://image.e.maplesoft.com/ https://image.s4.exct.net/ https://syndication.twitter.com/ https://s-static.ak.facebook.com/ https://www.googletagmanager.com/ https://api.maplesoft.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://use.fontawesome.com/ https://code.jquery.com https://www.mapleprimes.com/ https://www.maplesoft.com/ https://code.jquery.com/ https://reports.hrmdirect.com/ https://d22hhoe037sl7u.cloudfront.net/; base-uri 'self'; object-src 'none'; font-src 'self' https://fonts.googleapis.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/; frame-src 'self' https://hemsync.clickagy.com https://www.googletagmanager.com/ https://www.youtube-nocookie.com https://bid.g.doubleclick.net/ https://www.youtube.com/ https://www.facebook.com/ https://youtube.com/ https://maplesoft.demdex.net/ https://maplesoft.hrmdirect.com/ https://cdn.knightlab.com/ https://api.linktexting.com/ https://talent.sage.hr/ https://js.stripe.com/ https://app.termly.io/ https://s.company-target.com/ https://segments.company-target.com/ https://platform.twitter.com/ https://apis.google.com/ https://accounts.google.com/ https://developers.google.com/ http://developers.google.com https://td.doubleclick.net/; media-src 'self' http://media.maplesoft.com.s3.amazonaws.com/ https://media.maplesoft.com https://media.maplesoft.com.s3.amazonaws.com/; 2 frame-ancestors *.peugeot.ba *.citroen.ba *.fiat-bih.ba fiat-bih.ba *.olx.com olx.ba 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com http://visit.smartjailmail.com https://visit.smartjailmail.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://challenges.cloudflare.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://www.gstatic.com https://sjm-photos.s3.amazonaws.com; 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://1444264.collect.igodigital.com https://bam.nr-data.net https://js-agent.newrelic.com https://static.addtoany.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://analytics.twitter.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://bam-cell.nr-data.net/ https://cdnjs.cloudflare.com https://unpkg.com https://pi.pardot.com/analytics https://fast.wistia.com https://wistia.com https://fast.wistia.net https://www.googleadservices.com https://wistia.com https://hackerone.com https://cdn.cookielaw.org https://js.zi-scripts.com https://img.en25.com https://code.jquery.com https://cdn.jsdelivr.net/npm/js-cookie@3.0.5; object-src 'none'; img-src 'self' https://nova.collect.igodigital.com https://www.googletagmanager.com https://t.co data: https: https://trck.www4.earlywarning.com https://trck.www4.zellepay.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com https://www.google.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com https://static.addtoany.com https://hackerone.com https://fast.wistia.com; frame-ancestors 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://privacyportal.onetrust.com https://bam-cell.nr-data.net https://pi.pardot.com/analytics https://cdn.cookielaw.org https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com https://bam.nr-data.net/ https://ws.zoominfo.com https://www.google.com; report-uri https://jhcspviolation.report-uri.com/r/d/csp/reportOnly 2 frame-ancestors 'self', upgrade-insecure-requests 2 frame-ancestors 'self' https://statshub.sportradar.com 2 frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be https://www.googletagmanager.com player.vimeo.com tradetracker.jobs.personio.com; 2 frame-ancestors 'self' https://cryptofingers.com https://coinspector.pl https://gamepost.io https://b2b-partner-space.emcd.io https://www.thedailypulse.net/ 2 frame-ancestors 'self' https://statistics.uni-saarland.de; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.quantserve.com https://*.quantcount.com https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.marketodesigner.com https://*.mktoweb.com https://*.experience.adobe.com https://*.adobe.net https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.org.coveo.com https://*.ytimg.com https://go.onsemi.com https://*.kc-usercontent.com https://app.kontent.ai blob: data: https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net https://insight.adsrvr.org https://js.adsrvr.org https://*.6sc.co https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://*.6sense.com https://*.inmoment.com https://googleapis.com https://gstatic.com https://*.qualtrics.com https://*.contentsquare.net https://*.hotjar.io https://cx.onsemi.com 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.licdn.com https://*.linkedin.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com https://letscast.fm; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2 default-src 'self' blob: *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com js.omg.neodatagroup.com trz.neodatagroup.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com cdn.cookielaw.org cdn.evgnet.com beacon.krxd.net *.evergage.com widget.trustpilot.com ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net fonts.googleapis.com fonts.gstatic.com maps.google.com maps.googleapis.com tag.upflowadv.com ethn.io utt.impactcdn.com finecobank.sjv.io data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it https://app.contentful.com; frame-src blob: finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it https://www.googletagmanager.com *.fls.doubleclick.net www.youtube.com *.mateti.net widget.trustpilot.com finecobank.sjv.io https://td.doubleclick.net; img-src 'self' data: blob: *.fineco.it https://finecobank.com https://*.finecobank.com https://www.googletagmanager.com https://jslog.krxd.net https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://secure.morningstareurope.com https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://beacon.krxd.net https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it https://*.fls.doubleclick.net https://cdn.evergage.com https://cdn.cookielaw.org https://*.analytics.google.com https://ad.360yield.com https://ad.sxp.smartclip.net https://ad.yieldlab.net https://cm.adform.net https://contextual.media.net https://criteo-sync.teads.tv https://eb2.3lift.com https://exchange.mediavine.com https://ib.adnxs.com https://id5-sync.com https://ih.adscale.de https://i.liadm.com https://match.sharethrough.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync.outbrain.com https://sync-t1.taboola.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://x.bidswitch.net https://criteo-partners.tremorhub.com https://s.thebrighttag.com https://dis.criteo.com https://dpm.demdex.net https://cotads.adscale.de https://dis.criteo.com https://i6.liadm.com https://idsync.rlcdn.com https://*.ytimg.com https://*.googlesyndication.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://ad.doubleclick.net https://*.awin1.com https://*.dwin1.com https://*.financeads.net https://leadkongltd.go2cloud.org https://tradedoubler.com https://tbl.tradedoubler.com https://trackads.eu https://upflowadv.com https://vf.r3f.technology https://adservice.google.com; connect-src wss://*.finecobank.com https://finecobank.it https://*.fineco.it https://*.finecobank.com https://finecobank.com https://privacyportal-de.onetrust.com https://www.google.it https://www.google.com https://googleads.g.doubleclick.net https://beacon.krxd.net https://jslog.krxd.net https://aax-eu.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://*.evergage.com https://bat.bing.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com https://*.analytics.google.com https://*.google-analytics.com https://*.googlesyndication.com https://geolocation.onetrust.com https://bam.nr-data.net https://maps.googleapis.com https://finecobank.sjv.io https://www.facebook.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com geolocation.onetrust.com responder.wt-safetag.com static.opentok.com www.google-analytics.com s2.adform.net trz.neodatagroup.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.evgnet.com consumer.krxd.net beacon.krxd.net ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net maps.google.com maps.googleapis.com tag.upflowadv.com utt.impactcdn.com amazon-adsystem.com *.amazon-adsystem.com 'unsafe-eval' 'unsafe-inline' https://cdn.evergage.com; base-uri none; form-action 'self' blob: *.finecobank.com *.namirialtsp.com; object-src blob: finecobank.com *.finecobank.com *.fineco.it *.promotorifinecobank.it *.fls.doubleclick.net www.youtube.com *.mateti.net widget.trustpilot.com finecobank.sjv.io; report-uri https://www.fineco.it/_csp-report 2 default-src 'self' gso.amocrm.com gso.kommo.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://assets.calendly.com https://platform.twitter.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://my.hellobar.com https://www.google-analytics.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net https://cdn.userflow.com https://js.userflow.com 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com https://assets.calendly.com https://cdn.jsdelivr.net q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com gso.amocrm.com gso.kommo.com connect.facebook.net https://cdn.userflow.com https://js.userflow.com; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.kommo.com chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl chrome-extension://eaeaddaoioikiaokcmjfeghddidmmfhc; worker-src blob:; object-src 'none'; font-src 'self' data: q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.kommo.com https://*.amocrm.com https://seal.godaddy.com https://px.ads.linkedin.com https://partnersus.s3.amazonaws.com https://partnersus-test.s3.eu-west-1.amazonaws.com https://amocrm.com https://kommo.com https://giphy.com https://*.giphy.com https://pbs.twimg.com https://i.ytimg.com https://www.statista.com https://syndication.twitter.com https://bat.bing.com https://s3-eu-west-1.amazonaws.com q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://i.postimg.cc https://widgets.amocrm.com https://widgets.kommo.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/; media-src 'self' q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/; frame-src 'self' www.facebook.com socialplugin.facebook.net www.googletagmanager.com forms.amocrm.com forms.kommo.com calendly.com platform.twitter.com d562488024744908ac9e9fa9d3112067.pages.ubembed.com giphy.com td.doubleclick.net https://app.supademo.com/ piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com button.kommo.com button.amocrm.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.kommo.com https://cdn.linkedin.oribi.io https://connect.ok.ru https://appbroker.amocrm-dev.com https://appbroker.amostage.com https://appbroker.amocrm.com https://pagead2.googlesyndication.com gso.amocrm.com gso.kommo.com lc-en.amocrm.com lc-en.kommo.com https://pro.ip-api.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md https://cdn.userflow.com https://e.userflow.com https://js.userflow.com wss://e.userflow.com https://sales-demo-calendly.amostage.com https://sales-demo-calendly.kommo.com; base-uri 'self'; 2 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none' 2 frame-ancestors 'self' https://areaxt.com https://staging.areaxt.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co https://client-registry.mutinycdn.com/ https://js.zi-scripts.com https://bat.bing.com https://www.clarity.ms https://js.adsrvr.org *.niceincontact.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data: *.niceincontact.com; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.niceincontact.com; img-src * data: blob:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/ https://insight.adsrvr.org/ *.niceincontact.com *.arcade.software; media-src 'self' *.googleapis.com webtest2.geotab.com webtest3.geotab.com *.niceincontact.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://csr.onet.pl https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://ec.monplat-cdn.com https://facebook.com https://fonts.gstatic.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://utiqcontent.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://utiq.mno.link https://mobile-token.telekom.de https://tmi.vodafone.de https://o2de.mno.link data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://balancechecks.tx-gate.com https://cloud.news.lidl.pl https://criteo.com https://csr.onet.pl https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://utiq.mno.link; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.smartclip.net https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://cloud.news.lidl.pl https://content.odj.cloud https://contextual.media.net https://criteo-sync.teads.tv https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://i.liadm.com https://im9.cz https://imedia.cz https://lh3.googleusercontent.com https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://lidl.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://match.sharethrough.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://utiqcontent.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://adservice.google.de https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://ec.monplat-cdn.com https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://frontend.prod.utiq-aws.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 2 default-src 'self' https:; img-src * data:; media-src 'self' https: blob: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mega.cl *.megatiempo.cl *.meganoticias.cl *.mdstrm.com *.tomorrow.io *.etc.cl servicios-mega.cdn.mdstrm.com data:; style-src 'self' 'unsafe-inline' https: blob: data:; connect-src 'self' https:; form-action 'self'; base-uri 'self'; worker-src 'self' blob: *.megamedia.cl *.etc.cl *.megatiempo.cl *.meganoticias.cl *.mega.cl; frame-src 'self' https:; child-src 'self' blob: *.megamedia.cl *.firebaseapp.com *.mdstrm.com; frame-ancestors *.meganoticias.cl *.mega.cl *.etc.cl *.megamedia.cl *.megatiempo.cl *.google.com elfestival.tv; 2 upgrade-insecure-requests; frame-ancestors *.stern.de *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.capital.de *.geo.de *.urbia.de *.vorname.com; frame-src *; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: data:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2 default-src 'self' *.mypurecloud.ie *.cloudflare.com *.cookiebot.com *.doubleclick.net *.hotjar.com *.hotjar.io *.licdn.com *.googletagmanager.com *.google.com *.google.lt *.google.ie *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.youtube.com *.jsdelivr.net *.tellq.io *.typekit.net *.wufoo.com 'unsafe-inline' 'unsafe-eval' data: ws:; object-src 'none'; report-uri https://cspaudit.balt.net/_/csp-report; 2 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.cloudinary.com *.bricodepot.es digitalfeedback.euro.confirmit.com survey.euro.confirmit.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.doubleclick.net cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.bricodepot.es *.creativecdn.com *.google.com *.googletagmanager.com *.stripe.com *.paypal.com *.paypalobjects.com *.sequracdn.com *.cookiebot.com *.cookiebot.eu *.yotpo.com *.vimeo.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.criteo.com black-field-07f86db03.3.azurestaticapps.net e.issuu.com digitalfeedback.euro.confirmit.com survey.euro.confirmit.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com consentcdn.cookiebot.com consentcdn.cookiebot.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.wepowerconnections.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cloudinary.com *.cloudinary.com blob: *.bricodepot.es f.creativecdn.com *.google.es *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.sequracdn.com *.cookiebot.com *.cookiebot.eu *.yotpo.com yotpo-editor-production.s3.amazonaws.com *.criteo.com *.facebook.com *.facebook.net d1fd8aj8bhyfe9.cloudfront.net *.zemanta.com *.taboola.com *.bing.com sync-criteo.ads.yieldmo.com sync.1rx.io ib.adnxs.com visitor.omnitagjs.com matching.ivitrack.com criteo-sync.teads.tv criteo-partners.tremorhub.com *.contentsquare.net *.zdassets.com *.zendesk.com digitalfeedback.euro.confirmit.com survey.euro.confirmit.com https://redchamps.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com imgsct.cookiebot.com imgsct.cookiebot.eu https://firebasestorage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com *.gstatic.com *.awin1.com *.dwin1.com *.zenaps.com *.wepowerconnections.com https://the.sciencebehindecommerce.com lantern.roeyecdn.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com unpkg.com *.bricodepot.es tags.creativecdn.com cdn.jsdelivr.net *.google.es *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.stripe.com *.stripe.network *.stripecdn.com sequracdn.com *.sequracdn.com *.cookiebot.com *.cookiebot.eu *.yotpo.com *.ytimg.com *.facebook.com *.facebook.net *.webloyalty.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net *.salesforce.com *.criteo.com *.verbolia.com analytics.tiktok.com digitalfeedback.euro.confirmit.com survey.euro.confirmit.com *.zemanta.com *.taboola.com *.bing.com feedest.io *.contentsquare.net *.zdassets.com *.smooch.io sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com consent.cookiebot.com consent.cookiebot.eu *.avada.io https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cloudinary.com *.cloudinary.com *.googleapis.com unpkg.com *.bricodepot.es *.yotpo.com digitalfeedback.euro.confirmit.com survey.euro.confirmit.com *.stripe.network *.stripecdn.com *.amazon.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com https://assets.bricodepot.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.wepowerconnections.com https://the.sciencebehindecommerce.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cloudinary.com *.cloudinary.com *.bricodepot.es ams.creativecdn.com *.google.es google.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.stripe.com *.paypal.com *.paypalobjects.com *.sequracdn.com *.cookiebot.com *.cookiebot.eu *.algolia.io *.yotpo.com *.youtube.com *.facebook.com *.facebook.net *.salesforce.com *.awin1.com *.criteo.com *.verbolia.com analytics.tiktok.com digitalfeedback.euro.confirmit.com survey.euro.confirmit.com *.taboola.com *.bing.com api.feedest.io *.contentsquare.net *.zdassets.com *.zendesk.com wss://api.smooch.io *.smooch.io sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com consent.cookiebot.eu https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com *.contentsquare.net http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self'; 2 default-src recreativdesign.com fonts.gstatic.com www.google.com data: 'self' st11.rcvlink.com;img-src recreativdesign.com image/svg+xml data: www.google.com.ua www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.iubenda.com recreativ.com st11.rcvlink.com;style-src 'unsafe-inline' *.iubenda.com recreativdesign.com fonts.googleapis.com;script-src recreativdesign.com www.google.com www.googletagmanager.com www.google.com.ua www.googleadservices.com ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net cdnjs.cloudflare.com *.iubenda.com crypto.dev2.rcrtv.net payfor.dev 'unsafe-inline' 'unsafe-eval' 'self';connect-src *.iubenda.com pagead2.googlesyndication.com crypto.dev2.rcrtv.net payfor.dev google.com www.google.com recreativdesign.com 'self';frame-src *.iubenda.com www.google.com td.doubleclick.net www.gstatic.com crypto.dev2.rcrtv.net payfor.dev www.googletagmanager.com;base-uri 'self';object-src 'self';style-src-elem recreativdesign.com www.google.com www.googletagmanager.com ajax.googleapis.com www.gstatic.com googleads.g.doubleclick.net fonts.googleapis.com cdnjs.cloudflare.com *.iubenda.com 'unsafe-inline' 'unsafe-eval' 'self' 2 default-src 'self' 'unsafe-inline'; connect-src 'self' blob: *; font-src 'self' https://images.mutinycdn.com/ https://livestorm.imgix.net; frame-ancestors 'self' https://app.mutinyhq.com https://preview.mutinyhq.com; frame-src * data: *; img-src 'self' data: * blob: *; media-src 'self' blob: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; 2 default-src 'self'; frame-src http: data:; connect-src http: data:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2 base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.conetix.com.au https://info.conetix.com https://www.google-analytics.com https://ekr.zdassets.com https://i.clarity.ms https://conetix.zendesk.com https://ekr.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://m.addthis.com https://api-public.addthis.com https://*.clarity.ms https://conetix.sendsafely.com https://static-conetix.sendsafely.com https://conetix.sendsafely-au.com https://connect.facebook.net https://graph.facebook.com/ https://analytics.google.com wss://*.zendesk.com https://my.elementor.com *.searchatlas.com 2 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; connect-src 'self' wss://tsock.us1.twilio.com/v3/wsconnect https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data: 2 default-src 'self'; connect-src 'self' piwik.itzbund.de matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.unesco.de *.readspeaker.com datawrapper.dwcdn.net https://prev.neueshandeln.de https://streaming.sendewerk.berlin app.sli.do *.unitylivestream.com playout.3qsdn.com klimacampus.org start.video-stream-hosting.de *.bne.unesco.de; img-src 'self' data: piwik.itzbund.de matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 2 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; frame-src https://www.tu-dortmund.de https://redaktion.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de https://www.youtube-nocookie.com https://www.youtube.com 'self' https://webapps.itmc.tu-dortmund.de https://service.tu-dortmund.de; frame-ancestors https://www.tu-dortmund.de https://redaktion.tu-dortmund.de 'self' 2 default-src 'self' blob: https: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *;font-src 'self' blob: data: https: *;style-src 'self' 'unsafe-inline' https://secure.bngpaymentgateway.com/token/ https://cdn.walkme.com/ ;img-src 'self' https://walkme.datto.com/images/ https://walkme.psa.datto.com/Images/ https://walkme.psa.datto.com/prod/player/ https://walkme.psa.datto.com/prod/qaPrevious/player/ https://s3.walkmeusercontent.com https://*.walkme.com https://k1-west-us-storage-prod.azureedge.net/launcher/ https://k1-storage-csi.azureedge.net/ https://k1-storage-csi-qa.azureedge.net/ https://k1-storage-dev.azureedge.net/launcher/ data: https://www.datto.com/img/ 2 default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-ancestors https://*.msci.com https://*.msciapps.com; 2 "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.bluemail.me bluemail.me; style-src 'self' 'unsafe-inline' 'unsafe-hashes' fonts.googleapis.com *.bluemail.me bluemail.me; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.google-analytics.com *.bluemail.me bluemail.me https://logos-typeapp.s3.amazonaws.com; connect-src 'self' www.google-analytics.com reg3.bluemailapp.com logos-typeapp.s3.amazonaws.com *.bluemail.me bluemail.me; frame-src 'self' *.bluemail.me bluemail.me; manifest-src 'self'; object-src 'none'; form-action 'self'; base-uri 'self';" always; 2 object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 2 style-src 'self' *.googleapis.com se-forms.cz 'unsafe-inline'; default-src 'self' *.googleapis.com *.googletagmanager.com *.gstatic.com *.smartemailing.cz; connect-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz stats.g.doubleclick.net 'unsafe-inline'; script-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com images.ctfassets.net *.google.com *.google.cz data: 'unsafe-inline'; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://lidl-latuaopinioneconta.it https://lidl-fatturaelettronica.it https://*.lidl.it data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://lidl-latuaopinioneconta.it https://lidl-fatturaelettronica.it https://www.lidl-latuaopinioneconta.it https://*.lidl.it; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.it data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://leidenuniv.libwizard.com https://library-tutorials.leidenuniv.nl https://brightspace.universiteitleiden.nl 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 2 default-src 'self' 'strict-dynamic' https://*.sheypoor.com http://*.sheypoor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mailerlite.com https://*.hotjar.com https://*.gstatic.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://cdn.yektanet.com https://www.clarity.ms ; connect-src * ; media-src 'self' https://sheypoorvod.arvanvod.ir blob: ; object-src 'none' ; img-src blob: https://*.sheypoor.com http://*.sheypoor.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.co.uk https://*.gstatic.com https://www.google.com https://www.google.com.tr https://www.google-analytics.com https://*.clarity.ms https://sheypoorvod.arvanvod.ir https://c.bing.com https://cdn.tapture.ir data: ; style-src 'self' 'unsafe-inline' https://*.sheypoor.com http://*.sheypoor.com https://*.googleapis.com https://*.mailerlite.com ; font-src 'self' https://*.sheypoor.com http://*.sheypoor.com https://*.gstatic.com data: ; manifest-src 'self' https://*.sheypoor.com http://*.sheypoor.com ; frame-src https://player.arvancloud.ir https://ua.yektanet.com https://assets.mailerlite.com https://td.doubleclick.net https://www.aparat.com; worker-src blob: https://*.sheypoor.com http://*.sheypoor.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.mailerlite.com https://*.hotjar.com https://*.gstatic.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://cdn.yektanet.com https://www.clarity.ms https://matomo.mielse.com https://shypr.ir; 2 frame-ancestors 'self' qr-generator.test *.qr-generator.test egodit.org *.egodit.org qr-code-generator.com *.qr-code-generator.com qr-code-generator.de *.qr-code-generator.de qrcode-generator.de *.qrcode-generator.de egoditor.com *.egoditor.com 2 default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 2 default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2 frame-ancestors 'self' https://hub.bmc.com; 2 default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 2 default-src 'self' *.orange.be *.google.es *.abtasty.com *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com *.sprinklr.com brand-messenger.app.khoros.com *.khoros.com ssl://brandmessenger-ws.euw1.khoros.com:8883 proactive-chat-server-eu.prod.aws.lcloud.com messaging-auth-eu-west-1.prod.aws.lcloud.com *.ekoo.co *.supabase.co; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http//www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com https://widgets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; object-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com *.sprinklr.com *.ekoo.co *.supabase.co; style-src 'unsafe-inline' 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com *.sprinklr.com *.ekoo.co *.supabase.co; img-src * blob: https://optimize.google.com *.orange.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com *.fls.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com https://log.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; media-src 'self' data: *.mobistar.be *.orange.be *.netdna-ssl.com brand-messenger.app.khoros.com https://v.pinimg.com *.sprinklr.com *.ekoo.co *.supabase.co; frame-src 'self' https://optimize.google.com * emsecure.net *.orange.be https://assets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; font-src 'self' https://fonts.gstatic.com *.mobistar.be *.customersaas.com *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com *.typekit.net *.fontawesome.com *.sprinklr.com *.ekoo.co *.supabase.co *.contentsquare.net; connect-src 'self' *.googlesyndication.com *.gstatic.com w998baawd3-dsn.algolia.net uq5v1rcrhz-dsn.algolia.net *.algolianet.com insights.algolia.io *.cloudfront.net *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.sprinklr.com *.sprinklr.com wss://*.khoros.com wss://*.khorostech.com *.eshop.orange.be *.orange.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com *.abtasty.com *.contentsquare.net *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org px.ads.linkedin.com *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com browser-update.org *.googleapis.com *.tiqcdn.com *.teads.tv *.pinterest.com *.taboola.com *.clarity.ms *.gsitrix.com *.adensemble.com *.cookieless-data.com bbd-tag.de admaxium.com *.perfectaudiencertg.com *.netdna-ssl.com *.twitter.com *.bing.com *.pinimg.com *.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://img.netaffiliation.com https://files.qualifio.com *.khoros.com *.ekoo.co *.supabase.co *.outbrain.com *.paa-reporting-advertising.amazon *.bing.net loopwidget.com *.adsrvr.org; frame-ancestors 'self' https://mobile.kbc-group.com https://kbctouch.kbc.be https://cbctouch.cbc.be https://touch.kbcbrussels.be https://mobileyoungsterapp.kbc-group.com wss://*.sprinklr.com *.sprinklr.com; 2 "default-src 'self'" 2 object-src 'self'; base-uri 'self'; frame-ancestors 'self' x-sign.benq.com x-sign.benq.eu www.benq.com www.benq.eu zowie.benq.com zowie.benq.eu; 2 default-src 'self' blob:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.visualwebsiteoptimizer.com app.vwo.com https://cdn.ampproject.org https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://www.youtube.com/iframe_api https://*.intellectadz.com https://*.haptikapi.com https://app.vwo.com https://www.youtube.com https://*.criteo.com https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://dynamic.criteo.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://*.licdn.com https://cdn.pushcrew.com https://*.linkedin.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fapi.hellohaptik.com&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-c55dbd37a777099cad5037ca12054f9bbdabfcb8 https://i.l-dsp.inmobicdn.net https://*.google.com https://toolassets.haptikapi.com https://numrcommonstorage.blob.core.windows.net https://*.akamaihd.net https://*.go-mpulse.net https://*.billdesk.com https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://maps.googleapis.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://toolassets.haptikapi.com https://*.hellohaptik.com https://fcmregistrations.googleapis.com https://cdn.indixital.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://omnisetup.silaris.in https://*.googleoptimize.com/ https://unpkg.com https://*.intellectadz.com/ https://*.gotrackier.com https://*.paytm.in https://*.google.com https://optimize.google.com https://*.artfut.com https://*.paytm.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com https://a.mgid.com https://pixel.mathtag.com https://*.bing.com https://www.google-analytics.com https://*.amazon-adsystem.com https://TrackTrack.org https://*.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://unpkg.com https://*.billdesk.com https://*.billdesk.io https://*.netcoresmartech.com https://*.taboola.com https://www.tecprocesssolution.com https://www.paynimo.com https://schema.org https://maxneo.silaris.in https://*.hotjar.io https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://*.ads-twitter.com https://www.invincibleiq.com/ https://www.youtube.com/iframe_api; connect-src 'self' https://fonts.gstatic.com *.visualwebsiteoptimizer.com app.vwo.com wss: https://*.criteo.com https://www.google.com https://cdn.ampproject.org https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://firebaseinstallations.googleapis.com https://securepg.paynimo.com https://*.licdn.com app.vwo.com https://*.linkedin.com wss://*.hellohaptik.com/mqtt https://*.haptikapi.com https://*.youtube.com https://app.vwo.com https://*.o18.link https://ssp-csync.smartadserver https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://ampcid-google-com.o365.maxlifeinsurance.skyfencenet.com https://*.axismaxlife.com https://numrcommonstorage.blob.core.windows.net https://dev.visualwebsiteoptimizer.com https://dis.criteo.com https://pixel.rubiconproject.com https://u.openx.net https://agrim-prod-documents.s3.ap-south-1.amazonaws.com https://d19l9mjjyusa0p.cloudfront.net https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.hellohaptik.com wss://staging-emqx.hellohaptik.com wss://mqtt-emqx.haptik.me https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://api.haptikapi.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://fcmregistrations.googleapis.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.googleapis.com https://tinyurl.com/ https://bitly.com/ https://agrim-uat-documents.s3.ap-south-1.amazonaws.com https://payments-uat.maxlifeinsurance.com https://*.axismaxlife.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.paytm.in https://*.paytm.com https://api.bigdatacloud.net https://optimize.google.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com wss://*.hotjar.com https://*.go-mpulse.net https://*.facebook.com https://*.hotjar.io https://*.bing.com https://maxneoggn.silaris.in:* https://*.hotjar.com https://maxneo.silaris.in https://*.outbrain.com https://*.taboola.com https://ampcid.google.com https://ampcid.google.co.in https://www.google-analytics.com https://*.g.doubleclick.net https://www.paynimo.com https://*.netcoresmartech.com https://www.googletagmanager.com https://*.facebook.net https://*.billdesk.io https://*.billdesk.com https://analytics.google.com https://*.google.com https://www.google.co.in/ads https://api.interakt.ai https://tinyurl.com/ https://bitly.com/; img-src 'self' blob: *.visualwebsiteoptimizer.com app.vwo.com https://*.youtube.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://tpcs.payu.in https://rt.udmserve.net https://*.licdn.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.linkedin.com https://*.inmobiapis.com https://*.g2afse.com https://app.vwo.com https://useruploads.vwo.io https://i.l-dsp.inmobicdn.net wss://*.hellohaptik.com/mqtt https://*.mdsmedia.co.in https://*.haptikapi.com https://*.affise.com/ https://*.indoleads.com/ https://*.o18.click/ https://*.onatrack.in/ https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://maps.googleapis.com data: https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://haptikappimg.haptikapi.com https://haptikappimg-ap-southeast-1.s3.amazonaws.com/ https://haptikappimg.s3.amazonaws.com/ https://haptikimg.s3.amazonaws.com/ https://haptikimg.s3-ap-southeast-1.amazonaws.com/ https://haptikappimg-v1.haptikapi.com/ https://haptikappimg-v1.s3.ap-south-1.amazonaws.com/ https://haptik-stagingcf.haptikapi.com/ https://haptik-stagingcf.haptikapi.com/ https://expertdashboardcf.haptikapi.com/ https://expert-dashboard.s3-ap-southeast-1.amazonaws.com/ https://expert-dashboard.s3.amazonaws.com/ https://expertdashboardcf-v1.haptikapi.com/ https://expertdashboardcf-v1.s3.ap-south-1.amazonaws.com/ https://s2.googleusercontent.com/ https://*.gstatic.com *.indixital.com *.int.tl https://dis.criteo.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.creativecdn.com https://*.googletagmanager.com https://ad.doubleclick.net https://*.visualwebsiteoptimizer.com https://*.o18.link https://pixel.rubiconproject.com https://u.openx.net https://*.quora.com/ https://*.paytm.in https://*.intellectadz.com/ https://*.gotrackier.com https://*.o18.link/ https://*.airtel.in/ http://*.offerstrack.net https://*.googleadservices.com https://*.atdmt.com https://www.gstatic.com https://*.bing.com https://*.skyfencenet.com https://fonts.gstatic.com https://script.hotjar.com https://optimize.google.com https://www.e-connect.in https://*.trackneo.com https://*.mathtag.com https://*.mgid.com https://*.yahoo.com https://*.clmbtech.com https://*.omguk.com https://*.go2cloud.org https://*.amazon-adsystem.com https://TrackTrack.org https://*.polyvalent.co.in https://adgebra.co.in https://*.taboola.com https://*.outbrain.com https://*.g.doubleclick.net https://*.facebook.com https://www.google.com https://www.google.co.in https://d28krgir60o432.cloudfront.net https://www.google-analytics.com https://www.paynimo.com http://www.w3.org https://www.tpsl-india.in https://adcanopus.go2cloud.org https://1.policytriangle.com/ https://trk.opiclepxl.com https://omnisetup.silaris.in https://optimidea.go2cloud.org https://tracking.salesleaf.com https://ryt.clckon.in https://ttrk.ringocount.com https://click.performship.com https://*.adcanopus.com https://*.twitter.com https://track.adnextmedia.com/ https://affle.vnative.net/ https://tracking.primedigital.in/ https://affilsoft.gotrackier.com/ https://leadstores.in/ https://paytm43.gotrackier.com/ https://metrics.makemytrip.com/ https://*.admitad.com/ https://*.vcommission.com/ https://iqwebgroup.o18.click/ https://timesinternetlimited187.o18.click/ https://addensuremedia.o18.click/ https://staticgw1.paytm.in/ https://t.co/ data:; style-src 'self' 'unsafe-inline' https://*.haptikapi.com https://*.googletagmanager.com https://*.paytm.in https://*.paytm.com https://*.google.com https://*.googleapis.com https://*.googleapis.com https://*.skyfencenet.com https://*.billdesk.com https://*.billdesk.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.paynimo.com; base-uri 'self'; form-action 'self' * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.paytm.in https://*.paytm.com; media-src 'self' https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://*.licdn.com https://*.creativecdn.com https://*.paytm.in https://*.visualwebsiteoptimizer.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; font-src 'self' https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://*.licdn.com *.visualwebsiteoptimizer.com https://*.haptikapi.com https://*.paytm.in https://*.paytm.com https://www.paynimo.com https://fonts.gstatic.com https://script.hotjar.com data:; object-src 'none'; frame-src https://fnrk.in *.visualwebsiteoptimizer.com app.vwo.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://video-staging.medibuddy.in https://*.licdn.com https://*.criteo.com https://www.googletagmanager.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://tsdtocl.com https://surveys.numr.app https://www.maxlifeinsurance.com/ https://*.axismaxlife.com https://video.medibuddy.in https://*.linkedin.com https://*.adgebra.co.in/ https://*.mdsmedia.co.in/ https://bot.maxlifeinsurance.com https://*.axismaxlife.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://*.pruads.com/ https://*.iperformance.in/ https://*.clmbtrck.in/ https://s.docsapp.in/ https://*.gotrackier.com/ https://*.paytm.in https://*.doubleclick.net https://*.paytm.com https://*.google.com https://*.skyfencenet.com https://*.amazon-adsystem.com https://*.mathtag.com https://*.icubeswire.co https://www.youtube.com https://*.billdesk.com https://*.billdesk.io https://*.hotjar.com https://*.facebook.com https://omnisetup.silaris.in https://*.g.doubleclick.net; manifest-src 'self' https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fplayer.vwo.me&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-de759f417c680b3bee4392af3100bba87efac994 https://adgebra.co.in https://*.linkedin.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://*.licdn.com https://*.visualwebsiteoptimizer.com https://*.paytm.in https://*.netcoresmartech.com https://omnisetup.silaris.in 2 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.personio.com *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com *.optimizely.com *.eu-central-1.compute.amazonaws.com *.onfastspring.com *.impactcdn.com; connect-src https: 'self' wss://ws.hotjar.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; 2 base-uri 'self';child-src 'self' * data:;connect-src 'self' * data:;default-src 'self';font-src * data:;form-action *;frame-src * data:;frame-ancestors 'self';media-src * data:;img-src * data: blob:;object-src 'none';script-src 'self' * 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src 'self' * data: 'unsafe-inline';worker-src blob:; 2 frame-ancestors 'self' edge.fullstory.com rs.fullstory.com 2 frame-ancestors 'self' *.ebay.com *.ebay.ca *.ebay.co.uk *.ebay.ie *.ebay.com.au *.ebay.fr *.ebay.de *.ebay.at *.ebay.ch *.ebay.it *.ebay.nl *.ebay.es *.ebay.com.hk *.ebay.com.my *.ebay.ph *.ebay.pl *.ebay.com.sg *.ebay.be *.ebay.in e-bay.com *.tcgplayer.com; report-uri https://monitor.ebay.com/csp-report/epage/?id=local 2 default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' https: blob:; style-src 'self' 'unsafe-inline' https: data: 2 upgrade-insecure-requests; frame-ancestors 'self' https://app.ramp.com; report-uri https://ramp.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' https://tt.payloadcms.app; font-src https://discover.teamtailor.com https://www.teamtailor.com https://web.teamtailor.com https://fonts.intercomcdn.com *.netlify.app *.chromatic.com; 2 frame-ancestors 'self' https://ton.org; 2 default-src 'self'; child-src 'self' blob: https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com; connect-src 'self' https://geohub.lacity.org https://opendata.arcgis.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://calendar.lacity.org https://www.lacity.org/feeds/city-directory wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://c.go-mpulse.net https://*.akstat.io https://api.lacity.org https://*.akamaihd.net https://surveystats.hotjar.io https://bam.nr-data.net https://api.userway.org/api/ https://maps.googleapis.com https://l.sharethis.com https://www.lacity.gov/feeds/city-directory https://*.userway.org https://public.gis.lacounty.gov https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://d4p29bwn040fq.cloudfront.net/ https://*.clarity.ms https://hub.arcgis.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://use.fontawesome.com https://pro.fontawesome.com https://stackpath.bootstrapcdn.com https://*.hotjar.com https://cdn.userway.org/widgetapp/bundles/udf/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ data:; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com https://player.vimeo.com/ https://cdn.userway.org/ https://www.powr.io/ https://reflect-losangeles.cablecast.tv/ https://d1j41za54f12vq.cloudfront.net; img-src 'self' https: blob: data:; manifest-src 'none'; media-src 'self' https: blob:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ https://www.clarity.ms https://d1j41za54f12vq.cloudfront.net cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'report-sample' 'unsafe-inline'; script-src-elem 'self' 'report-sample' 'unsafe-inline' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ https://www.clarity.ms https://d1j41za54f12vq.cloudfront.net cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'report-sample' 'unsafe-inline' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'report-sample' 'unsafe-inline' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self' 2 default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com *.hsadspixel.net *.hs-analytics.net https://js.hscta.net *.hubspot.com https://static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com https://feedback.hubapi.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://sdk.privacy-center.org https://load.insights.juspay.io *.stape.io https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://sdk.privacy-center.org; form-action 'self' crm.zoho.com api.social.juspay.in; object-src 'none'; img-src 'self' data: crm.zoho.com https://dth95m2xtyv8v.cloudfront.net https://cdn.sanity.io https://track-eu1.hubspot.com https://js.hscta.net https://no-cache.hubspot.com *.hubspot.com *.hsforms.net *.hsforms.com https://sdk.privacy-center.org https://px.ads.linkedin.com; frame-src 'self' youtube.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.zohopublic.com/ https://sdk.privacy-center.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hsforms.com *.stape.io https://www.googletagmanager.com; frame-ancestors 'self'; connect-src 'self' api.social.juspay.in https://www.google-analytics.com https://www.googletagmanager.com https://forms-eu1.hscollectedforms.net *.hubapi.com https://js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.sentry.io *.ingest.de.sentry.io https://sdk.privacy-center.org https://api.privacy-center.org https://load.insights.juspay.io *.stape.io; child-src 'self' *.hsforms.com 2 default-src blob: https: data: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2 child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com *.qualified.com; default-src 'self' 'unsafe-inline' vitals.vercel-insights.com *.vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *.qualified.com player.vimeo.com vars.hotjar.com www.facebook.com t.sharethis.com *.qualified.com *.company-target.com https://challenges.cloudflare.com https://wizlympics-website.vercel.app https://asteroids-website.vercel.app *.navattic.com *.wiz.io forms.office.com docs.google.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io https://a26988130118.cdn.optimizely.com https://a26988130118.cdn-pci.optimizely.com hemsync.clickagy.com; worker-src 'self' blob:; connect-src 'self' vitals.vercel-insights.com *.qualified.com wss://*.qualified.com www.google-analytics.com analytics.google.com/g/collect *.vimeo.com vimeo.com *.ingest.sentry.io www.datocms-assets.com www.youtube.com legal.wiz.io *.algolia.net *.algolianet.com *.algolia.io *.company-target.com *.demandbase.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net ws://localhost:3000 https://logx.optimizely.com https://*.optimizely.com js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com tags.srv.stackadapt.com *.googleapis.com ctf.wiz-research.com staging-ctf.wiz-research.com api.cr-relay.com analytics.tiktok.com *.tiktokw.us; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hotjar.com data:; img-src 'self' 'unsafe-eval' data: https: http: *.hotjar.com tags.srv.stackadapt.com https://ct.capterra.com; media-src 'self' https: mediastream: *.qualified.com; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.vercel-scripts.com vitals.vercel-insights.com tagmanager.google.com apis.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com js.qualified.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.hotjar.com *.demandbase.com *.quora.com https://challenges.cloudflare.com tags.srv.stackadapt.com *.navattic.com bwa.marketplace.awsstatic.com cdn.cr-relay.com analytics.tiktok.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com ws-assets.zoominfo.com js.zi-scripts.com tags.clickagy.com schedule.zoominfo.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.vimeocdn.com *.qualified.com *.hotjar.com tags.srv.stackadapt.com; form-action 'self' www.facebook.com; frame-ancestors 'self' https://partners.wiz.io https://www.wiz.io; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crowdin.com *.taximaxim.com *.taximaxim.ge *.taximaxim.bg *.taximaxim.by *.taximaxim.ir *.taxsee.ru *.taxsee.com *.youtube.com *.taximaxim.ru www.google.com www.googletagmanager.com www.google-analytics.com vk.com *.vk.com yastatic.net *.yandex.md *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com top-fwz1.mail.ru https://privacy-cs.mail.ru *.facebook.net *.facebook.com analytics.tiktok.com cdn.yektanet.com s.zzcdn.me sgtm.taximaxim.ru sgtm.taximaxim.com; style-src 'self' 'unsafe-inline' cdn.crowdin.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.google.com www.google.ru analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com mc.yandex.ru cdn.crowdin.com trustseal.enamad.ir logo.samandehi.ir *.google.com log.adtimaserver.vn; connect-src 'self' mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com *.yektanet.com *.google.com log.adtimaserver.vn sgtm.taximaxim.ru sgtm.taximaxim.com; font-src 'self' data: *.gstatic.com *.taxsee.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' www.google.com *.g.doubleclick.net *.taxsee.com *.taximaxim.com *.taximaxim.ge *.taximaxim.bg *.taximaxim.by *.taximaxim.ir *.taximaxim.ru *.yandex.ru yandex.ru *.youtube.com https://www.googletagmanager.com; child-src 'self'; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' blob:; base-uri 'self' *.plasmic.app; connect-src 'self' 'unsafe-inline' blob: *.googleapis.com *.googleadservices.com *.algolia.io *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.braintree-api.com *.braintreegateway.com *.envato-staging.com *.envato.com *.envato.market *.envato.test *.facebook.com *.g.doubleclick.net *.doubleclick.net *.google-analytics.com *.analytics.google.com *.google.com *.hotjar.com *.hotjar.io *.ip-api.com *.maxmind.com *.nr-data.net *.olark.com *.pinterest.com *.placeit.net *.recurly.com *.segment.io *.thenounproject.com *.uservoice.com code.jquery.com httpbin.org smart-templates.us nice.staging.placeit.net *.instagram.com *.pinpiaa.com wss://*.hotjar.com *.tiktok.com *.amplitude.com *.kaptcha.com wss://*.pusher.com *.paypal.com *.cookiebot.com *.googlesyndication.com *.googletagmanager.com *.placeitcode.net *.browser-intake-datadoghq.com browser-intake-datadoghq.com placeit.net *.plasmic.app sentry.io *.posthog.com *.plasmic.app; font-src 'self' data: *.amazonaws.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com *.olark.com *.placeit.net *.quadpay.com *.zscalerone.net github.com use.typekit.net *.hotjar.com *.placeitcode.net placeit.net *.plasmic.app; frame-src 'self' *.braintreegateway.com *.doubleclick.net *.envato.market *.facebook.com *.freshdesk.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaptcha.com *.olark.com *.paypal.com *.recurly.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net *.pinterest.com gateway.zscalerone.net localhost:* *.googleapis.com *.instagram.com *.google.com *.placeit.net *.accounts.google.com *.cookiebot.com *.placeitcode.net placeit.net *.stripe.com *.plasmic.app ; media-src 'self' data: blob: *.olark.com *.placeit.net *.zscalerone.net ssl.gstatic.com *.amazonaws.com *.cloudfront.net *.placeitcode.net placeit.net *.mozilla.net *.plasmic.app; img-src 'self' blob: data: https: http: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: js.recurly.com js.braintreegateway.com *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.impactradius-event.com *.jsdelivr.net *.linkedin.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.pinimg.com *.placeit.net *.segment.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net unpkg.com *.upscope.io *.clarity.ms *.tiktok.com *.amplitude.com *.kaptcha.com *.cookiebot.com *.jsdelivr.net placeit.net *.placeitcode.net *.plasmic.app *.stripe.com *.plasmic.app; style-src 'self' 'unsafe-inline' *.olark.com *.googleapis.com *.olark.com *.amazonaws.com *.bootstrapcdn.com *.cloudflare.com *.placeit.net *.zscalerone.net fast.fonts.net *.typekit.net *.cloudfront.net *.google.com *.jsdelivr.net *.placeitcode.net placeit.net *.plasmic.app *.plasmic.app; form-action 'self' javascript: localhost:* *.twitter.com *.pinterest.com *.facebook.com *.envato-staging.com *.envato.com *.placeit.net *.placeitcode.net placeit.net *.plasmic.app; 2 default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self' mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 2 default-src 'none';script-src 'self' 'unsafe-inline' https://apps.usw2.pure.cloud/messenger/messenger.min.js https://api-cdn.usw2.pure.cloud/ https://api64.ipify.org/ https://apps.usw2.pure.cloud/ https://static.registration.bluehost.com/ https://js.stripe.com https://ct.pinterest.com https://api.livechatinc.com https://formstack.com https://pi.pardot.com https://info.anchor.com.au https://widget.trustpilot.com https://www.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://static.ads-twitter.com https://s.pinimg.com https://s.yimg.com https://static.getclicky.com https://sys.greechat.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://cdn.livechatinc.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://secure.livechatinc.com https://d.adroll.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://hostopia.bamboohr.com https://f.vimeocdn.com https://in.getclicky.com; img-src 'self' https://sp.analytics.yahoo.com https://analytics.twitter.com https://www.google.co.in https://pixel.prfct.co https://image2.pubmatic.com https://cm.g.doubleclick.net https://x.adroll.com https://mlvgk8mdrlmi.i.optimole.com https://secure.gravatar.com https://t.co https://www.google-analytics.com https://ct.pinterest.com https://www.facebook.com https://syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.au https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://eb2.3lift.com https://x.bidswitch.net https://sync.taboola.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://match.adsrvr.org https://rc.rlcdn.com https://csyn-r.cxense.com https://seg.sharethis.com https://resources.bamboohr.com https://crucialau.activehosted.com data: 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.formstack.com https://hostopia.bamboohr.com;font-src 'self' https://static.formstack.com https://themes.googleusercontent.com data: 'unsafe-inline'; frame-src 'self' https://apps.usw2.pure.cloud/ https://js.stripe.com https://ct.pinterest.com https://x.adroll.com https://td.doubleclick.net https://widget.trustpilot.com https://platform.twitter.com https://www.facebook.com https://secure.livechatinc.com https://player.vimeo.com https://www.youtube.com; connect-src 'self' https://api.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud/ https://api64.ipify.org/ https://api-cdn.usw2.pure.cloud/ https://d.adroll.com https://analytics.google.com https://digitalpacificgroup.formstack.com https://www.google-analytics.com https://s.yimg.com https://ct.pinterest.com https://hostopia.bamboohr.com; media-src https://cdn.livechatinc.com; 2 frame-ancestors *.jjwxc.net *.jjwxc.com 2 frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 2 frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 2 base-uri 'self'; default-src 'self' *.google-analytics.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: translate.googleapis.com translate.google.com cse.google.com s3.amazonaws.com cdn.jsdelivr.net alt.khronos.org www.ssa.gov github.khronos.org khronos.disqus.com cdn.mathjax.org www.opengl.org *.gstatic.com unpkg.com www.recaptcha.net *.disquscdn.com *.disqus.com *.google.com www.google-analytics.com *.cloudflare.com acsbapp.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.n *.googletagmanager.com googleadmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com translate.googleapis.com translate.google.com s3.amazonaws.com cdn.jsdelivr.net alt.khronos.org github.khronos.org www.ssa.gov cdn.mathjax.org *.gstatic.com www.recaptcha.net *.disquscdn.com *.disqus.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.net img.shields.io unpkg.com cdnjs.cloudflare.com www.youtube.com; style-src 'self' 'unsafe-inline' www.gstatic.com *.googleapis.com cdn-images.mailchimp.com www.ssa.gov use.fontawesome.com fonts.googleapis.com *.bootstrapcdn.com platform.twitter.com *.google.com *.cloudflare.com *.disquscdn.com; frame-ancestors 'self' *.translate.google.com; frame-src 'self' github.khronos.org registry.khronos.org td.doubleclick.net cx20.github.io cdn.knightlab.com www.youtube-nocookie.com tamrat-b.github.io sketchfab.com disqus.com www.recaptcha.net www.youtube.com www.googletagmanager.com *.google.com; media-src 'self' blob: data:; img-src 'self' data: blob: avatars.githubusercontent.com ping.eeharbor.com www.ssa.gov *.ytimg.com wikimedia.org *.disquscdn.com *.disqus.com *.gstatic.com *.googleapis.com github.com cdn.khronos.org img.shields.io *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src 'self' www.youtube.com; object-src data: sandbox.babylonjs.com cx20.github.io tamrat-b.github.io; connect-src blob: 'self' updates.expressionengine.com cdn.khronos.org *.googleapis.com api.github.com alt.khronos.org *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com; form-action 'self' www.paypal.com cdn.khronos.org ;font-src 'self' data: maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.gstatic.com use.fontawesome.com; worker-src 'self' blob:; report-uri /assets/utilities/csp.php 2 default-src 'self' *.materialdesignicons.com *.azurefd.net *.jsdelivr.net *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.opticsinfobase.org *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.3playmedia.com s3.amazonaws.com https://challenges.cloudflare.com/turnstile/ https://unpkg.com *.jsdelivr.net *.cvent.com cdn.mxpnl.com *.mixpanel.com *.zoom.us code.jquery.com *.doubleclick.net *.ampproject.org *.googleapis.com *.googlesyndication.com *.google-analytics.com www.googleadservices.com *.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.simpli.fi *.licdn.com *.knightlab.com https://kit.fontawesome.com *.stackadapt.com consent.studio *.adtrafficquality.google blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data: *; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org wss://*.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com https://*.zoom.us wss://*.zoom.us https://*.linkedin.com https://*.fontawesome.com *.algolia.net *.algolianet.com insights.algolia.io *.stackadapt.com *.optica.org *.adtrafficquality.google consent.studio blob:; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net *.brightcovecdn.com *.cf.brightcove.com blob:; object-src 'self' *.azurefd.net cdn.opticsinfobase.org cdn.materialdesignicons.com *.cloudfront.net *.googlesyndication.com *.blob.core.windows.net https://*.zoom.us; frame-src 'self' *.azurefd.net *.brightcove.net *.cloudfront.net *.blob.core.windows.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://challenges.cloudflare.com/ https://*.doubleclick.net www.googletagmanager.com *.adtrafficquality.google; frame-ancestors 'self' *.osa.org *.optica.org *.frontiersinoptics.com 2 frame-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://business-plus-demo.vercel.app/ https://business-demo-bay.vercel.app/ https://all-demos-sigma.vercel.app/ https://player.vimeo.com/ https://challenges.cloudflare.com/ https://api.intellimize.co/ *.intellimizeio.com/ https://pixel.mathtag.com/ https://www.youtube.com https://play.vidyard.com *.google.com *.facebook.com https://js.driftt.com/ https://www.googleadservices.com/ https://www.youtube-nocookie.com/ https://s7.addthis.com/ https://drift-lp-49916850.drift.click/ https://bid.g.doubleclick.net/ https://w.soundcloud.com/ https://vars.hotjar.com/ https://vars.hotjar.io/ https://static.hotjar.com https://static.hotjar.io https://app.smartsheet.com/ https://bugcrowd.com/ https://8495553.fls.doubleclick.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://td.doubleclick.net/ https://www.podbean.com/ https://www.googletagmanager.com/ https://*.qualified.com https://www.brighttalk.com/; style-src unsafe-inline *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://platform.twitter.com/ https://sailpoint2016.wpengine.com *.twimg.com/ https://code.jquery.com https://c.bing.com https://play.vidyard.com https://fonts.googleapis.com https://res.cloudinary.com https://*.qualified.com 'unsafe-inline'; script-src blob: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com *.cloudflare.com/ https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.zi-scripts.com/ https://cdn.intellimize.co/ https://tags.clickagy.com/data.js *.zoominfo.com https://cdn.ampproject.org/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://ib.adnxs.com/ https://tr.outbrain.com/ https://cdn.smartnews-ads.com/ https://pixel.mathtag.com/ https://pixel.advertising.com/ https://amplify.outbrain.com/ https://cnt.ads.8card.net/ https://cdn.syndication.twimg.com/ https://googleads.g.doubleclick.net https://platform.twitter.com https://api.swiftype.com https://code.jquery.com https://code.createjs.com https://www.amcharts.com https://cdn.amcharts.com/ https://connect.facebook.net/ https://j.6sc.co/ https://trk.techtarget.com/ https://googleadservices.com https://www.googleadservices.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://script.hotjar.com https://script.hotjar.io https://play.vidyard.com https://static.hotjar.com/ https://static.hotjar.io https://lltrck.com/scripts/ https://js.driftt.com/ https://snap.licdn.com/ https://ws.zoominfo.com/ https://bat.bing.com/ https://cdn.cookielaw.org/ http://munchkin.marketo.net/ https://munchkin.marketo.net/ https://d.adroll.com/ https://static.cloudflareinsights.com/beacon.min.js/ *.clarity.ms/ https://instant.page/3.0.0 https://cdn.jsdelivr.net/ https://www.googletagmanager.com/gtm.js https://client.prod.mplat-ppcprotect.com/ https://www.redditstatic.com https://res.cloudinary.com https://ob.forroundprince.com https://obs.forroundprince.com https://*.qualified.com https://www.brighttalk.com/ https://home.integrate.com 'unsafe-inline' 'unsafe-eval'; img-src data: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.twimg.com/ https://sailpoint2016.wpengine.com *.gartner.com https://cnv.event.prod.bidr.io/ https://www.google-analytics.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.cookielaw.org/ https://conversionadvocates.com/ https://www.linkedin.com/ https://t.6sc.co/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://image2.pubmatic.com/ https://beacon.krxd.net/ https://idsync.rlcdn.com/ https://www.googletagmanager.com/ https://pixel.mathtag.com/ https://dsum-sec.casalemedia.com/ https://i.smartnews-ads.com/ https://tr.outbrain.com/ https://sync.taboola.com https://sync.outbrain.com/ https://ads.yahoo.com *.twitter.com https://apt.techtarget.com/ https://dpm.demdex.net/ *.google.com/ https://googleads.g.doubleclick.net https://us-u.openx.net/ https://stags.bluekai.com/ https://www.facebook.com https://io.narrative.io/ https://p.adsymptotic.com/ https://pixel.rubiconproject.com/ https://secure.gravatar.com https://c.bing.com/ *.clarity.ms/ https://lltrck.com/ https://b.6sc.co/ https://bat.bing.com/ https://d.adroll.com https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://play.vidyard.com https://cdn.sanity.io/ https://ad.ipredictive.com/ https://res.cloudinary.com https://alb.reddit.com https://obs.forroundprince.com https://*.qualified.com https://custom.cvent.com 'self'; font-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sailpoint2016.wpengine.com https://fonts.gstatic.com https://cdn.cookielaw.org; frame-ancestors https://sailpoint2016.wpengine.com 'self'; 2 base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob: https://*.siemens-healthineers.com; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://static.siemens-healthineers.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://img.en25.com/i/elqCfg.min.js https://cdns.gigya.com; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 2 frame-ancestors 'self' *.virginmoney.com; 2 frame-ancestors 'self' https://*.charlotte.edu https://*.uncc.edu https://uncc.instructure.com; frame-src 'self' blob: comgooglemaps: gsa: https://9572357.fls.doubleclick.net https://accounts.google.com https://adservices.brandcdn.com https://airtable.com https://anchor.fm https://api.recollect.net https://apis.google.com https://app.smartsheet.com https://*.arcgis.com https://bid.g.doubleclick.net https://bot.ivy.ai https://calculator.charlotte.edu https://calendar.google.com https://calendly.com https://canva.com https://cdnapisec.kaltura.com https://cdn.exchmapdata.com https://cdn.knightlab.com https://cdn.youvisit.com https://*.charlotte.edu https://chart-studio.plotly.com https://c.sharethis.mgr.consensu.org https://d1eoo1tco6rr5e.cloudfront.net https://datastudio.google.com https://datawrapper.dwcdn.net https://docs.google.com https://drive.google.com https://edabroad.h5p.com https://e.infogram.com https://e.issuu.com https://embed.financialaidtv.com https://embed.ocelotbot.com https://embed.podcasts.apple.com https://embed.styledcalendar.com https://flo.uri.sh https://*.flowpaper.com https://flowpaper.com https://forms.hsforms.com https://*.github.io https://*.hotjar.com https://*.hotjar.io https://insight.adsrvr.org https://libraryh3lp.com https://livestream.com https://loader.webspellchecker.net https://lookerstudio.google.com https://maphub.net https://maps.google.com https://match.adsrvr.org https://mcmap.org https://m.facebook.com https://my.matterport.com https://*.netlify.app https://platform.twitter.com https://player.vimeo.com https://public.tableau.com https://pub.s10.exacttarget.com https://*.rlets.com https://*.shinyapps.io https://*.skedda.com https://*.spotify.com https://syndication.twitter.com https://t.sharethis.com https://*.uncc.edu https://uncc.financialaidtv.com https://uncc--full123.sandbox.my.site.com https://uncc-mps-training.s3.amazonaws.com https://uncc.my.salesforce-scrt.com https://uncc.my.site.com https://view-awesome-table.com https://vimeo.com https://vocalvideo.com https://web.facebook.com https://whova.com https://w.soundcloud.com https://ws.sharethis.com https://www.buzzsprout.com https://www.canva.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.theweather.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://youtube.com 2 frame-ancestors 'self' engage.navan.com app.contentful.com app.navan.com 2 frame-ancestors 'self'; upgrade-insecure-requests ; report-uri https://sentry.arkadiumhosted.com/api/2/security/?sentry_key=bcb574bf0e0200c8449ec5e88917387d 2 default-src 'self' *.crazyegg.com *.northropgrumman.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com www.clarity.ms connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.redditstatic.com tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io www.googletagmanager.com www.youtube.com x.com platform.twitter.com t.co tagmanager.google.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com www.google.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com www.redditstatic.com cse.google.com www.googleadservices.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com ngc.avature.net www.googletagmanager.com code.jquery.com www.youtube.com x.com platform.twitter.com t.co; connect-src 'self' *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com stats.g.doubleclick.net www.google-analytics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.google.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com www.googleapis.com rum.browser-intake-datadoghq.com api.company-target.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com ngc.avature.net vitals.vercel-insights.com x.com platform.twitter.com t.co api-engage-us.sitecorecloud.io discover.sitecorecloud.io/; base-uri 'self'; form-action 'self' login.microsoftonline.us; font-src 'self' 'unsafe-inline' *.vercel.app *.crazyegg.com ngc.avature.net use.typekit.net fonts.gstatic.com *.northropgrumman.com *.agencyq.site cdn.northrupgrumman.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net www.google.com use.typekit.net p.typekit.net fonts.googleapis.com; frame-src 'self' *.vercel.app *.doubleclick.net *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com portalstospace.com login.goservicepro.com jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net jsv3.recruitics.com www.portalstospace.com www.youtube.com x.com platform.twitter.com t.co w.soundcloud.com data: blob: www.googletagmanager.com; img-src 'self' data: * northropgrumman-sb1.dam.aprimo.com s1.sb.previews.aprimo.com s.gravatar.com *.crazyegg.com *.wp.com/cdn.auth0.com/avatars *.northropgrumman.com cdn.northropgrumman.com; media-src 'self' *.vercel.app *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net x.com platform.twitter.com t.co img.youtube.com data: cdn.northropgrumman.com; worker-src blob: *.crazyegg.com; 2 default-src 'self' *.icons8.com *.hotjar.com data: *.doubleclick.net *.wistia.net *.euronext.com *.youtube.com *.google.com *.onetrust.com *.cookielaw.org *.google.fr; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.googletagmanager.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com *.hotjar.com *.hotjar.io ws.hotjar.com ws: *.onetrust.com *.wistia.net *.wistia.com *.doubleclick.net www.googleadservices.com *.googleapis.com *.g.doubleclick.net *.google.com *.google.fr *.freshdesk.com *.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.euronext.com maxcdn.icons8.com *.doubleclick.net *.google.com fonts.gstatic.com embed.tawk.to data: *.hotjar.com *.wistia.net; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net *.companywebcast.com *.googletagmanager.com; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com *.wistia.net *.wistia.com *.google-analytics.com www.googleadservices.com *.google.com *.google.fr *.linkedin.com *.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob: *.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.wistia.com *.youtube.com *.wistia.net *.licdn.com api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com *.wistia.com *.euronext.com *.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com; report-uri https://www.euronext.com/en/report-uri/enforce 2 frame-ancestors 'self' https://www.xxxtube1.com https://www.xxx2tube1.com https://www.xxxtube1india.pro 2 default-src 'self' *.google.com *.lusha.com https://www.g2.com https://gist.github.com localhost https://*.clarity.ms https://c.bing.com 'unsafe-inline'; img-src 'self' data: https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://js.chilipiper.com/images/ https://www.g2.com https://www.google.co.uk https://*.googlesyndication.com https://*.ads.linkedin.com https://analytics.twitter.com https://*.intercomcdn.com https://ci5.googleusercontent.com https://cdn.cookielaw.org https://sync-t1.taboola.com https://googleads.g.doubleclick.net/ https://*.privacysandbox.googleadservices.com https://ct.capterra.com/ https://cdn.cookielaw.org/logos https://trc.taboola.com https://cds.taboola.com https://google.com/pagead/ https://i.ytimg.com https://alb.reddit.com/ https://www.google.com/pagead/ https://mk0lplushacrhatidvnw.kinstacdn.com/ https://www.google.com/ads/ga-audiences https://t.co/i/ https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://cx.atdmt.com https://q.quora.com connect.facebook.net www.googletagmanager.com https://s.w.org/images/core/emoji/13.0.0/svg/ https://www.w3.org https://www-services.lusha.com www.linkedin.com embedwistia-a.akamaihd.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io *.intercom-attachments.com forms.hubspot.com p.adsymptotic.com www.yesware.com www.outreach.io *.lusha.com ek1m512i34ve2rek3k8v02in-wpengine.netdna-ssl.com salesloft.com www.google.com www.google-analytics.com www.google.co.il *.gstatic.com bat.bing.com www.facebook.com track.hubspot.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://11988414.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://stats.sa-as.com https://privacy-policy.truste.com https://flagcdn.com https://secure.gravatar.com https://track-eu1.hubspot.com https://perf-eu1.hsforms.com https://downloads.intercomcdn.eu https://static.intercomassets.eu https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net/images https://adservice.google.com https://lusha.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.intercomcdn.com data: localhost https://www.trustradius.com/trustquotes/trustquotes.js https://pagead2.googlesyndication.com/ https://js.hsleadflows.net https://www.g2.com https://www.google.com/pagead https://cdn.nmgassets.com https://www.googleadservices.com https://trc.taboola.com https://ssl.google-analytics.com/ga.js https://cdn.taboola.com https://analytics.tiktok.com https://cdn.cookielaw.org https://tpc.googlesyndication.com https://www.redditstatic.com/ads/pixel.js https://mk0lplushacrhatidvnw.kinstacdn.com/ https://tags.crwdcntrl.net https://analytics.twitter.com/ https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@webcomponents/webcomponentsjs@2.4.1/bundles/webcomponents-sd.js https://ssl.kaptcha.com/collect/sdk https://cdn.jsdelivr.net/npm/@webcomponents/webcomponentsjs@2.4.1/bundles/webcomponents-ce.js https://cdnjs.cloudflare.com/ajax/libs/webcomponentsjs/2.4.1/custom-elements-es5-adapter.js https://static.ads-twitter.com/uwt.js https://unpkg.com/react@16/umd/react.production.min.js https://unpkg.com/ https://unpkg.com/react-dom@16/umd/react-dom.production.min.js https://www.clarity.ms js.hs-banner.com js.hsadspixel.net *.lusha.com js.intercomcdn.com https://app.intercom.io widget.intercom.io snap.licdn.com www.comeet.co www.comeet.com forms.hsforms.com js.hsforms.net s.ytimg.com www.googletagmanager.com *.google.com www.google-analytics.com *.googleadservices.com *.typekit.net js.stripe.com connect.facebook.net bat.bing.com sjs.bizographics.com survey.survicate.com surveys-static.survicate.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com tracking.g2crowd.com *.gstatic.com px.ads.linkedin.com www.linkedin.com *.fullstory.com fullstory.com dc.ads.linkedin.com *.salesloft.com *.youtube.com https://cdnjs.cloudflare.com/ajax/libs/js-sha256/ https://stats.sa-as.com/live.js https://unpkg.com/aos@next/dist/aos.js https://ipinfo.io https://extreme-ip-lookup.com https://unpkg.com/@lottiefiles/lottie-player@1.5.7/dist/lottie-player.js https://platform.linkedin.com/in.js https://ml314.com/ https://vi.ml314.com/ https://js.chilipiper.com/marketing.js https://cdn.amcharts.com/ https://js-eu1.hs-scripts.com/ https://js-eu1.hubspot.com/ https://js-eu1.hsleadflows.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hsadspixel.net/fb.js https://ajax.googleapis.com/ https://googleads.g.doubleclick.net/ https://video-messages.intercomcdn.com https://messenger-apps.eu.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://js.partnerstack.com https://d30ia583fbtg8i.cloudfront.net/trustquotes/trustquotes.js https://d30ia583fbtg8i.cloudfront.net/trustquotes/style.css https://sdk.voyantis.io https://*.voyantis.io https://serve.glove.fit https://dhc3d5wa5sazw.cloudfront.net https://logs.glove.fit https://cdnjs.cloudflare.com/ajax/libs/prism/ https://unpkg.com/@lottiefiles/lottie-player@latest/dist/tgs-player.js https://run.pstmn.io/button.js https://lusha.chilipiper.com;style-src 'self' 'unsafe-inline' localhost https://www.g2.com https://mk0lplushacrhatidvnw.kinstacdn.com/ https://www.googletagmanager.com *.comeet.co *.comeet.com *.lusha.com *.typekit.net tagmanager.google.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/prism/; font-src 'self' data: localhost https://fonts.intercomcdn.com https://www.g2.com https://mk0lplushacrhatidvnw.kinstacdn.com/ https://www.google.com use.typekit.net *.lusha.com js.intercomcdn.com surveys-static.survicate.com fonts.googleapis.com fonts.gstatic.com dudodiprj2sv7.cloudfront.net ; connect-src 'self' data: localhost https://*.voyantis.io https://*.clarity.ms https://px.ads.linkedin.com https://px.ads.linkedin.com https://forms.hsforms.com/embed/ https://forms.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ https://www.google.co.il/ads/ https://api.chilipiper.com/ https://tracking.chilipiper.com/ https://www.g2.com https://api.hubapi.com https://analytics.tiktok.com https://googleads.g.doubleclick.net/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://pagead2.googlesyndication.com https://geolocation.onetrust.com *.taboola.com https://*.crwdcntrl.net/ https://*.google.com https://cdn.cookielaw.org *.lottiefiles.com https://o412513.ingest.sentry.io https://www.clarity.ms bat.bing.com https://www-services.lusha.com api.hubapi.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com http://www-services-local.lusha.co:3030/v2/user-events http://www-services-local.lusha.com:3030/v2/user-events https://private-144d5-gallusha.apiary-mock.com/questions embedwistia-a.akamaihd.net api.hubspot.com *.lusha.com *.fullstory.com respondent.survicate.com www.google-analytics.com scout.salesloft.com www.facebook.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://ipinfo.io https://api.ipify.org https://ipecho.net https://myexternalip.com https://cta-eu1.hubspot.com https://perf-eu1.hsforms.com https://api-eu1.hubapi.com https://track-eu1.hubspot.com https://forms-eu1.hubspot.com https://tracking.g2crowd.com https://google.com/pagead https://google.com/ccm https://api-iam.eu.intercom.io https://via.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-ping.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://uploads.intercomcdn.eu https://uploads.eu.intercomcdn.com https://partnerlinks.io https://grsm.io dudodiprj2sv7.cloudfront.net https://www.trustradius.com/api/v1/events https://lusha.chilipiper.com https://tracking-api.production.g2.com https://tracking-api.g2.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://logs.glove.fit https://ad.doubleclick.net; child-src localhost https://www.g2.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src localhost https://www.googletagmanager.com https://tpc.googlesyndication.com https://capture.navattic.com https://lusha.chilipiper.com https://www.g2.com https://business.facebook.com https://privacyportal-eu.onetrust.com/ https://*.doubleclick.net https://www.youtube.com/ https://tsdtocl.com/ https://www.linkedin.com www.comeet.com intercom-sheets.com forms.hsforms.com forms.hubspot.com js.stripe.com www.google.com *.lusha.com www.facebook.com *.youtube.com www.comeet.co https://11988414.fls.doubleclick.net; form-action localhost www.facebook.com *.lusha.com https://intercom.help https://api-iam.intercom.io https://forms.hsforms.com/submissions/ https://intercom.help https://api-iam.eu.intercom.io; worker-src blob: *.lusha.com localhost; frame-ancestors 'self' *.lusha.com https://www.lusha-business.com/contact-us; media-src 'self' data: blob: localhost *.lusha.com https://*.intercomcdn.com https://js.intercomcdn.com; object-src 'none'; 2 frame-ancestors 'self' https://*.uchealth.org 2 default-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 2 default-src 'none'; 2 frame-ancestors 'self' www.landingpromo.it www.landing-promo.it 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; upgrade-insecure-requests 2 frame-ancestors 'self' https://www.google.com/; default-src https: 'unsafe-eval' 'unsafe-inline' 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https: blob:; connect-src 'self' https://api.cr-relay.com/v1/site/1b5470ab-ea89-4dc9-9054-1c71779070ea/batch https://pro.ip-api.com/json/ https://api.vector.co/pixel/li https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/visitor-activity https://cdn.cr-relay.com/v1/site/1b5470ab-ea89-4dc9-9054-1c71779070ea/signals.js https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/settings https://www.google.pl/ads/ga-audiences https://www.google.com/ads/ga-audiences https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/visitor https://api.hsforms.com https://bat.bing.net https://z.omappapi.com https://www.google-analytics.com https://tracking-api.g2.com https://aplo-evnt.com https://tracking-api.production.g2.com/attribution_tracking/conversions/assign https://api.factors.ai/sdk/event/update_properties https://api.factors.ai/sdk/event/track https://api.factors.ai/sdk/user/add_properties https://api.factors.ai/sdk/get_info https://www.google.com/ccm/collect https://forms.hscollectedforms.net/collected-forms/v1/config/json https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://api.identitymatrix.ai/tracking/collect https://a.omappapi.com/ https://bat.bing.com/ https://metrics.hotjar.io/ https://google.com/ccm/form-data/936575551 https://analytics.google.com https://pixel-config.reddit.com/pixels/t2_tc9ivusr/config https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_tc9ivusr_telemetry https://conversions-config.reddit.com/v1/pixel/error wss://ws.hotjar.com https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net https://orders.resilio.com https://api-iam.intercom.io https://global.sitesearch360.com https://insights.sitesearch360.com https://ws.zoominfo.com https://google.com/pagead/form-data/936575551 https://tracking.g2crowd.com https://api.omappapi.com https://js.zi-scripts.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io; img-src 'self' https: data: 2 frame-ancestors 'self' https://www.hdpornvideo.xxx https://www.hdpornvideoindia.pro https://www.hdpornvideo3cn.com 2 frame-ancestors *.zumper.com *.zumperrentals.com; 2 default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://web-assets.esetstatic.com https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; form-action 'self' https://enjoy.eset.com; frame-ancestors 'self'; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://td.doubleclick.net https://tpc.googlesyndication.com https://vars.hotjar.com https://www.buzzsprout.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.captcha.eset.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.giphy.com https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'self'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://embed.playbuzz.com https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.buzzsprout.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/reports; report-to csp-endpoint; 2 frame-ancestors 'self' *.ispmanager.com *.ispmanager.ru https://mc.yandex.ru https://mc.yandex.com https://yastatic.net https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com 2 frame-ancestors 'self' *.telia.ee 2 base-uri 'self' *.google.com *.onelink.me; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.c6bank.info/* *.handtalk.me/* https://plugin.handtalk.me/remote-config/* https://plugin.handtalk.me/* https://plugin.handtalk.me/web/latest/PromptLink.9efcf8da.js https://plugin.handtalk.me/web/latest/sign.b445fcf0.js https://plugin.handtalk.me/web/latest/sign.8d62c164.js https://plugin.handtalk.me/web/latest/sign.* https://plugin.handtalk.me/web/latest/sign.28bfb36f.js https://plugin.handtalk.me/web/latest/sign.cb547046.js https://plugin.handtalk.me/corejs/2.2.3/core.min.js https://plugin.handtalk.me/web/latest/handtalk.min.js https://plugin.handtalk.me/remote-config/* *.c6bank.com/* *.c6bank.com.br/* *.googletagmanager.com *.youtube.com *.doubleclick.net *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.appsflyer.com *.licdn.com *.pinimg.com *.c6bank.onelink.me *.pinterest.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.criteo.net *.criteo.com ajax.cloudflare.com analytics.tiktok.com *.bing.com *.clarity.ms *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' *.google.com *.c6bank.com/* *.c6bank.com.br/* *.c6bank.info/* *.googleapis.com *.googleadservices.com *.doubleclick.net *.c6bank.com.br *.googletagmanager.com *.appsflyer.com *.clarity.ms *.licdn.com *.pinimg.com *.c6bank.onelink.me *.pinterest.com; font-src 'self' data: *.gstatic.com *.c6bank.com/* *.c6bank.com.br/* *.google.com *.c6bank.info *.c6bank.info/* *.c6fest.com *.c6bank.info *.c6bank.com *.c6bank.com.br *.appsflyer.com *.googletagmanager.com *.google-analytics.com; object-src 'none'; form-action 'self'; img-src 'self' blob: https://handtalk.me/ data: * *.onelink.me *.apple.com *.c6bank.com/* *.c6bank.com.br/* *.c6bank.info *.c6bank.info/* *.googleapis.com *.instagram.com *.facebook.com *.google.com *.c6bank.com *.c6bank.com.br *.clarity.ms *.googletagmanager.com *.g.doubleclick.net *.facebook.net analytics.tiktok.com *.google-analytics.com; report-uri /api/csp 2 child-src blob:;connect-src 'self' https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io accounts.google.com app.getwisp.co backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ip2c.org autocomplete.search.hereapi.com lookup.search.hereapi.com revgeocode.search.hereapi.com geocode.search.hereapi.com *.batch.com *.axept.io *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3 api.maze.co prompts.maze.co region1.analytics.google.com stats.g.doubleclick.net data.debugbear.com;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io snippet.maze.co;form-action 'self' www.facebook.com;frame-ancestors none;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com geo.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com static.hotjar.com *.axept.io *.contentsquare.net dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com snippet.maze.co;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com app.getwisp.co optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com *.axept.io cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/ snippet.maze.co acdn.adnxs.com cdn.debugbear.com data.debugbear.com;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com snippet.maze.co static.hotjar.com script.hotjar.com assets-cdn.maze.co;upgrade-insecure-requests;worker-src 'self' blob: 2 frame-ancestors 'self' https://*.abtasty.com; 2 default-src 'self'; img-src 'self' https://quickchart.io https://files.catbox.moe; media-src 'self' https://files.catbox.moe; style-src 'self' 'unsafe-inline'; script-src https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; frame-src https://www.google.com; 2 frame-ancestors 'self' https://*.toyota-europe.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 frame-src *.youtube.com *.youtu.be acl.gov youtu.be; frame-ancestors *.youtube.com *.youtu.be acl.gov youtu.be; child-src *.youtube.com *.youtu.be acl.gov youtu.be; report-uri /report-csp-violation 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob: https://service.force.com https://*.my.salesforce.com https://*.salesforceliveagent.com/ https://widget.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com https://service.force.com https://widget.tripgo.com http://*.oracleinfinity.io/ https://dev.oathstudio.com;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com https://resources.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://timetables-embed.nxbus.co.uk https://www.nationalexpress.com https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com https://service.force.com https://*.my.salesforce.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com data: https://dev.oathstudio.com;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://www.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com https://api.tripgo.com https://api.geocode.earth http://*.oracleinfinity.io/;frame-ancestors 'self' https://www.facebook.com 2 font-src fonts.gstatic.com use.typekit.net *.omds.acidgreen.com.au *.explore.omsystem.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.omds.acidgreen.com.au *.explore.omsystem.com cl.s51.exct.net *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sanity.studio 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.omds.acidgreen.com.au *.explore.omsystem.com *.zendesk.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io *.omds.acidgreen.com.au *.explore.omsystem.com explore.omsystem.com blob: *.getolympus.com *.akstat.io *.cookielaw.org *.ggpht.com https://www.magezon.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsightcdn.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.igodigital.com *.mczbf.com *.olympus.eu *.omappapi.com *.pricespider.com google.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cf www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gg www.google.gl www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sr www.google.tn www.google.tt www.google.vu https://id5-sync.com *.quantserve.com alb.reddit.com *.linkedin.com https://tg.socdm.com https://cs.adingo.jp https://ads.stickyadstv.com https://idsync.rlcdn.com https://exchange.mediavine.com https://jadserve.postrelease.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://x.bidswitch.net https://ib.adnxs.com https://r.casalemedia.com https://ad.360yield.com https://contextual.media.net https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://aa.agkn.com https://ade.clmbtech.com https://sync.1rx.io https://a.twiago.com https://sync.targeting.unrulymedia.com *.zendesk.com *.adyen.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com https://www.mollie.com *.sanity.io www.facebook.com *.magentosite.cloud shop.olympus.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com *.cash.app *.payments-amazon.com *.google.com *.paypal.com *.checkout.visa.com *.mastercard.com *.omds.acidgreen.com.au *.explore.omsystem.com *.go-mpulse.net *.newrelic.com *.cookielaw.org *.weglot.com *.pricespider.com cdnjs.cloudflare.com api.tiles.mapbox.com *.adobedtm.com *.bing.com *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.net *.googleapis.com *.googletagmanager.com *.igodigital.com *.mczbf.com *.omappapi.com *.pixlee.com *.js-agent.newrelic.com *.bam.nr-data.net *.cardinalcommerce.com merchant-center-analytics.goog analytics.tiktok.com *.quantserve.com www.redditstatic.com https://trck.linkster.co https://unpkg.com snap.licdn.com *.tradedoubler.com *.zdassets.com *.zendesk.com *.adyen.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co js.mollie.com https://acsbapp.com https://*.acsbapp.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.omds.acidgreen.com.au *.explore.omsystem.com *.weglot.com *.fontawesome.com api.tiles.mapbox.com *.omappapi.com *.pricespider.com *.gstatic.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com *.scandiweb.dev unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googleapis.com *.gstatic.com https://cdn.pubble.io *.commondatastorage.googleapis.com *.sanity.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.omds.acidgreen.com.au *.explore.omsystem.com *.akamaihd.net *.akstat.io *.go-mpulse.net *.cookielaw.org *.weglot.com cdn-api-weglot.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.mczbf.com *.mapbox.com *.omappapi.com *.onetrust.com *.pricespider.com *.pixlee.com *.bam.nr-data.net *.js-agent.newrelic.com merchant-center-analytics.goog analytics.tiktok.com *.quantserve.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com *.linkedin.com rules.quantcount.com pixel.quantcount.com *.zdassets.com *.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://getolympus.registria.com *.adyen.com https://maps.googleapis.com https://player.vimeo.com bam.nr-data.net *.marketo.com *.addthis.com https://acsbapp.com https://*.acsbapp.com www.facebook.com *.exct.net explore.omsystem.com *.cardinalcommerce.com apps.elfsight.com player.vimeo.com *.facebook.net *.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3706dfdc-3ec8-4812-add5-b403178623a6.sansec.watch/; report-to report-endpoint; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-app5.securiti.ai *.sprinklr.com *.leadfamly.com *.crazyegg.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src https://www.visitdubai.com/EAIZBHn75I/vvQ6rd/vMXG/OGupLJwz6GzV2b/UFlZ/fB4zCSRJ/R0c *; frame-src *; media-src * blob:; worker-src * blob:; frame-ancestors 'self' https://dubai.dealroom.co https://dealroom.co https://ecosystem.dubaifoundershq.com https://dubaifoundershq.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-maps.yandex.ru https://assetsgarantibbva.com *.amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.hangikredi.com *.tiktok.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' data: *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.api.useinsider.com https://*.useinsider.com;connect-src 'self' data: *.garantibbvayatirim.com.tr *.paa-reporting-advertising.amazon *.kaspersky-labs.com *.amazon-adsystem.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.assetsgarantibbva.com *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr *.highcharts.com *.tiktok.com ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;worker-src 'self' *.kaspersky-labs.com *.assetsgarantibbva.com *.garantibbva.com.tr; script-src-elem 'self' 'unsafe-inline' *.amazon-adsystem.com *.tiktok.com *.hangikredi.com *.googleapis.com *.facebook *.kaspersky-labs.com *.googletagmanager.com *.dataroid.com *.efilli.com *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr; frame-src 'self' https://video.garanti.com.tr *.amazon-adsystem.com *.api.useinsider.com *.kaspersky-labs.com *.doubleclick.net *.efilli.com *.assetsgarantibbva.com *.garantibbva.com.tr; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.efilli.com *.api.useinsider.com *.doubleclick.net https://static-maps.yandex.ru *.assetsgaranti.com *.assetsgarantibbva.com https://assetsgarantibbva.com *.highcharts.com *.garantibbvayatirim.com.tr *.kaspersky-labs.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dataroid.com *.kaspersky-labs.com *.googletagmanager.com *.efilli.com *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com *.assetsgarantibbva.com *.garantibbva.com.tr;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr *.api.useinsider.com fonts.go/ogleapis.com ajax.googleapis.com fonts.gstatic.com; 2 frame-ancestors none; report-uri /report-csp-violation 2 default-src 'self' my.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com assets.adobedtm.com dynatrace.humanservices.gov.au; connect-src blob: 'self' adobedc.demdex.net docs.apigw.my.gov.au edge.adobedc.net *.my.gov.au my.gov.au mygov-dls-bff.apps.openshift-prod1-dca1.csda.gov.au mygov-dls-bff.apps.openshift-prod1-dcb1.csda.gov.au swift.csda.gov.au stats.g.doubleclick.net dynatrace.humanservices.gov.au *.dynamsoft.com https://127.0.0.1:* ws://127.0.0.1:* wss://127.0.0.1:* data: cdn.jsdelivr.net w3.org/svg/2000; img-src 'self' data: blob: stats.g.doubleclick.net swift.csda.gov.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'self' blob: swift.csda.gov.au; frame-src 'self' blob: bluey-webchat.azurewebsites.net my.gov.au *.my.gov.au swift.csda.gov.au www.youtube.com www.youtube-nocookie.com w.soundcloud.com servicesaustralia.vudoo.io 2 default-src 'self' undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com/ https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://cdn.jotfor.ms https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 2 default-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://noembed.com https://cdn.plyr.io https://*.privacyrequest.net https://privacyrequest.net https://*.fontawesome.com https://*.gstatic.com https://*.vimeo.com https://*.consentmanager.net https://*.performmedia.com https://*.wp.com https://*.google.com 'unsafe-eval' 'unsafe-inline'; 2 frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 2 default-src 'self'; connect-src 'self' blob: *.token.awswaf.com https://api.prod.legislation.gov.au/ https://www.legislation.gov.au/; font-src 'self'; frame-src 'self' blob: https://www.legislation.gov.au/; img-src 'self' data: https://www.googletagmanager.com https://www.legislation.gov.au/; script-src 'self' 'unsafe-inline' *.token.awswaf.com https://www.googletagmanager.com https://www.legislation.gov.au/; style-src 'self' 'unsafe-inline' https://www.legislation.gov.au/; 2 default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline' *.zdf.de *.zdfheute.de; font-src 'self' *.zdf.de *.zdfheute.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.zdf.de *.zdfheute.de *.sensic.net *.aticdn.net *.nmrodam.com *.gstatic.com *.twitter.com *.facebook.net *.instagram.com *.xiti.com; img-src 'self' blob: data: *.zdf.de *.zdfheute.de *.nmrodam.com *.ytimg.com; frame-src 'self' *.zdf.de *.zdfheute.de *.twitter.com *.sensic.net *.nmrodam.com *.facebook.com *.instagram.com *.dwcdn.net *.youtube-nocookie.com; media-src 'self' blob: *.zdf.de *.zdfheute.de *.zdf.dev *.akamaihd.net *.akamaized.net *.dradio.de; frame-ancestors 'self'; 2 default-src *.maaap.it *.ddev.site *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline'; block-all-mixed-content; font-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.ddev.site *.adform.net *.calameo.com *.culture.fr *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.tiktok.com *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.ddev.site *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.ddev.site *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 2 frame-ancestors 'self' https://*.olaelectric.com https://*.olacabs.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-eval cdnjs.cloudflare.com konicaminoltaus.b-cdn.net script.crazyegg.com www.googletagmanager.com; script-src-elem 'self' data: 'unsafe-inline' cdnjs.cloudflare.com konicaminoltaus.b-cdn.net www.googletagmanager.com script.crazyegg.com trans.xdtsmart.com 3001.scriptcdn.net api.wire.threatspike.com bat.bing.com blob: cdn.amplitude.com connect.facebook.net dap.digitalgov.gov extensionscontrol.com extmanagers.com infird.com sc-static.net secured-pixel.com speed.ilink-tk.com stapecdn.com static.ads-twitter.com www.google-analytics.com www.upsellit.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' ka-p.fontawesome.com kit.fontawesome.com konicaminoltaus.b-cdn.net; style-src-elem 'self' 'unsafe-inline' ka-p.fontawesome.com konicaminoltaus.b-cdn.net kit.fontawesome.com cdn.honey.io fonts.googleapis.com www.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: kmbscontent.konicaminolta.us konicaminoltaus.b-cdn.net www.googletagmanager.com hm.baidu.com blob: cdn.honey.io analytics.twitter.com bat.bing.com fonts.gstatic.com s.w.org s3.amazonaws.com secure.gravatar.com t.co tagging.mkt.zappos.com translate.google.com www.gstatic.com; font-src 'self' data: ka-p.fontawesome.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.gstatic.com konicaminoltaus.b-cdn.net migaku-public-data.migaku.com moz-extension ms-browser-extension static.zip.co svcs.tql.com; connect-src 'self' www.googletagmanager.com tracking.crazyegg.com assets-tracking.crazyegg.com script.crazyegg.com pagestates-tracking.crazyegg.com www.google-analytics.com kmbscontent.konicaminolta.us hm.baidu.com trans.xdtsmart.com konicaminoltaus.b-cdn.net region1.google-analytics.com api2.amplitude.com clientstream.launchdarkly.com overbridgenet.com sr-client-cfg.amplitude.com tagging.mkt.zappos.com www.google.com zjaasd.zappos.com; media-src 'self' data:; child-src blob:; frame-src www.googletagmanager.com; worker-src blob:; report-uri https://4cb6d1b88ad70041e7bad82563439f7d.report-uri.com/r/t/csp/enforce 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; frame-src https://* about: javascript:; frame-ancestors 'self' http://*.vegas.com https://*.vegas.com 2 frame-ancestors 'self' https://admin-scbcw-prod.scb.co.th https://scbcwseaadmin001prd.azurewebsites.net https://admin-scbcw-prod2.scb.co.th https://scbcwseaadmin002prd.azurewebsites.net https://scbmm-admin-scbcw-prod2.scb.co.th https://braze-images.com https://info.scb.co.th https://js.appboycdn.com https://sdk.iad-07.braze.com *.youtube.com *.google.com *.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com; img-src 'self' https: data: *.ise.scb.co.th *.se.scb.co.th *.azurewebsites.net *.z23.web.core.windows.net *.dev.softdebut.com *.appboycdn.com *.braze.com https://braze-images.com *.scbeic.com *.scb.co.th *.youtube.com *.google.com *.google-analytics.com maps.googleapis.com maps.gstatic.com 2 report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.doubleclick.net pixel.mathtag.com n26.go2cloud.org www.googletagmanager.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors app.contentful.com 'self' *.n26.com;frame-src www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com boards.greenhouse.io job-boards.greenhouse.io 2 default-src 'self';script-src 'self' *.6sense.com *.adnxs.com *.6sc.co *.licdn.com *.ceros.com *.twitter.com *.azure.com *.cookielaw.org *.vimeo.com cdn.dynamicyield.com st.dynamicyield.com rcom.dynamicyield.com metrics.mastercard.com smetrics.mastercard.com assets.adobedtm.com *.onetrust.com *.youtube.com *.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-hashes' *.twitter.com 'unsafe-inline';connect-src 'self' *.6sense.com *.adnxs.com *.6sc.co *.linkedin.com *.azure.com *.cookielaw.org *.onetrust.com *.mastercard.com;font-src 'self' website.com;img-src 'self' data: https: *.cookielaw.org;media-src 'self' website.com;object-src 'self' website.com;frame-ancestors 'self' website.com *.ceros.com *.vimeo.com *.youtube.com *.youtube-nocookie.com;frame-src 'self' *.twitter.com *.ceros.com *.vimeo.com *.youtube.com *.youtube-nocookie.com 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: ajax.aspnetcdn.com www.gstatic.com s7.addthis.com assets.transparently.com ajax.googleapis.com www.google.com vjs.zencdn.net mychart.piedmont.org maps.googleapis.com ie7-js.googlecode.com apis.google.com maxcdn.bootstrapcdn.com cdn.kyruus.com z.moatads.com www.google-analytics.com siteimproveanalytics.com www.googletagmanager.com connect.facebook.net cdn.krxd.net d10lpsik1i8c69.cloudfront.net v1.addthisedge.com m.addthis.com guide.loyalhealth.com www.googleadservices.com piedmont.netmng.com secure-ds.serving-sys.com solutions.invocacdn.com *.krxd.net bs.serving-sys.com googleads.g.doubleclick.net js.adsrvr.org assets.pinterest.com log.pinterest.com *.elfsight.com code.jquery.com tagmanager.google.com bbox.blackbaudhosting.com *.wufoo.com *.invoca.net s.pinimg.com assets.sitescdn.net static.hotjar.com script.hotjar.com answers-embed.piedmont.com.pagescdn.com ads.nextdoor.com touchpoint-sdk.alida.com mychart.piedmont.org dexcareapi-piedmont.azureedge.net www.care.piedmont.org care.womp.it piedmont.womp.it www.youtube.com cdn.krxd.net *.doubleclick.net ratings.md cdn.perfdrive.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.adform.net 360yield.com *.doubleclick.net cdn.tiny.cloud adservice.google.com adservice.google.pl ahrefs.com analytics.tiktok.com apis.google.com app.usercentrics.eu bat.bing.com connect.facebook.net doubleclick.net emplocity.com *.facebook.com *.facebook.net fintech.pkobp.pl fonts.googleapis.com fonts.gstatic.com iko.pkobp.pl kredobank.com.ua ls.hit.gemius.pl m.emplobot.com maps.google.com maps.googleapis.com maps.gstatic.com media.pkobp.pl sr-dev.travatar.ai pkosr.travatar.ai pagead2.googlesyndication.com platform.twitter.com pro.hit.gemius.pl pko.salesmanago.com https://programpartnerski.pkobp.pl googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com www.google.com www.google.pl www.googleadservices.com www.googletagmanager.com www.gstatic.com www.mojafirma.pkobp.pl www.obligacjeskarbowe.pl www.pkobh.pl www.pkobp.pl www.pkofaktoring.pl www.pkofinance.se www.pkoleasing.pl www.pkopte.pl www.pkotfi.pl www.polecam.pkobp.pl www.wspieramyeksport.pl www.youtube.com www.youtube-nocookie.com www.zakup.obligacjeskarbowe.pl cdn.cookielaw.org; worker-src 'self' blob: https://www.pkobp.pl; report-uri /report-csp; 2 frame-ancestors 'self' *.winfuture.de; 2 frame-ancestors 'self' https://*.forumfree.it/ 2 default-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site ws: blob:; script-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site 'unsafe-eval' 'unsafe-inline' ws: blob:; style-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate.com *.survicate-cdn.com www.googletagmanager.com *.googleapis.com 'unsafe-inline' ws: blob:; img-src 'self' *.myob.com *.myobdev.com *.wistia.com *.ctfassets.net *.survicate-cdn.com data: https: ws: blob:; font-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate-cdn.com fonts.gstatic.com data:; frame-src *; frame-ancestors *; 2 default-src 'self' wss://comet.rabota.ru https://*.sbermarketing.ru https://sbermarketing.ru front-log.rabota.ru *.rabota.space rabota.ru *.rabota.ru https://*.yandex.md https://*.yandex.ru https://yandex.ru https://*.yandex.net https://*.yandexadexchange.net https://*.mail.ru https://vk.com https://*.odnoklassniki.ru https://*.rambler.ru https://*.adfox.ru https://*.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.ucweb.com https://*.livetex.ru https://*.livetex.me https://*.2gis.ru https://*.2gis.com https://2gis.github.io https://*.calltouch.ru ws://*.jivosite.com https://*.jivosite.com ws://*.jivo.ru https://*.jivo.ru https://*.vimeocdn.com https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.rutube.ru https://*.coub.com https://*.imgsmail.ru https://*.dadata.ru https://*.mediator.media https://stat.media https://*.stat.media https://static.smi2.net https://smi2.ru https://*.smi2.ru https://e-cc01-i.sber247.ru https://*.experrto.io https://sa.online.sberbank.ru https://*.online.sberbank.ru https://*.sberbank.ru https://sa.online.sberbank.ru:8098/metrics/partners https://recaptcha.net https://*.recaptcha.net https://*.recaptcha.net/recaptcha/api.js https://ad.adriver.ru https://rezumet.ru https://id.sber.ru https://yastatic.net https://*.serving-sys.ru;script-src 'unsafe-inline' 'unsafe-eval' sp.otm-r.com *.sbermarketing.ru sbermarketing.ru *.rabota.space rabota.ru *.rabota.ru yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.odnoklassniki.ru *.mail.ru unpkg.com *.livetex.ru *.livetex.me *.google.com ws://*.jivosite.com *.jivosite.com ws://*.jivo.ru *.jivo.ru *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com cdn.ampproject.org *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js st.top100.ru yastatic.net mc.yandex.ru tags.soloway.ru/DSPCounter.min.js content.adriver.ru/AdRiverFPS.js ad.adriver.ru telegram.org/js/telegram-web-app.js *.hybrid.ai rezumet.ru *.serving-sys.ru;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.jivo.ru *.yandex.md yandex.ru *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru e-cc01-i.sber247.ru sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners rezumet.ru;img-src * data: blob: mc.yandex.ru;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.livetex.ru *.livetex.me *.gstatic.com sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js rezumet.ru yastatic.net chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru rezumet.ru;frame-src blob: madte.st madtest.ru *.rabota.space rabota.ru *.rabota.ru oprosso.net creativecdn.com *.creativecdn.com yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandex.tld *.yandexadexchange.net vk.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.fls.doubleclick.net static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com w.soundcloud.com *.rambler.ru music.yandex.ru podcasts.apple.com podcasts.google.com *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io app.ex.co infogram.com embed.podcasts.apple.com interacty.me p.interacty.me recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js sber-zvuk.com webvisor.com *.webvisor.com mc.yandex.ru content.adriver.ru rezumet.ru id.sber.ru ad.adriver.ru *.serving-sys.ru;object-src 'self' blob:;media-src blob: *.rabota.ru rabota.ru *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.jivo.ru *.vimeocdn.com *.helpdeskeddy.com rezumet.ru;report-uri https://www.rabota.ru/snitch.txt;base-uri 'none';frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com https://*.webvisor.com https://*.telegram.org; 2 frame-ancestors https://*.openrice.com https://*.openrice.com.cn 2 frame-ancestors 'none'; upgrade-insecure-requests; 2 frame-ancestors 'self' https://kartra.com https://kartra.kartra.com https://app.kartra.com; 2 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 2 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 2 default-src 'none'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com mavenoid.com *.mavenoid.com *.clarity.ms; frame-src http://cookies.onetrust.mgr.consensu.org https://checkout.dibspayment.eu/ https://myuplink.com; font-src data: 'self' https://fonts.gstatic.com mavenoid.com *.mavenoid.com; style-src 'self' 'unsafe-inline' blob: https://optanon.blob.core.windows.net https://fonts.googleapis.com mavenoid.com *.mavenoid.com; connect-src 'self' https://login.myuplink.com https://internalapi.myuplink.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com mavenoid.com *.mavenoid.com mavenoidfiles.com *.mavenoidfiles.com *.sentry.io https://dc.services.visualstudio.com *.clarity.ms; img-src 'self' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://optanon.blob.core.windows.net/logos/5456/5456:myuplink.com/myUplink_logo%20(1).png mavenoid.com *.mavenoid.com mavenoidfiles.com *.mavenoidfiles.com *.clarity.ms data:; media-src mavenoidfiles.com *.mavenoidfiles.com mediastream:; object-src 'none'; 2 frame-ancestors 'self' editor.construct.net preview.construct.net animate.construct.net; script-src construct-static.com www.construct.net leaderboards.construct.net www.youtube.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.paypal.com js.braintreegateway.com www.paypalobjects.com accounts.google.com www.googletagmanager.com www.google.com apis.google.com r.stripe.com js.stripe.com connect.facebook.net 'unsafe-inline' 'unsafe-hashes'; 2 frame-ancestors 'self' https://*.riu.com https://*.apps.riu.com https://*.stay-app.com https://www.googleapis.com https://*.google.com https://connect.facebook.net https://*.akamaitechnologies.com https://*.yandex.com https://*.msn.com https://*.googlebot.com https://*.gstatic.com https://static.cloudflareinsights.com https://www.riuagents.com; 2 frame-ancestors 'self' http://localhost:8000; img-src 'self' http://localhost:8000 data: blob: * 2 frame-ancestors 'self' support.azazie.com customerservice.azazie.com 2 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p https://texthelp.tfaforms.net https://analytics.formassembly.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://sc-static.net https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ https://texthelp.tfaforms.net https://s.saleswingsapp.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/ https://texthelp.tfaforms.net https://www.tfaforms.com; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net https://texthelp.tfaforms.net https://event.on24.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 2 default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://js.hubspot.com https://app.hubspot.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://static.hsappstatic.net https://code.jquery.com; style-src 'unsafe-inline' 'report-sample' 'self' https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://api.hubapi.com https://app.hubspot.com https://cp.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://js.hs-banner.com https://cdn.linkedin.oribi.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://forms.hsforms.com https://app.hubspot.com https://www.google.com https://flo.uri.sh https://forms.hsforms.com; frame-ancestors 'self'; img-src 'self' https://3426102.fs1.hubspotusercontent-na1.net https://3ma79ae7cua.com https://px.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://www.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com https://forms-na1.hsforms.com; media-src 'self' https://3426102.fs1.hubspotusercontent-na1.net; worker-src 'none';; upgrade-insecure-requests 2 connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io www.google-analytics.com; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: data: wss:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' *; 2 frame-ancestors 'self' *.kiwify.com.br *.kiwify.com 2 frame-ancestors 'self' *.kanopy.com 2 frame-ancestors 'self' https://support.phorest.com/ https://phorest1547654878.zendesk.com/ https://phorest.zendesk.com/ https://www.salonownersummit.com/host 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' blob: https:; worker-src 'self' blob: https:; 2 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.wikimedia.org *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net userlike-cdn-umm.b-cdn.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 2 default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' vercel.live; font-src 'self' vercel.live assets.vercel.com framerusercontent.com fonts.gstatic.com; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules' *.thirdweb.com *.thirdweb-dev.com vercel.live js.stripe.com framerusercontent.com events.framer.com challenges.cloudflare.com googletagmanager.com us-assets.i.posthog.com edit.framer.com; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content; 2 frame-ancestors 'self' apachearimlbvip.corpuk.net 2 frame-ancestors 'self' https://dbwas.service.deutschebahn.com 2 frame-ancestors 'self' https://*.stanwith.me https://*.stan.store 2 frame-ancestors 'self' https://reviewtrackers.app.workramp.com https://inmoment.app.workramp.com https://academy.reviewtrackers.net https://www.reviewtrackers.com https://app.getreprise.com 2 frame-ancestors https://*.relive.com https://*.relive.cc; form-action 'self'; object-src 'none'; upgrade-insecure-requests 2 default-src 'self'; child-src 'self' blob:; connect-src 'self' rgitsprdstorage.blob.core.windows.net *.clarity.ms unpkg.com cdn.jsdelivr.net assets.contentstack.io cdn.contentstack.io api.smartrecruiters.com *.coveo.com *.cvent.com *.g2crowd.com *.algolianet.com pubsub.googleapis.com ingest.insights.ninetailed.co cdn.bizible.com munchkin.marketo.net images.contentstack.io *.typekit.net ws.zoominfo.com *.luckyorange.com *.visitors.live js.zi-scripts.com settings.luckyorange.com *.google.com experience.ninetailed.co cdn.cookielaw.org *.akamaihd.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.google-analytics.com *.microstrategy.com *.mktoutil.com *.calendly.com microstrategy.sharepoint.com *.omtrdc.net *.wistia.net *.wistia.com swb-pd-amecc5bkdjechdb2.z01.azurefd.net swb-pp-g9cmc2f9b2eaf8aw.z01.azurefd.net *.mktoresp.com platform.cloud.coveo.com wss:; font-src 'self' *.wistia.net *.microstrategy.com *.typekit.net data: fonts.gstatic.com; frame-src 'self' form.typeform.com www.youtube-nocookie.com insight.adsrvr.org www.googletagmanager.com *.wistia.com *.wistia.net *.cvent.com *.demdex.net *.doubleclick.net *.microstrategy.com *.youtube.com *.calendly.com calendly.com optimize.google.com; img-src 'self' blob: *.wistia.net cdn.bizible.com cdn.cookielaw.org images.contentstack.io adservice.google.com rgitsprdstorage.blob.core.windows.net microstrategy.sharepoint.com *.cvent.com *.adsymptotic.com *.ads.linkedin.com *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.microstrategy.com *.omtrdc.net *.wistia.com optimize.google.com data: static.cloud.coveo.com www.google.com; media-src 'self' *.akamaihd.net *.microstrategy.com *.wistia.com blob: data: fast.wistia.net; object-src 'self'; script-src 'self' *.clarity.ms 'unsafe-inline' 'unsafe-eval' *.calendly.com *.wistia.net cdn.bizible.com tools.luckyorange.com js.adsrvr.org js.zi-scripts.com *.g2crowd.com js.sentry-cdn.com *.cvent.com *.mktoweb.com *.googleanalytics.com *.googleoptimize.com optimize.google.com *.akamaihd.net *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.marketo.net *.microstrategy.com *.onetrust.com *.wistia.com blob: assets.adobedtm.com cdn.cookielaw.org *.coveo.com wcs.naver.net ws.zoominfo.com; style-src 'self' 'unsafe-inline' optimize.google.com fonts.googleapis.com *.microstrategy.com *.typekit.net cdn.cookielaw.org static.cloud.coveo.com; worker-src 'self' 'unsafe-inline' blob: data:; 2 default-src 'none'; script-src 'self' 'unsafe-inline' code.etracker.com www.etracker.de default.signalize.com api.signalize.com; img-src 'self' data: api.signalize.com cdn.signalize.com i.ytimg.com; style-src 'self' 'unsafe-inline' api.signalize.com; font-src 'self' data: api.signalize.com; connect-src 'self' www.etracker.de api.signalize.com; frame-src 'self' www.youtube-nocookie.com; form-action 'self'; base-uri 'self'; media-src 'self'; frame-ancestors https://newapp.etracker.com; 2 report-uri https://o4505075539902464.ingest.us.sentry.io/api/4505075559825408/security/?sentry_key=e137a5ec37cf03e1ed168b772c98c0bc; report-to csp; default-src 'self' *.youtube.com player.simplecast.com *.lemonsqueezy.com challenges.cloudflare.com https://lemonsqueezy.nolt.io/ tally.so cdn.prod.website-files.com lemonsqueezy-assets.s3.us-east-2.amazonaws.com; connect-src *.lemonsqueezy.com cdn.prod.website-files.com wss://api.inkeep.com *.inkeep.com helpscout-ticket-creation.vercel.app lemonsqueezy-assets.s3.us-east-2.amazonaws.com; media-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com; worker-src 'self'; img-src * blob: data:; font-src * data:; style-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' challenges.cloudflare.com tally.so cdn.jsdelivr.net cdn.prod.website-files.com code.jquery.com unpkg.com d3e54v103j8qbb.cloudfront.net app.lemonsqueezy.com cdn.usefathom.com assets.lemonsqueezy.com 'sha256-I1oqzdG8ABwwJE/CwI40sJxhtAhpql7j/rpDkIXUK1Y=' 'sha256-bdA0cvgVXH8LBxO68C3ExwzyXLRynEkqpwkKp7av3Tk=' 'sha256-YMDz5wGrDesGpPQvZFf+o+To+21PWXozOWgUUKXgPNQ=' 'sha256-KZ7C6zm33y6W2F1lcdoNyLyQoU6ieDA6nnaAoMUIG6o=' 'sha256-olvdWzV5MceIt4AqqXiVXHwHOoytDlQutQSLai2rr3s=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-P6cgBPruhraHLxxJAx7CYIaV6SC4iuvDldsKrdcDCs0=' 'sha256-muoEFIeLVS1tXqNKabm2XW0y+t0Morn0eiyH/4gWSFM=' 'sha256-IWcRBb6qdMcphojQQMlDaQsYG4F8+OUe0cC62k92Fqs=' 'sha256-DJoD3TxxO/wUfm77B3Xg8CeZ9zXmQFghzlrJFbjgsVo=' 'sha256-st/0/OS6vlRZrDF/EgOB9O90ZfXBJEMve3p4NzDKmWw=' 'sha256-rqIrJsr1KxE4sZIs0595EDTZHIse/pQFOveGXTSpgh8=' 'sha256-2+xeZ9uvzc1cztE9neSkGAsRIcQxev8HH3lZeT3IHgc=' 'sha256-ChC+cACPifjKQsvV1eZgCx7ANEc0Q3xy+MqDBFnpyRE=' 'sha256-7/HveZxd4yPf42YIfhxiZDFU/a6RtLtShZj0y0bc0xM=' 'sha256-YAhqsGAb4rs+S5kO4XH1/9mGQq/8NQVJLKJrhNpdFo8=' 'sha256-wEjQdcjT9ia3+uKiDHquc85jb4JdZAOOm9hFbAvVW0Y=' 'sha256-FF3JplMsTlEoGExFy9jNa//bI9hXN1P1Wk7TmC/697w=' 'sha256-FABljtGlF/3YMkSGHKKqY1YQmM6YGrcxBpr97RqRS9s=' 'sha256-fd/AWhZEJywiUTWydT7SaKdliz8IBLf395MJFxoGDOY=' 'sha256-6EsWsKwWbGaxnjI9bo3G4ZW6jUhVwdKYJvwQHKwlL/c=' 'sha256-Z7WzqowjPAR+oYchmMod4lGNr7Qyiu6JCcN+iYRXHCk='; 2 upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp&d=2025-07-11 2 frame-ancestors 'self' https://*.wynnlasvegas.com https://app.contentful.com; 2 default-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://sccm.dlapiper.com;frame-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://platform.cloud.coveo.com https://www.youtube.com https://w.soundcloud.com https://s.company-target.com https://players.brightcove.net https://vimeo.com/ https://sccm.dlapiper.com https://comms.dlapiper.com https://sccd.dlapiper.com https://communications.us.dlapiper.com https://inform.dlapiper.com https://inform-new.dlapiper.com https://nzcomms.dlapiper.com https://player.vimeo.com https://omny.fm https://e.infogram.com;connect-src 'self' 'unsafe-inline' https://platform.cloud.coveo.com https://analytics.cloud.coveo.com https://l.sharethis.com https://www.google.com https://ixfd2-api.bc0a.com https://www.facebook.com https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://px.ads.linkedin.com https://api.company-target.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://c.go-mpulse.net https://dlapiper.containers.piwik.pro https://dlapiper.piwik.pro https://sccm.dlapiper.com https://trial-eum-clienttons-s.akamaihd.net https://s.go-mpulse.net https://*.akstat.io https://*.go-mpulse.net https://trial-eum-clientnsv4-s.akamaihd.net https://*.akamaihd.net https://analytics.google.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://static.cloud.coveo.com https://sccm.dlapiper.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: https://static.cloud.coveo.com https://staticdev.cloud.coveo.com https://sccm.dlapiper.com https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloud.coveo.com https://cdn.jsdelivr.net https://cdn.bc0a.com https://buttons-config.sharethis.com https://cdn.cookielaw.org https://s.go-mpulse.net https://dlapiper.containers.piwik.pro https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://platform-api.sharethis.com https://js.hs-banner.com https://sccm.dlapiper.com https://*.go-mpulse.net https://e.infogram.com https://tag.demandbase.com https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://siteimproveanalytics.com https://js-na1.hs-scripts.com https://js.hs-analytics.net;img-src 'self' 'unsafe-inline' data: https://static.cloud.coveo.com https://cdn.cookielaw.org https://sccm.dlapiper.com https://i.vimeocdn.com https://www.linkedin.com https://segments.company-target.com https://track.hubspot.com https://61281921.global.siteimproveanalytics.io https://l.sharethis.com https://sccd.dlapiper.com https://sccm.dlapiper.com https://*.akstat.io https://www.googletagmanager.com https://cdn.bfldr.com https://dlapiper.vuturevx.com https://dlapiper.vuture.net https://px.ads.linkedin.com https://id.rlcdn.com https://www.google-analytics.com https://www.facebook.com https://www.google.co.in;frame-ancestors 'self' https://sccm.dlapiper.com https://sccd.dlapiper.com https://scdrcm.dlapiper.com https://scdrcd.dlapiper.com; 2 default-src 'self'; child-src 'self' ceuedu-my.sharepoint.com googletagmanager.com www.youtube.com www.youtube-nocookie.com ceu.my.salesforce-sites.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.facebook.com *.twitter.com unibuddy.co *.unibuddy.co *.doubleclick.net ceu-edu.zoom.us w.soundcloud.com datawrapper.dwcdn.net player.vimeo.com free.timeanddate.com gifcdn.com e.issuu.com www.yumpu.com *.simplecast.com *.genial.ly *.genially.com forms.office.com webto.salesforce.com; connect-src 'self' *.matomo.cloud *.google-analytics.com bam.nr-data.net l.sharethis.com *.linkedin.com *.analytics.google.com stats.g.doubleclick.net *.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data: events.ceu.edu *.google.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net ad.doubleclick.net i.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.facebook.com *.twimg.com *.twitter.com *.linkedin.com www.google.at https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' w.soundcloud.com datawrapper.dwcdn.net player.vimeo.com gifcdn.com www.youtube.com www.youtube-nocookie.com *.twitter.com www.yumpu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net googletagmanager.com *.googletagmanager.com google-analytics.com cdnjs.cloudflare.com use.fontawesome.com s.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.gstatic.com *.facebook.com *.twitter.com *.twimg.com js-agent.newrelic.com cdn.unibuddy.co connect.facebook.net snap.licdn.com www.youtube.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net googletagmanager.com *.googletagmanager.com google-analytics.com cdnjs.cloudflare.com use.fontawesome.com s.ytimg.com *.matomo.cloud *.piktochart.com *.powerbi.com *.sharethis.com *.google.com *.gstatic.com *.facebook.com *.twitter.com *.twimg.com js-agent.newrelic.com cdn.unibuddy.co connect.facebook.net snap.licdn.com www.youtube.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ws.sharethis.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 default-src 'self' https: data: blob: wss: https://content.surveysparrow.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' *.surveysparrow.com thrivesparrow.com *.thrivesparrow.com; 2 report-uri https://www.barmer.de/report; frame-ancestors 'self' https://lernen.barmer.de; 2 default-src 'self' www.googletagmanager.com discover-euc1.sitecorecloud.io *.userconsent.org *.userway.org https://apis.government.ae *.readspeaker.com *.ytimg.com *.tra.gov.ae cdn.appdynamics.com i.ibb.co www.facebook.com cdnapisec.kaltura.com *.tdra.gov.ae *.doubleclick.net *.yahooapis.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com www.google-analytics.com www.youtube.com 'unsafe-inline' 'unsafe-eval' data: ; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 2 frame-ancestors https://*.brazzers.com 2 frame-ancestors 'self' https://www.usemotion.com https://usemotion.com 2 frame-ancestors 'self' *.lovecrafts.com 2 default-src 'self' https:; connect-src https: wss:; font-src 'self' https: data:; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2 frame-ancestors 'self' https://checkout.aireuropa.com; 2 default-src 'self'; base-uri 'self'; script-src 'unsafe-inline' 'self' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.conversationalsdevelopment.nl cdn.seamly-app.com; style-src 'self' 'unsafe-inline' *.rvo.nl cdn.seamly-app.com; object-src *.rvo.nl; connect-src 'self' *.rvo.nl *.rvochat.nl *.rovid.nl *.obi4wan.ai *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.pusher.com wss://*.pusher.com *.obi4wan.com wss://api.seamly-app.com api.seamly-app.com; img-src 'self' data: *.rvo.nl *.rovid.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com *.mediatheekrijksoverheid.nl services.arcgisonline.com www.toegankelijkheidsverklaring.nl; media-src 'self' *.seamly-app.com *.rovid.nl *.mediatheekrijksoverheid.nl; form-action 'self' *.rvo.nl; frame-ancestors 'self' *.rvo.nl; frame-src 'self' *.rvo.nl; script-src-elem 'self' 'unsafe-inline' statistiek.rvo.nl *.obi4wan.com *.shoppingminds.com *.shoppingminds.net *.creative-serving.com stats.pusher.com cdn.seamly-app.com; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' s.exist.ru yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net *.cdn.ngenix.net; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yastatic.net yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net; 2 default-src * blob: ws: wss: gap://ready 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * 'self' data: blob: 'unsafe-inline'; frame-src * blob: intent:; child-src * blob: gap:; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; worker-src * blob: 'unsafe-inline'; 2 frame-src 'self' *.youtube.com *.googletagmanager.com *.doubleclick.net *.trustpilot.com *.creativecdn.com *.google.com *.facebook.com ; frame-ancestors 'self'; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js https://ga.jspm.io/npm:es-module-shims@1.7.1/dist/es-module-shims.js https://kit.fontawesome.com/ https://kit.fontawesome.com/29b2028b7f.js https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js *.swmed.edu *.utsouthwestern.edu https://tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js *.taggbox.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://w.soundcloud.com/player/api.js https://siteimproveanalytics.com/js/siteanalyze_67564.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://utsw.flintbox.com/embed.js https://utsw.flintbox.com/assets/iframe-container-5933c9a9de9740bee358da320c7bf82406da2e2f6e93843b06b4514c2030dfd9.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://js.adsrvr.org/ https://insight.adsrvr.org/track https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.swmed.edu *.utsouthwestern.edu https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://lm.serving-sys.com *.taggbox.com *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://listgrowth.ctctcdn.com/v1/5626582cad2b3868b069a1d065b39fd3.json https://visitor2.constantcontact.com/api/v1/signup_forms/ https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.swmed.edu *.adsrvr.org https://app.powerbi.com/ *.utsouthwestern.edu https://app.truelook.com/ https://utsw.flintbox.com/ https://td.doubleclick.net *.taggbox.com https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2 frame-ancestors 'self' https://*.sosovalue.com https://*.sosovalue.xyz 2 default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' * 'unsafe-inline' data: blob:; img-src 'self' * data: blob:; font-src 'self' * data:; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' * 2 frame-ancestors 'self' https://app.mutinyhq.com https://docs.google.com ajax.cloudflare.com cloudflareinsights.com 2 default-src data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2 script-src * 'unsafe-inline' 'unsafe-eval' 'self' *.263.net 2 script-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com blob: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com polyfill.io unpkg.com storage.googleapis.com *.google-analytics.com www.snapengage.com code.jquery.com cdn.jsdelivr.net api.mapbox.com cdn.skypack.dev d3js.org cse.google.com www.google.com maps.googleapis.com partner.talk.naver.com ssl.pstatic.net; font-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com data: fonts.gstatic.com cdnjs.cloudflare.com unpkg.com storage.googleapis.com; style-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com hosteduxprod.blob.core.windows.net www.google.com ssl.pstatic.net; img-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com https://* data:; connect-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com api.mapbox.com *.google-analytics.com cdn.jsdelivr.net www.snapengage.com ui.customsearch.ai maps.googleapis.com wss://cloudzoo.rhino3d.com; frame-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com www.google.com; frame-ancestors 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com self; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai https://connect.facebook.net https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css https://v3.lenna.ai/chat/assets/index.css; img-src 'self' https: blob: data: https://www.facebook.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; media-src 'self' storage.cybiteam.id; connect-src 'self' https://cms.cybiteam.id https://api-crm.cybiteam.id https://cbn.speedtestcustom.com https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai https://app.lenna.ai https://cms.lenna.ai https://lenna.ai https://storage.cybiteam.id https://api.ipify.org https://connect.facebook.net https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ https://socket.lenna.ai wss://socket.lenna.ai https://www.google.com; frame-src 'self' https://cbn.speedtestcustom.com https://www.googletagmanager.com https://td.doubleclick.net blob:; upgrade-insecure-requests; 2 frame-ancestors 'self' http://gzw.fujian.gov.cn https://gzw.fujian.gov.cn http://rst.fujian.gov.cn https://rst.fujian.gov.cn http://gat.fujian.gov.cn https://gat.fujian.gov.cn *.fujian.gov.cn https://ptgl.fujian.gov.cn:8088 http://zwfw.fujian.gov.cn:722 http://www.fujian.gov.cn https://www.fujian.gov.cn https://test.fujian.gov.cn http://test.fujian.gov.cn https://zwfw.fujian.gov.cn http://www.xm.gov.cn https://www.xm.gov.cn http://ptgl.fujian.gov.cn https://ptgl.fujian.gov.cn http://fujian.gov.cn https://fujian.gov.cn http://www.fujian.gov.cn https://www.fujian.gov.cn http://fj.gov.cn https://fj.gov.cn http://www.fj.gov.cn https://www.fj.gov.cn http://fgw.fujian.gov.cn https://fgw.fujian.gov.cn http://fgw.fj.gov.cn https://fgw.fj.gov.cn http://gxt.fujian.gov.cn https://gxt.fujian.gov.cn http://gxt.fj.gov.cn https://gxt.fj.gov.cn http://stream14.fjtv.net https://gat.fujian.gov.cn https://mzzjt.fujian.gov.cn https://rst.fujian.gov.cn https://zjt.fujian.gov.cn https://nynct.fujian.gov.cn https://lyj.fujian.gov.cn https://swt.fujian.gov.cn https://yjt.fujian.gov.cn https://www.ningde.gov.cn http://www.ningde.gov.cn http://lyj.fujian.gov.cn https://zwfw.fujian.gov.cn:1001 https://zwfw.fujian.gov.cn:9020 https://zwfw.fujian.gov.cn:722 2 frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 2 default-src 'self'; script-src 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://apis.google.com https://*.google-analytics.com https://kit.fontawesome.com https://cdn.insight.sitefinity.com https://js.monitor.azure.com https://*.marker.io https://*.youtube.com 'self' https://cdn.bc0a.com https://*.bazaarvoice.com https://*.monetate.net 'unsafe-eval' https://api.astutebot.com https://bot.emplifi.io https://cdn.listrakbi.com https://s1.listrakbi.com https://onescript-recscont.listrakbi.com https://bl.listrakbi.com https://at1.listrakbi.com https://www.googletagmanager.com https://cdn.cookielaw.org https://services.listrak.com https://static.addtoany.com/ https://*.likebtn.com https://*.ipstack.com https://*.pricespider.com https://*.mapbox.com https://mediacdn.espssl.com https://*.listrakbi.com onescript-recscont.listrakbi.com https://*.crayola.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net; connect-src https://maps.googleapis.com https://*.fontawesome.com https://dc.services.visualstudio.com https://api.insight.sitefinity.com https://*.marker.io https://s3.eu-west-1.amazonaws.com/marker.sessions.prod https://*.youtube.com 'self' https://*.bc0a.com https://*.bazaarvoice.com https://api.astutebot.com https://bot.emplifi.io https://bl.listrakbi.com https://www.google-analytics.com https://services.listrak.com https://cdn.cookielaw.org http://localhost.com in-v3.mailjet.com http://*.googleapis.com https://i.ytimg.com https://*.pricespider.com wss://*.pricespider.com https://*.mapbox.com https://*.ipstack.com blob: https://*.listrakbi.com https://*.google-analytics.com https://geolocation.onetrust.com https://www.google.com/ccm/collect https://analytics.google.com/g/collect https://*.crayola.com https://ad.doubleclick.net https://www.facebook.com https://youtube.com; font-src data: https://fonts.gstatic.com https://*.fontawesome.com 'self' https://*.bazaarvoice.com https://*.monetate.net https://w.likebtn.com https://*.pricespider.com https://mediacdn.espssl.com; img-src data: https://*.likebtn.com https://maps.gstatic.com https://maps.googleapis.com https://*.bazaarvoice.com https://*.monetate.net https://www.googletagmanager.com https://i.ytimg.com https://*.pricespider.com https://*.googletagmanager.com https://mediacdn.espssl.com https://s1.listrakbi.com https://cdn.cookielaw.org https://www.facebook.com 'self'; frame-src https://*.youtube.com https://*.marker.io https://*.bazaarvoice.com https://bot.emplifi.io https://api.astutebot.com https://bl.listrakbi.com https://services.listrak.com https://static.addtoany.com https://*.juicer.io/ https://*.listrakbi.com https://*.crayola.com https://www.googletagmanager.com https://astutebot.com https://*.monetate.net https://*.doubleclick.net; style-src 'unsafe-inline' https://*.likebtn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.bazaarvoice.com https://*.monetate.net https://cdn.listrakbi.com https://bl.listrakbi.com https://*.pricespider.com https://*.mapbox.com https://*.googletagmanager.com https://*.listrakbi.com https://*.jquery.com 'self'; worker-src blob: 'self'; media-src 'self' 2 frame-ancestors 'self' https://*.elal.com https://*.elal.co.il https://elal.clearmash.com https://experience.adobe.com https://*.amadeus.com; 2 default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.kuka.cn *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net kuka-digital-sphere.pages.dev; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com kuka-digital-sphere.pages.dev *.adroll.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com kuka-digital-sphere.pages.dev; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com *.google.com *.doubleclick.net *.linkedin.com; frame-ancestors 'self' https://kuka.presono.com *.kuka.com *.sandbox.my.site.com 2 frame-src 'self' https://app.cofcsports.com https://google.com https://www.google.com https://*.snapchat.com https://*.adsrvr.org charleston.gpinsights.org https://td.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://googletagmanager.com https://go.pardot.com https://cofc.secure.force.com https://forms.charleston.edu https://forms.cofc.edu https://cofc-edu.my.salesforce-sites.com youtube.com *.youtube.com vimeo.com *.vimeo.com calendar.charleston.edu *.charleston.edu https://cofc.tfaforms.net www.imleagues.com imleagues.com *.k12insight.com k12insight.com cofc.edu *.cofc.edu cofc.zoom.us fm-cofc.maps.arcgis.com cougarconnect.cofc.edu outlook.office365.com *.arcgis.com teams.microsoft.com *.buzzsprout.com buzzsprout.com; 2 default-src * blob: 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; 2 default-src 'self'; script-src apis.google.com connect.facebook.net ajax.aspnetcdn.com *.google-analytics.com https://www.youtube.com/iframe_api *.pardot.com *.cloudflare.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.googletagmanager.com *.demandbase.com my.hellobar.com snap.licdn.com bat.bing.com *.doubleclick.net *.healthstream.com *.crazyegg.com *.driftt.com *.zoominfo.com *.clarity.ms www.clickcease.com *.ceros.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com scout-cdn.salesloft.com https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js *.mountain.com https://js-agent.newrelic.com *.cookiebot.com https://static.ads-twitter.com/ platform.twitter.com www.youtube.com www.googleadservices.com *.optimonk.com www.google.com/jsapi www.gstatic.com healthstream.formstack.com cdn.ampproject.org https://dec.azureedge.net web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.falcon-software.com *.crazyegg.com www.googletagmanager.com 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.optimonk.com my.hellobar.com use.typekit.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com www.facebook.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com bat.bing.com id.rlcdn.com px.ads.linkedin.com *.google.ca *.google.com *.crazyegg.com *.ads.linkedin.com *.clarity.ms c.bing.com aorta.clickagy.com tr-rc.lfeeder.com www.googletagmanager.com 'self' https://dec.azureedge.net imgsct.cookiebot.com t.co analytics.twitter.com *.healthstream.com brand-assets.capterra.com *.hellobar.com click.s12.exacttarget.com googleads.g.doubleclick.net *.ytimg.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.falcon-software.com hs.healthstream.com go.pardot.com *.optimonk.com; frame-src *.pardot.com *.healthstream.com *.doubleclick.net data: *.google.com *.crazyegg.com *.facebook.com consentcdn.cookiebot.com https://www.youtube.com *.ceros.com 'self' https://healthstream.formstack.com *.g2.com *.driftt.com datainsights-cdn.dm.aws.gartner.com platform.twitter.com *.googletagmanager.com web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com www.google.com *.doubleclick.net *.crazyegg.com hs.healthstream.com go.pardot.com *.clarity.ms cdn.linkedin.oribi.io ws.zoominfo.com analytics.google.com pagead2.googlesyndication.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com px.ads.linkedin.com scout.salesloft.com www.redditstatic.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 bam.nr-data.net google.com *.cookiebot.com *.optimonk.com *.bing.com googletagmanager.com api.hellobar.com pro.ip-api.com; media-src 'self' data: blob: *.youtube.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com *.falcon.local blob: 'self' web-chat.nativechat.com; form-action 'self' healthstream--hstm.my.salesforce.com webto.salesforce.com *.facebook.com; frame-ancestors 'self' 2 object-src 'none'; form-action https://www.traceparts.com https://ws-edition.tracepartsonline.net https://cdn-www.traceparts.com https://forms.hsforms.com; frame-ancestors 'none' 2 default-src https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' https://*.directupload.net https://*.directupload.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.directupload.net https://*.directupload.eu; img-src 'self' https://ssl.google-analytics.com data: https://*.directupload.net https://*.directupload.eu; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-src 'self' https://www.google.com https://*.directupload.net https://*.directupload.eu; worker-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; 2 form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com *.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.googletagmanager.com *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' emd.hybrid.ai *.hybrid.ai pixel.wp.pl *.santanderopenacademy.com www.google.com cdn.jsdelivr.net cdn.equalweb.com *.googleadservices.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2 default-src 'self'; style-src 'self' *.arcgis.co *.freshchat.com *.typeform.com *.bootstrapcdn.com *.doublethedonation.com doublethedonation.com *.chatbot.com 'unsafe-inline' *.google.com *.google.ca *.googleapis.com; script-src 'self' *.gstatic.com *.issuu.com *.fw-cdn.com *.freshchat.com *.fontawesome.com *.arcgis.co *.createjs.com *.typeform.com *.chatbot.co *.facebook.net *.bing.com youtube.com *.youtube.com *.pardot.com *.cookieinformation.com *.classy.org *.googletagmanager.com *.google-analytics.com *.doublethedonation.com doublethedonation.com *.newrelic.com *.sharethis.com *.googleoptimize.com *.rainforest-alliance.org *.google.com *.google.ca *.gstatic.co *.gstatic.com *.chatbot.com 'unsafe-inline' *.googleadservices.com *.doubleclick.net 'unsafe-eval'; img-src 'self' rainforest-alliance.org *.rainforest-alliance.org rainforest-alliance.org *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.facebook.com *.doublethedonation.com doublethedonation.com *.gravatar.com *.chatbot.com data: *.google.com *.google.ca *.gstatic.com; font-src 'self' *.rainforest-alliance.org *.fontawesome.com *.doublethedonation.com doublethedonation.com data: *.googletagmanager.com *.google.com *.google.ca *.gravatar.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.google.com *.google.ca *.fontawesome.com *.hirehive.com *.classy.org *.cookieinformation.com *.google-analytics.com *.appspot.com *.doubleclick.net *.bing.com *.nr-data.net *.doublethedonation.com doublethedonation.com *.chatbot.com *.sharethis.com; frame-src 'self' *.issuu.com *.googletagmanager.com *.linkedin.com *.freshchat.com *.my.site.com *.arcgis.com *.facebook.com *.typeform.com *.juicer.io *.vimeo.com *.cookieinformation.com *.rainforest-alliance.org *.classy.org *.powerbi.com *.google.com *.google.ca youtube.com *.youtube.com *.chatbot.co *.chatbot.com *.doubleclick.net; frame-ancestors 'none'; 2 default-src 'self' https://*.e-i.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://*.linkedin.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://snap.licdn.com https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tag.aticdn.net https://tags.data-driven.fr https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.e-i.com; img-src 'self' blob: data: https://*.e-i.com https://*.linkedin.com https://ad.doubleclick.net https://conv.indeed.com/pagead/ https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://pubads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.googletagmanager.com; font-src 'self' data: https://*.e-i.com; object-src 'none'; media-src 'self' blob: https://*.e-i.com; base-uri 'none'; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; child-src 'self' blob: https://*.e-i.com https://*.fls.doubleclick.net https://api.linkedin.com https://bid.g.doubleclick.net https://recaptcha.google.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://*.googlesyndication.com https://*.linkedin.com https://ad.doubleclick.net https://adservice.google.com https://cmcic.matomo.cloud https://google.com https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tags.data-driven.fr https://www.google.com https://www.googleadservices.com https://zkkwkzt.pa-cd.com; report-uri 2 frame-ancestors demdex.net *.demdex.net storyblok.com *.storyblok.com iq.com.br *.iq.com.br azulis.com.br *.azulis.com.br salveospequenos.com.br *.salveospequenos.com.br br.originhosting.io *.br.originhosting.io itau.com.br *.itau.com.br credicard.com.br *.credicard.com.br acordocerto.com.br *.acordocerto.com.br consumidorpositivo.com.br *.consumidorpositivo.com.br acordocerto.net cdn.acordocerto.net 2 frame-ancestors 'self' https://ahunga.sharepoint.com https://mywallet.onewallet.one.nz/ https://netspeed.net.nz/ https://wirelessnation.co.nz/ https://koganmobile.co.nz/ https://www.one.nz/ 2 frame-ancestors 'self' https://help.foxtel.com.au/ https://foxtelbrand.zeroheight.com/ 2 frame-ancestors bosch-pt.com.au www.bosch-pt.com.au bosch-pt.co.nz www.bosch-pt.co.nz bosch-officeon.com boschprofessionalworld.com staging.boschprofessionalworld.com staging-2.boschprofessionalworld.com theviewer.co *.kittelberger.net *.kittelberger.de *.bosch-professional.com; 2 default-src 'self' s.toursites.ru video.tophotels.ru *.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; connect-src 'self' s.toursites.ru *.netlog.ru video.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' tophotels.ru s.toursites.ru hotelscheck.com.ru; img-src 'self' s.toursites.ru blob: data: *; media-src 'self' s.toursites.ru blob: video.tophotels.ru *.tophotels.ru; frame-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru *.mzls.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com *.adriver.ru; script-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' s.toursites.ru carsrent.ru tophotels.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'self'; 2 default-src * 'unsafe-inline' 'unsafe-eval' blob: data: 2 frame-ancestors 'self' https://*.fourthwall.com 2 frame-ancestors http://msdcxp.msp.int http://msdcxp.msp.de 2 frame-ancestors 'self' https://app.experiencewelcome.com/ 2 default-src 'self' https://www.wealthfront.com https://cdn.wealthfront.com; connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://www.googleadservices.com https://bat.bing.com https://*.doubleclick.net https://*.g.doubleclick.net https://maps.googleapis.com/maps/api https://*.googleapis.com https://*.gstatic.com https://cdn.wealthfront.com https://*.bugcrowd.com https://bugcrowd.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com; frame-src 'self' https://www.wf-box.net https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.prod-cde.net https://www.test-cde.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com tpc.googlesyndication.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://finapp.wealthfront.yodlee.com https://*.bugcrowd.com https://bugcrowd.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com; img-src https: *.google.com *.googleusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.gstatic.com https://bat.bing.com https://www.google.com https://www.facebook.com https://*.doubleclick.net https://pixel.pointmediatracker.com https://*.bugcrowd.com https://bugcrowd.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com data:; font-src 'self' https://cdn.wealthfront.com https://fonts.gstatic.com data:; object-src 'none'; script-src 'unsafe-inline' https://cdn.wealthfront.com https://www.wealthfront.com https://*.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.googleadservices.com tpc.googlesyndication.com connect.facebook.net https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.bugcrowd.com https://bugcrowd.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com; style-src 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://cdn.wealthfront.com https://www.wealthfront.com https://fonts.googleapis.com https://*.bugcrowd.com https://bugcrowd.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com; worker-src 'none'; base-uri 'none'; form-action 'self' https://finapp.wealthfront.yodlee.com https://stage.stg.solex.com https://stage.docutechtemp.wealthfront.com https://docutechtemp.wealthfront.com; frame-ancestors 'self'; report-uri https://csp.wealthfront.com; upgrade-insecure-requests 2 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data: blob:; media-src https: blob:; object-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com files.bizhub.sh cdnjs.cloudflare.com *.stripe.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com recaptcha.net; connect-src 'self' api.locize.io *.stripe.com *.taxjar.com files.bizhub.sh www.google-analytics.com piwik.konicaminolta.eu bizhub.singles *.bizhub.singles develop.singles *.develop.singles 0a0243a9.green *.0a0243a9.green 0a0243a9.xyz *.0a0243a9.xyz 9a3420a0.xyz *.9a3420a0.xyz konicaminoltamarketplace.com *.konicaminoltamarketplace.com bizhubmarketplace.com *.bizhubmarketplace.com developmarketplace.com *.developmarketplace.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com *.amazonaws.com; font-src 'self' files.bizhub.sh fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com files.bizhub.sh maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.stripe.com cdn.polyfill.io www.google-analytics.com www.googletagmanager.com *.google.com www.gstatic.com cdnjs.cloudflare.com ajax.aspnetcdn.com piwik.konicaminolta.eu recaptcha.net; img-src 'self' data: files.bizhub.sh cdnjs.cloudflare.com s3.us-west-2.amazonaws.com www.google-analytics.com *.stripe.com *.stripecdn.com; frame-src 'self' *.stripe.com *.stripecdn.com recaptcha.net 2 default-src 'self' https://*.stan.com.au; child-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com.au; connect-src 'self' blob: https://*.akamaihd.net https://*.analytics.google.com https://*.braintreegateway.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://api.ipify.org https://app.vwo.com https://ara.paa-reporting-advertising.amazon https://bat.bing.com https://conversions-config.reddit.com https://google.com https://ipv4.podscribe.com https://insight.adsrvr.org https://match.adsrvr.org https://moda-cdp-message-prd-7jirubb0.uc.gateway.dev https://pagead2.googlesyndication.com https://payments.braintree-api.com https://pixel-config.reddit.com https://pixel.tapad.com https://s.amazon-adsystem.com https://sink.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.redditstatic.com; form-action 'self' https://*.stan.com.au https://www.facebook.com; font-src 'self' data: https://www.stan.com.au https://fonts.gstatic.com; frame-ancestors none; frame-src 'self' https://*.amazon-adsystem.com https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://4913904.fls.doubleclick.net https://app.vwo.com https://apps.rokt.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: data: https://*.akamaihd.net https://*.analytics.google.com https://*.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ad.doubleclick.net https://ade.googlesyndication.com https://alb.reddit.com https://app.vwo.com https://chart.googleapis.com https://google.com https://googletagmanager.com https://i.ytimg.com https://pagead2.googlesyndication.com https://ssl.gstatic.com https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.tiktok.com https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://googletagmanager.com https://js.adsrvr.org https://pagead2.googlesyndication.com https://redditstatic.s3.amazonaws.com https://sdk.lifesight.io https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 2 frame-src *.pff.com www.facebook.com www.youtube.com *.safeframe.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.criteo.com *.google.com *.rubiconproject.com *.googleadservices.com *.yahoo.com 2 frame-ancestors 'self' *.optimizely.com 2 img-src 'self' secure.gravatar.com img-hub.ru ps.w.org img.freepik.com www.acint.net data:; 2 base-uri 'self'; style-src 'self' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com *.twimg.com cdn.commonspirit.org fonts.googleapis.com gateway.foresee.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com *.dignityhealth.org *.evaliahealth.com *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.mktoutil.com *.recaptcha.net/recaptcha/ *.recaptcha.net/recaptcha/ *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org cdn.commonspirit.org cdn.jsdelivr.net/npm/twemoji@13 cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com decodedigital.s3.amazonaws.com dignityhealth.hrm.healthgrades.com experience.adobe.com gateway.foresee.com google-analytics.com googleads.g.doubleclick.net hipaa.jotform.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com s.yimg.com solutions.invocacdn.com support.doctorpodcasting.com/widget/easyXDM.js twemoji.maxcdn.com unpkg.com use.typekit.net www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com calendar.google.com commonspirit.demdex.net dignityhealth.hrm.healthgrades.com docasap.com identityspa.dignityhealth.org support.doctorpodcasting.com www.cognitoforms.com www.google.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.stackadapt.com *.twimg.com *.vimeocdn.com *.youtube.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org qvdt3feo.com s3.amazonaws.com s3.amazonaws.com/assets.gyant.com/ twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.google.com api.ipify.org app-w2-owrapi-prd.azurewebsites.net assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pnapi.invoca.net readaloud.googleapis.com s.yimg.com s3.amazonaws.com/assets.gyant.com/ telemetry.commonspirit.org translate.googleapis.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org analytics.foresee.com cdn1.commonspirit.org commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org; font-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.gstatic.com *.slant.co cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net; 2 frame-ancestors 'self' https://app.storyblok.com https://*.storyblok.com https://*.storyblok.com https://*.saleshood.com *.saleshood.com https://*.navattic.com 2 frame-ancestors https://*.storyblok.com; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://adservices.brandcdn.com https://assets.adobedtm.com https://cdn.cookielaw.org https://insight.adsrvr.org https://sc-static.net https://static.ads-twitter.com https://tag.brandcdn.com https://vercel.live https://*.asml.com https://*.cloudfront.net https://*.doubleclick.net https://*.euroland.com https://*.facebook.net https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.mouseflow.com https://*.quadia.net https://*.qualtrics.com https://*.redditstatic.com https://*.snapchat.com https://*.youtube.com https://*.hcaptcha.com https://hcaptcha.com; child-src 'self' https://*.mouseflow.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.asml.com https://vercel.live https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' data: https://asml.picturepark.com https://*.sitecorecloud.io https://cdn.cookielaw.org https://insight.adsrvr.org https://*.ads.linkedin.com https://alb.reddit.com https://www.facebook.com https://siteintercept.qualtrics.com https://12184559.fls.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://adservices.brandcdn.com https://tag.simpli.fi; connect-src 'self' data: https://adservices.brandcdn.com https://cdn.cookielaw.org https://conversions-config.reddit.com https://google.com https://insight.adsrvr.org https://*.ads.linkedin.com https://tag.brandcdn.com https://www.google.com https://www.redditstatic.com https://*.asml.com https://*.demdex.net https://*.doubleclick.net https://*.linkedin.oribi.io https://*.mouseflow.com https://*.onetrust.com https://*.quadia.net https://*.qualtrics.com https://*.sitecorecloud.io https://*.snapchat.com https://*.snplow.net https://*.vercel-insights.com https://*.youtube.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com https://*.asml.com https://cdn.mouseflow.com; ; object-src 'none'; base-uri 'self'; frame-src 'self' https://asml.demdex.net https://*.youtube.com https://*.google.com https://*.asml.com https://*.qualtrics.com https://asmllaserbox.com https://*.doubleclick.net https://*.everesttech.net https://*.adobedc.net https://*.adobedtm.com https://*.quadia.net https://*.mouseflow.com https://*.eurolandir.com https://*.snapchat.com https://*.amazonaws.com https://sdk.companywebcast.com https://*.intractive.app https://*.webflow.io https://*.beardbt.com https://*.hcaptcha.com https://hcaptcha.com; manifest-src 'self'; media-src 'self' https://asml.corptv.datiq.net https://corptv.datiq.net https://*.sitecorecloud.io ; worker-src 'none'; 2 default-src 'self' 'unsafe-inline' https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: www.bundeswehr.de webstatistik.bundeswehr.de; script-src-elem 'unsafe-inline' webstatistik.bundeswehr.de www.bundeswehr.de *.video-cdn.net *.de.kaltura.com *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com platform.twitter.com connect.facebook.net; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.de.kaltura.com cfvod.frp2.ovp.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: *.bundeswehr.de *.bmvg.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bundeswehr.de/report-uri/ 2 default-src 'self' *.antwerpen.be;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self' perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be;img-src 'self' *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com data: server.arcgisonline.com geo.api.vlaanderen.be tiles.arcgis.com clarity.ms *.clarity.ms ytimg.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.antwerpen.be www.google-analytics.com www.googletagmanager.com facebook.com *.facebook.com *.facebook.net instagram.com *.instagram.com soundcloud.com *.soundcloud.com spotify.com *.spotify.com tiktok.com https://sf16-website-login.neutral.ttwstatic.com *.tiktok.com twitframe.com *.twitter.com vimeo.com *.vimeo.com youtube.com *.youtube.com https://cdn.antwerpen.be/mtn/5.1.2/metanav.min.js enquete.agconsult.com *.enquete.agconsult.com clarity.ms *.clarity.ms hotjar.com *.hotjar.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' *.antwerpen.be *.google-analytics.com acpaasui.s3.amazonaws.com perceleninfoplatform-o.antwerpen.be perceleninfoplatform-a.antwerpen.be perceleninfoplatform.antwerpen.be soundcloud.com clarity.ms *.clarity.ms vimeo.com;frame-src 'self' facebook.com *.facebook.com instagram.com *.instagram.com soundcloud.com *.soundcloud.com spotify.com *.spotify.com tiktok.com *.tiktok.com twitframe.com *.twitter.com vimeo.com *.vimeo.com youtube.com *.youtube.com survey.alchemer.eu 2 frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2 default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com blob: marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net *.castos.com 675-zyq-542.mktoweb.com googleads.g.doubleclick.net *.marketo.net *.pathfactory.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com *.pressganey.com *.castos.com googleads.g.doubleclick.net *.pathfactory.com 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com pressganey.com; frame-src 'self' play.vidyard.com vars.hotjar.com tpc.googlesyndication.com td.doubleclick.net *.google.com *.pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com *.myworkdayjobs.com googleads.g.doubleclick.net; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net; connect-src 'self' 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com *.castos.com googleads.g.doubleclick.net *.mktoresp.com *.pathfactory.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net *.pathfactory.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com googleads.g.doubleclick.net; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 2 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; object-src 'none'; frame-ancestors 'self' *.optimizely.com; report-uri /api/next/csp-report; report-to csp-report-endpoint; media-src https://*.ctfassets.net; 2 frame-ancestors 'self' *.itslearning.com; upgrade-insecure-requests 2 connect-src 'self' data: blob: https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://googleads.g.doubleclick.net https://gigaset.freshdesk.com https://*.paypal.com https://www.paypal.com https://*.ads.linkedin.com https://google.com https://www.googleadservices.com https://challenges.cloudflare.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.google-analytics.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://*.etrusted.com https://*.fresworks.com https://*.gigaset.com https://*.paypal.com https://*.linkedin.com https://*.eye-able.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.googleadservices.com https://*.google-analytics.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com https://fonts.gstatic.com https://apps.bazaarvoice.com; form-action 'self' www.facebook.com feldtest.gigaset.com security.gigaset.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com partner-service.gigaset.com gigaset-help.freshdesk.com accounts-eu.freshworks.com; frame-ancestors 'self' www.gigaset.com *.etracker.com *.google.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://fonts.gstatic.com contentorigin.bazaarvoice.com https://www.paypalobjects.com https://*.paypal.com https://t.paypal.com https://*.ads.linkedin.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.googleadservices.com https://*.google-analytics.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://*.googletagmanager.com https://app.usercentrics.eu https://accounts-eu.freshworks.com https://service.gigaset.com https://gigaset-org.freshworks.com https://www.paypal.com https://pay.google.com https://www.sandbox.paypal.com https://x.klarnacdn.net https://www.gstatic.com https://challenges.cloudflare.com https://*.eye-able.com https://*.bazaarvoice.com https://web.cmp.usercentrics.eu https://*.google-analytics.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com https://*.etrusted.com https://www.googletagmanager.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.google-analytics.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu gigaset.my.salesforce-sites.com https://*.etrusted.com https://*.doubleclick.net https://*.reepay.com https://challenges.cloudflare.com https://*.cmp.usercentrics.eu https://*.google-analytics.com; 2 img-src https://syndication.twitter.com data: https://utmb-cdn.azureedge.net https://bbox.blackbaudhosting.com 'self' https://cdn.utmb.edu https://www.utmb.edu https://www.utmbhealth.com https://gsbs.utmb.edu https://utmbhealth.razuna.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://67412.global.siteimproveanalytics.io https://curator-assets.b-cdn.net https://um.simpli.fi https://utmbstorage.blob.core.windows.net https://static.ctctcdn.com https://cdn.yoshki.com https://staticmap.concept3d.com https://public.tableau.com https://i.vimeocdn.com https://i.ytimg.com https://mcusercontent.com https://cdn.ymaws.com https://anesth.utmb.edu https://acrm.org https://www.aamc.org http://uwgalv.org https://acestoassets.org https://www.galvestonartscenter.org https://dim.mcusercontent.com https://www.ilo.org https://www.nlm.nih.gov https://cdn2.percipio.com http://www.galveston.com https://support.content.office.net https://images-na.ssl-images-amazon.com https://www.orangesmile.com https://www.abos.org https://i1.wp.com/wavelengthmedical.com https://i0.wp.com/wavelengthmedical.com https://www.dropbox.com https://www.facs.org https://serve.uberads.com https://www.nidcd.nih.gov https://www.medicaldiscoverynews.com https://img.photobucket.com https://uwgalv.org https://www.freewebs.com https://www.galveston.com https://api.tiles.virtualearth.net https://assets.section508.gov https://commons.wikimedia.org https://eep.io https://guynir1.files.wordpress.com https://insight.adsrvr.org https://liveutmb.sharepoint.com https://digitalasset.intuit.com https://downloads.mailchimp.com https://chat-us.libanswers.com https://media-cldnry.s-nbcnews.com https://log.pinterest.com https://payments.blackbaud.com https://platform-cdn.sharethis.com https://sync.sharethis.com https://www9.utmb.edu https://ad.doubleclick.net https://collector-12155.tvsquared.com https://www.google.com blob: https://apps.ideal-logic.com https://researchexperts.utmb.edu https://www.googletagmanager.com; style-src https://utmb-cdn.azureedge.net https://bbox.blackbaudhosting.com 'self' 'unsafe-inline' data: https://cdn.utmb.edu https://fonts.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://www.utmb.edu https://www.utmbhealth.com https://cdn.curator.io https://tags.srv.stackadapt.com http://ffoodd.github.io https://use.fontawesome.com https://cdn-images.mailchimp.com https://webforms.utmb.edu https://maxcdn.bootstrapcdn.com https://static.ctctcdn.com https://mychart.utmb.edu https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com https://doctors.utmbhealth.com https://stackpath.bootstrapcdn.com https://downloads.mailchimp.com https://chat-us.libanswers.com https://grmychart.utmb.edu https://payments.blackbaud.com https://grutrgv.utmb.edu https://utrgv.utmb.edu https://www9.utmb.edu https://apps.ideal-logic.com; connect-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.utmb.edu https://ixfd2-api.bc0a.com https://api.curator.io https://tags.srv.stackadapt.com https://c.statcounter.com https://api3.libcal.com https://listgrowth.ctctcdn.com https://login.microsoftonline.com https://mychart.utmb.edu https://liveutmb-my.sharepoint.com https://chat-us.libanswers.com https://www.today.com https://www.lightboxcdn.com https://l.sharethis.com https://payments.blackbaud.com https://bcp.crwdcntrl.net https://www9.utmb.edu https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://apps.ideal-logic.com https://api.allorigins.win https://ad.doubleclick.net; frame-ancestors 'self' https://www.utmbhealth.com https://www.utmb.edu https://www.today.com https://www.lightboxcdn.com https://www9.utmb.edu; script-src https://utmb-cdn.azureedge.net https://www.youtube.com https://siteimproveanalytics.com https://meps.ahrq.gov https://fs22.formsite.com https://bat.bing.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://cdn.jsdelivr.net https://tag.brandcdn.com 'self' 'unsafe-inline' data: blob: https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.gstatic.com https://ajax.googleapis.com https://www.googleadservices.com https://cdn.utmb.edu https://www.utmb.edu https://www.utmbhealth.com https://doctors.utmbhealth.com https://search.utmb.edu https://utmb.hosted.panopto.com https://cdn.bc0a.com https://consents-cf.bc0a.com https://dsrportal-cdn.bc0a.com https://platform.twitter.com https://connect.facebook.net https://cdn.curator.io https://tag.simpli.fi https://tags.srv.stackadapt.com https://i.simpli.fi https://chimpstatic.com https://static.addtoany.com https://www.statcounter.com https://downloads.mailchimp.com https://mc.us14.list-manage.com https://api3.libcal.com https://askus.utmb.edu https://www.hcup-us.ahrq.gov https://www.icpsr.umich.edu https://cma.ahrq.gov https://embed.typeform.com https://ocrportal.hhs.gov https://mychart.utmb.edu https://platform-api.sharethis.com https://peopledirectory.uth.tmc.edu https://www.acs-education.com https://player.vimeo.com https://corporate.visa.com https://my.americanheart.org https://www.nlm.nih.gov https://secure.touchnet.net https://www.acponline.org https://webforms.utmb.edu https://dx.doi.org https://s7.addthis.com https://m.addthis.com https://api-public.addthis.com https://z.moatads.com https://cdn.credly.com https://www.swarminteractive.com https://assets.pinterest.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://uu.diva-portal.org https://s3.amazonaws.com https://www.heart.org https://cdn.yoshki.com https://www2.tsl.state.tx.us https://home.absurgery.org https://www.instagram.com https://cdn01.basis.net https://collector-12155.tvsquared.com https://static.hotjar.com https://180277.tctm.co https://script.hotjar.com https://adservices.brandcdn.com https://tools.cdc.gov https://www.cdc.gov https://public.tableau.com https://www.novitas-solutions.com https://www.imleagues.com https://www.medicaldiscoverynews.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://code.highcharts.com https://code.jquery.com https://mb.moatads.com https://softchalkcloud.com https://www.audacy.com https://babe71tl.micpn.com https://liveutmb-my.sharepoint.com https://chat-us.libanswers.com https://buttons-config.sharethis.com https://grmychart.utmb.edu https://t.sharethis.com https://vwp1mychart01.utmb.edu https://utrgv.utmb.edu https://grutrgv.utmb.edu https://www9.utmb.edu https://googleads.g.doubleclick.net https://apps.ideal-logic.com https://api.allorigins.win https://webformstest.utmb.edu https://cdn.rlets.com 'unsafe-eval'; form-action 'self' 2 img-src 'self' https://www.googletagmanager.com https://www.google.co.kr https://i.ytimg.com https://perf-na1.hsforms.com https://track.hubspot.com https://forms.hsforms.com data:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com fast.wistia.net api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com www.clarity.ms kit.fontawesome.com cdn-cookieyes.com openfpcdn.io challenges.cloudflare.com app.vwo.com cdn.mouseflow.com js.sentry-cdn.com maps.google.com maps.googleapis.com browser.sentry-cdn.com api.map.baidu.com dlswbr.baidu.com maponline0.bdimg.com googleads.g.doubleclick.net www.googleadservices.com pi.pardot.com adv.my.site.com static.cloudflareinsights.com; img-src 'self' data: *.advantech.com *.advantech.com.cn campaign.advantech.online *.visualwebsiteoptimizer.com advantechfiles.blob.core.windows.net advdownload.blob.core.windows.net app.vwo.com c.bing.com c.clarity.ms cdn-cookieyes.com chart.googleapis.com dashboard.whoisvisiting.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com fast.wistia.com fonts.gstatic.com googleads.g.doubleclick.net hm.baidu.com img.videocc.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com www.google.com.tw www.googleadservices.com www.googletagmanager.com www.linkedin.com maps.googleapis.com maps.gstatic.com api.map.baidu.com maponline0.bdimg.com maponline1.bdimg.com webmap0.bdimg.com miao.baidu.com fast.wistia.net; style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com api.map.baidu.com fast.wistia.com n.foxdsgn.com advantechfiles.blob.core.windows.net adv.my.site.com; font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fast.wistia.net fonts.gstatic.com script.hotjar.com ka-p.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' *.advantech.com *.advantech.com.cn *.iotmart.com adv--iotmartdev.sandbox.my.site.com campaign.advantech.online ottlive.hinet.net; object-src 'none'; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; connect-src * data:; media-src * blob:; worker-src 'self' blob:; font-src 'self' https://cdn.clinicalkey.com/ https://ssl.p.jwpcdn.com/ data:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org https://appleid.cdn-apple.com https://*.trustarc.com *.niceincontact.com *.mountain.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.amazon-adsystem.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com *.niceincontact.com https://*.trustarc.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 2 upgrade-insecure-requests; default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; media-src *; object-src *; frame-src *; 2 default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action http://*.enterprisedb.com http://enterprisedb.com http://enterprisedb.okta.com 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 2 default-src 'none'; frame-ancestors 'self' serato.sanity.studio; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.googletagmanager.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.hotjar.com; font-src 'self' https://fast.fonts.net https://static.serato.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://static.serato.com https://*.hotjar.com; img-src 'self' data: https://*.cdn.sera.to https://cdn.sanity.io https://static.serato.com https://serato.com https://bat.bing.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com https://*.hotjar.com; connect-src 'self' https://*.serato.com https://*.sanity.io https://serato-limited.breezy.hr/json https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://analytics.google.com https://www.google-analytics.com https://bat.bing.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src 'self' https://static.serato.com https://*.cdn.sera.to https://cdn.sanity.io; frame-src 'self' https://youtube.com https://www.youtube.com https://w.soundcloud.com https://embed.music.apple.com 2 default-src *; style-src 'unsafe-inline' *; font-src 'self' data: blob: *; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src * data: blob:; media-src 'self' blob: * data: *; frame-src * webcompt: heybox: maxjia: 2 frame-ancestors 'self' https://*.designcrowd.com; 2 base-uri 'self' https://amli.sekindo.com; connect-src 'self' https: data: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' https: googleads.g.doubleclick.net error-report.com; img-src 'self' data: https:; media-src 'self' blob: gcdn.2mdn.net video.primis.tech; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: blob: www.google-analytics.com pagead2.googlesyndication.com cdn.perfops.net; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com content.quantcount.com live.primis.tech html-load.com; worker-src blob:; block-all-mixed-content; report-to https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 2 frame-ancestors 'self' https://www.google.com https://www.gstatic.com ; img-src 'self' data: https://www.frontierstore.net https://steamcommunity-a.akamaihd.net https://d1wv0x2frmpnh.cloudfront.net https://d3tidaycr45ky4.cloudfront.net https://p.typekit.net https://imgsct.cookiebot.com https://services.postcodeanywhere.co.uk https://track.linksynergy.com https://dev.visualwebsiteoptimizer.com https://www.google.co.uk https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.frontierstore.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://use.typekit.net https://web-analytics.zaonce.net/matomo.js https://ajax.googleapis.com https://static.hotjar.com https://intljs.rmtag.com https://front11152.pcapredict.com https://services.postcodeanywhere.co.uk https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://www.frontierstore.net https://services.postcodeanywhere.co.uk https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://consentcdn.cookiebot.com; object-src 'none'; 2 default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 2 frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://www.pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://*.surveymonkey.com https://player.vimeo.com https://privacyportal.onetrust.com https://www.google.com; frame-ancestors 'self' https://pilotcompany.com https://jobs.pilotflyingj.com https://saratogarack.com https://one9fuelnetwork.com https://www.pilotflyingj.com https://pilotflyingj.com https://na2.docusign.net https://powerforms.docusign.net 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.twilio.com *.contentsquare.net *.heapanalytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sdiapi.com *.sdiapi.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.aurusepay.com *.auruspay.com h.online-metrix.net td.doubleclick.net *.sdiapi.com *.sdiapi.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com h.online-metrix.net *.google-analytics.com *.analytics.google.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.contentsquare.net *.heapanalytics.com *.crowdtwist.com *.online-metrix.net *.google.com *.googletagmanager.com *.doubleclick.net scene7.zumiez.com scene7.zumiez.ca s7d1.scene7.com *.rfksrv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.avada.io https://cdn.ownid.com https://cdn.uat.ownid.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com h.online-metrix.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com tracking.deepsearch.adlucent.com *.twilio.com *.contentsquare.net *.contentsquare.com *.hotjar.com cdn.us.heap-api.com *.heapanalytics.com *.scarabresearch.com www.clarity.ms *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.typekit.net *.aurusepay.com *.auruspay.com *.heapanalytics.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://get.geojs.io *.avada.io https://*.server.ownid.com/ https://*.server.uat.ownid.com/ https://*.uat.ownid.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com ws: h.online-metrix.net *.google-analytics.com *.analytics.google.com *.twilio.com *.zumiez.com *.contentsquare.net *.heapanalytics.com c.us.heap-api.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net w.clarity.ms bam.nr-data.net *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: *.sdiapi.com *.sdiapi.net http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://one.hu https://digi.hu https://salesweb.digi.hu; object-src 'self'; 2 img-src *.commercecloud.salesforce.com https://res.cloudinary.com https://assets.cavenders.com/ pixel.pointmediatracker.com *.doubleclick.net *.criteo.com www.facebook.com https://ads.stickyadstv.com https://ad.360yield.com https://idsync.rlcdn.com https://contextual.media.net public-prod-dspcookiematching.dmxleo.com x.bidswitch.net ib.adnxs.com tg.socdm.com r.casalemedia.com cs.adingo.jp c.bing.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv ade.clmbtech.com eb2.3lift.com sync.1rx.io um.simpli.fi bat.bing.com www.googletagmanager.com sync.targeting.unrulymedia.com 'self' data:;script-src storage.googleapis.com www.googletagmanager.com https://global.ketchcdn.com https://cdn.ketchjs.com https://static.hotjar.com https://bat.bing.com https://js.adsrvr.org connect.facebook.net *.criteo.com script.hotjar.com 'unsafe-inline' https://utt.impactcdn.com 'self' 'unsafe-eval' https://runtime.commercecloud.com;connect-src api.cquotient.com https://effx50gb.api.commercecloud.salesforce.com https://global.ketchcdn.com https://cdn.ketchjs.com https://www.google-analytics.com *.google.com *.doubleclick.net *.criteo.com bat.bing.com www.facebook.com insight.adsrvr.org *.hotjar.io *.hotjar.com https://cavenders.sjv.io https://d.impct.site 'self' https://runtime.commercecloud.com;media-src https://assets.cavenders.com http://commondatastorage.googleapis.com;frame-src 'self' https://www.youtube.com *.criteo.com/ *.doubleclick.net www.googletagmanager.com https://metrics.hotjar.io insight.adsrvr.org static.criteo.net https://match.adsrvr.org;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self' https://runtime.commercecloud.com;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azblue.com azblue.com *.siteimproveanalytics.com siteimproveanalytics.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.formstack.com formstack.com *.google-analytics.com google-analytics.com googletagmanager.com *.googletagmanager.com ajax.googleapis.com http://ajax.googleapis.com *.ajax.googleapis.com vercel.live *.vercel.live gateway.id.swg.umbrella.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com netreturns.biz *.netreturns.biz player.vimeo.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com static.cloudflareinsights.com connect.facebook.net *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.screenmeet.com *.google.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com youtube.com *.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.googleapis.com *.azblue.com azblue.com *.formstack.com formstack.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; img-src 'self' data: *.azblue.com azblue.com assets.azblue.com *.assets.azblue.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.siteimproveanalytics.io siteimproveanalytics.io google.com *.google.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ytimg.com *.vimeocdn.com gateway.id.swg.umbrella.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.my.salesforce-sites.com *.screenmeet.com *.ceros.com ceros.com *.amazonaws.com amazonaws.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; font-src 'self' data: *.azblue.com azblue.com assets.azblue.com fonts.googleapis.com fonts.gstatic.com *.formstack.com formstack.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; connect-src 'self' *.azblue.com azblue.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.google-analytics.com google-analytics.com *.doubleclick.net doubleclick.net *.siteimproveanalytics.io siteimproveanalytics.io *.cloudflare.com cloudflare.com *.coveo.com coveo.com analytics.google.com siteintercept.qualtrics.com vitals.vercel-insights.com gateway.id.swg.umbrella.com *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.screenmeet.com wss://*.screenmeet.com bcbsarizona.formstack.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com vimeo.com *.vimeo youtube.com *.youtube.com; media-src 'self' *.azblue.com azblue.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ceros.com ceros.com http://commondatastorage.googleapis.com commondatastorage.googleapis.com *.commondatastorage.googleapis.com; frame-src 'self' *.doubleclick.net *.google.com *.googletagmanager.com *.azblue.com azblue.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.youtube.com youtube.com *.vimeo.com vimeo.com azblue.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com edge.screenmeet.com *.screenmeet.com *.ceros.com ceros.com vercel.live azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com azblue.my.site.com *.azblue.my.site.com 2 default-src https://*.visualwebsiteoptimizer.com https://app.vwo.com https://appdsv.omie.com.br https://vc.hotjar.io https://js.intercomcdn.com https://in.hotjar.com https://api.hubapi.com https://www.facebook.com wss://nexus-websocket-a.intercom.io https://*.hubspot.com https://ws6.hotjar.com wss://ws6.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dataunion.com.br https://api-iam.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://*.gomerlin.com.br https://*.amplitude.com https://js.hubspot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hsappstatic.net https://*.taboola.com https://api.segment.io https://tag.goadopt.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://apis.google.com https://analytics.tiktok.com https://appdsv.omie.com.br https://snap.licdn.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://cse.google.com https://www.google.com https://www.google.com.br https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://js.usemessages.com https://stackpath.bootstrapcdn.com https://www.dataunion.com.br https://js.hscollectedforms.net https://www.googletagmanager.com https://*.hotjar.com https://*.tailtarget.com https://*.intercom.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://www.googleadservices.com https://js.hsforms.net https://js.hs-scripts.com https://connect.facebook.net https://forms.hsforms.com https://www.google-analytics.com https://app.omie.com.br https://cdnjs.cloudflare.com https://js.intercomcdn.com https://*.criteo.com https://static.criteo.net https://preview-new.mkt.omie.us; style-src 'self' 'unsafe-inline' 'report-sample' https://app.vwo.com https://*.visualwebsiteoptimizer.com https://*.gomerlin.com.br https://optimize.google.com https://preview-new.mkt.omie.us https://cdn.omie.com.br https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; frame-src https://app.getdemo.com.br https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.firebaseapp.com https://*.google.com https://*.omie.com.br https://*.hubspot.com https://chat-convecao24.firebaseapp.com https://www.googletagmanager.com https://td.doubleclick.net https://intercom-sheets.com/ https://cdn.omie.com.br/ https://cdndsv.omie.com.br/ https://www.intercom-reporting.com/ https://www.facebook.com/ https://player.vimeo.com/ https://www.youtube.com https://optimize.google.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://tags.t.tailtarget.com/ https://forms.hsforms.com/ https://*.criteo.com https://static.criteo.net; img-src 'self' data: blob: https://*.amazonaws.com https://*.gomerlin.com.br https://dev.visualwebsiteoptimizer.com https://measurement-api.criteo.com https://ads.stickyadstv.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com https://s3-sa-east-1.amazonaws.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://sync-t1.taboola.com https://*.criteo.com https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://cm.g.doubleclick.net https://*.hubspot.com https://*.omie.com.br https://conpass.blob.core.windows.net https://fast.conpass.io https://static.intercomassets.com https://omie-b8c3f6a65bc3.intercom-attachments-5.com https://app.intercom.com/ https://*.intercomcdn.com/ https://omiexperience-sa.intercom-attachments-7.com/ https://omie-b8c3f6a65bc3.intercom-attachments-1.com/ https://omie-b8c3f6a65bc3.intercom-attachments-9.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.br *.googleusercontent.com *.facebook.net *.facebook.com https://*.hsforms.com; font-src 'self' data: https://app.vwo.com https://*.visualwebsiteoptimizer.com https://use.typekit.net https://script.hotjar.com https://js.intercomcdn.com https://fonts.gstatic.com https://*.omie.com.br/omiesaga/ https://use.fontawesome.com; connect-src 'self' wss://app.gomerlin.com.br https://*.gomerlin.com.br https://*.amplitude.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://omie.ravena.app https://*.taboola.com https://api.hsforms.com https://disclaimer-api.goadopt.io https://api.segment.io https://cdn.jsdelivr.net https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://google.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://analytics.tiktok.com https://px.ads.linkedin.com https://analytics.google.com https://sslwidget.criteo.com https://blog.omie.com.br https://forms.hscollectedforms.net https://viacep.com.br https://appdsv.omie.com.br https://api.crm.ops.omie.us https://apidev.crm.ops.omie.us https://api.plm.ops.omie.us https://www.omie.com.br https://app.omie.com.br https://forms.hsforms.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://www.dataunion.com.br https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.google.com.br https://www.facebook.com/ https://*.hubspot.com https://*.hubapi.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com; form-action https://intercom.help https://api-iam.intercom.io https://www.facebook.com https://*.omie.com.br https://omie.clickmeeting.com/ https://*.omie.com.br https://app.omie.com.br https://www.omie.com.br https://forms.hsforms.com; media-src blob: https://js.intercomcdn.com https://preview.omie.com.br https://www.omie.com.br https://omie.com.br; frame-ancestors 'none'; object-src 'none'; worker-src blob: https://*.omie.com.br; base-uri 'self'; 2 frame-ancestors 'self' tecnun.unav.edu www.isem.es 2 default-src 'self' *.ayvens.com *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-D8x34hDiGshjQoAfXG976w==' 'strict-dynamic'; connect-src 'self' *.ayvens.com cdn.cookielaw.org geolocation.onetrust.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.leaseplan.com *.leaseplan.io t-log.sgmarkets.com cdn.imagin.studio px.ads.linkedin.com www.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com bat.bing.com *.clarity.ms *.hotjar.com *.hotjar.io consent-api.onetrust.com *.doubleclick.net privacyportal-de.onetrust.com www.facebook.com *.aldautomotive.com pagead2.googlesyndication.com; worker-src 'self'; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org *.hotjar.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; img-src 'self' data: *.ayvens.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com cdn.cookielaw.org cdn.imagin.studio idt9rpjm7d.execute-api.eu-west-1.amazonaws.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.ads.linkedin.com www.facebook.com www.googleadservices.com adservice.google.com google.com www.google.com *.doubleclick.net bat.bing.com *.clarity.ms *.bing.com www.ayvensbrand.com *.hotjar.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com pagead2.googlesyndication.com *.linkedin.com; media-src 'self' *.ayvens.com www.ayvensbrand.com *.leaseplan.com *.leaseplandigital.com www.leaseplanbrand.com www.youtube-nocookie.com; font-src 'self' *.leaseplancdn.com *.hotjar.com fonts.gstatic.com; frame-src 'self' *.ayvens.com *.leaseplan.com www.ayvensbrand.com player.vimeo.com www.youtube.com www.youtube-nocookie.com map.openchargemap.io bid.g.doubleclick.net td.doubleclick.net *.googletagmanager.com *.aldautomotive.com; object-src 'none'; base-uri 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://plausible.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsadspixel.net/fb.js https://googleads.g.doubleclick.net; frame-src https://consentcdn.cookiebot.com https://www.youtube.com https://td.doubleclick.net https://www.googletagmanager.com https://hub.n3mus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://raw.githubusercontent.com https://cdn.sanity.io/images/76lym2dp/mb-production/ https://imgsct.cookiebot.com https://track.hubspot.com https://forms.hsforms.com https://avatars.githubusercontent.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://plausible.io; media-src 'self' https://cdn.sanity.io/files/76lym2dp/mb-production/; connect-src 'self' https://76lym2dp.api.sanity.io/ https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/subscan https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/submitform https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hscollectedforms.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.hubapi.com https://forms.hubspot.com https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/getform https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/form/submit https://plausible.io; form-action 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2 report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 2 frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://fl.fmpedia.lc/ https://fl.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://forexlive.com/ https://forexlive.com:3006/ https://*.forexlive.com/ https://*.forexlive.com:3006/; 2 default-src blob: ws: data: 'self' 'unsafe-inline' 'unsafe-eval' *.pobeda.aero *.flypobeda.ru *.dev.flypobeda.ru www.youtube.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru yastatic.net smartcaptcha.yandexcloud.net vk.com *.vk.com *.tripster.ru *.mail.ru; frame-ancestors 'self' https://*.yandex.ru https://*.webvisor.com 2 base-uri *; font-src * data:; form-action *; frame-ancestors *; img-src * data: blob:; object-src *; script-src-attr 'none'; style-src * https: 'unsafe-inline'; upgrade-insecure-requests; 2 frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.rcrsv.io; 2 default-src 'self' *.googleapis.com cdnjs.cloudflare.com *.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com landesportal-sh.dwebanalytics.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.de *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com landesportal-sh.dwebanalytics.de; object-src 'none'; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.youtube-nocookies.com youtu.be vimeo.com *.schleswig-holstein.de; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de *.kaltura.com cdn.podigee.com *.podigee-cdn.net *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.de *.openstreetmap.fr; img-src 'self' data: *.seminareonlinebuchen.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de sgx.geodatenzentrum.de *.cdninstagram.com *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self' *.schleswig-holstein.de; font-src 'self' cdnjs.cloudflare.com *.gdi-sh.de maxcdn.bootstrapcdn.com; connect-src 'self' *.schleswig-holstein.de *.gdi-sh.de landesportal-sh.dwebanalytics.de; 2 frame-ancestors 'self' *.pellawi.com pellawi.com *.pellaomaha.com rest-preview.contentstack.com app.contentstack.com app.unbounce.com unbouncepages.com 2 frame-ancestors 'self' https://*.plugshare.com *.google-analytics.com *.analytics.google.com 2 base-uri 'self' https://www.sidn.nl https://www.sidnlabs.nl;default-src 'self';connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.dynamics.com https://*.europe-west4.run.app https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.piwik.pro https://*.recruitee.com https://*.sidn.nl https://sidn.nl https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://api.opencagedata.com https://vimeo.com https://www.google.com https://*.run.app;font-src 'self' data: https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.piwik.pro https://*.twitter.com https://*.typeform.com https://vimeo.com;form-action 'self' https://*.dynamics.com https://*.mailplus.nl https://internet.nl https://sidn.activehosted.com https://sidn.recruitee.com;frame-ancestors 'none';frame-src 'self' https://*.azureedge.net https://*.doubleclick.net https://*.dynamics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.sidnlabs.nl https://*.spotify.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.tmrrw.nl https://anchor.fm https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com;img-src 'self' data: https://*.domain-registry.nl https://*.doubleclick.net https://*.europe-west4.run.app https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.piwik.pro https://*.sidn.nl https://*.sidnlabs.nl https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://*.viglink.com https://*.vimeocdn.com https://*.youtube.com https://*.ytimg.com https://downloads.ctfassets.net https://images.ctfassets.net https://static.mailplus.nl https://vimeo.com https://www.facebook.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.azureedge.net https://*.bizographics.com https://*.cloudfront.net https://*.creative-serving.com https://*.doubleclick.net https://*.dynamics.com https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.ytimg.com https://connect.facebook.net https://sidn.activehosted.com https://vimeo.com https://www.youtube.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.azureedge.net https://*.cloudfront.net https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.sidn.nl https://sidn.nl https://*.usercentrics.eu https://*.ytimg.com https://vimeo.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://*.piwik.pro https://*.twitter.com https://*.typeform.com;report-to default;report-uri https://sidn-nl.uriports.com/reports/report 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch https://datawrapper.dwcdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://*.ge.ch https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch https://datawrapper.dwcdn.net; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch blob:; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com https://datawrapper.dwcdn.net/; frame-ancestors https://*.ge.ch https://sitg.maps.arcgis.com; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch blob:; font-src 'self' data:; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch https://*.infomaniak.com; report-uri /report-csp-violation 2 frame-ancestors 'self' https://victorinox.frontastic.io ; default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' https: mailto: tel: assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com assets.bounceexchange.com; img-src 'self' data: https: https://api.qrserver.com *.abtasty.com *.amazonaws.com https://cdn.optimizely.com assets.bounceexchange.com events.bouncex.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://applepay.cdn-apple.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com *.google-analytics.com *.netlify.app *.netlify.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com https://emea01.cluster.observability.cloud.sap:9999 https://victorinox-swiss-army.locally.com *.abtasty.com *.googleapis.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.affirm.com https://*.friendlycaptcha.com https://mpsnare.iesnare.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com https://storage.emersya.com https://io.fusedeck.net https://*.collect.igodigital.com tag.wknd.ai tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com *.channelsight.com *.abtasty.com *.gstatic.com *.googleapis.com assets.bounceexchange.com; form-action 'self' https: api.bounceexchange.com; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.frontastic.rocks *.frontastic.live *.frontastic.io *.linkedin.com *.cloudflare.com *.adyen.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com *.youku.com https://emea01.cluster.observability.cloud.sap:9999 https://google.com/pay *.abtasty.com https://logx.optimizely.com https://*.optimizely.com https://*.affirm.com https://develop--b2cstore-victorinox.netlify.app https://*.friendlycaptcha.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.abtasty.com *.gstatic.com *.googleapis.com https://*.ugc.bazaarvoice.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com assets.bounceexchange.com; report-to csp-endpoint; 2 block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 2 default-src 'self' *.kustomerapp.com *.iesnare.com *.bold.co *.segment.com *.segment.io *.amazonaws.com *.hotjar.com *.hotjar.io; script-src 'self' *.clarity.ms *.bold.co *.segment.com *.segment.io *.amazonaws.com *.seondf.com *.google.com *.gstatic.com *.googletagmanager.com *.analytics.tiktok.com *.appboycdn.com *.websdk.appsflyer.com *.boost.ai *.doubleclick.net *.connect.facebook.net *.visualwebsiteoptimizer.com *.vwo.com *.j.northbeam.io *.maze.co *.googleapis.com *.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.vwo.com app.vwo.com *.deviceinf.com *.seonintelligence.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.northbeam.io *.doubleclick.net *.tiktok.com *.appsflyer.com *.googletagmanager.com *.connect.facebook.net *.kustomerapp.com *.auth0.com *.bold.co *.boost.ai *.visualwebsiteoptimizer.com *.segment.com *.segment.io *.maze.co *.appboycdn.com *.googleapis.com *.seondf.com *.google.com *.gstatic.com *.cloudflare.com *.jsdelivr.net *.iteratehq.com *.facebook.net *.kustomerapp.com *.shopifycdn.com *.hotjar.com 'unsafe-inline' ; style-src 'self' *.visualwebsiteoptimizer.com *.vwo.com *.auth0.com *.bold.co *.cloudflare.com fonts.googleapis.com *.googleapis.com *.jsdelivr.net *.iteratehq.com *.hotjar.com 'unsafe-inline'; style-src-elem 'self' *.visualwebsiteoptimizer.com *.vwo.com *.auth0.com *.bold.co *.cloudflare.com fonts.googleapis.com *.googleapis.com *.jsdelivr.net *.iteratehq.com 'unsafe-inline'; img-src 'self' * data: ;font-src * *.bold.co data:; connect-src 'self' data: *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.onelink.me *.appsflyer.com *.tiktok.com *.tiktokw.us *.pangle-ads.com *.doubleclick.net *.launchdarkly.com *.strich.io *.google.com *.pndsn.com *.bold.co https://bold.co *.segment.com *.segment.io *.amazonaws.com *.visualwebsiteoptimizer.com *.vwo.com *.boost.ai *.maze.co *.braze.eu *.googleapis.com *.seondf.com https://iteratehq.com *.sentry.io *.auth0.com *.kustomerapp.com *.shopifysvc.com *.boldcf.co https://boldcf.co https://www.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ;frame-src 'self' *.visualwebsiteoptimizer.com *.vwo.com *.doubleclick.net *.googletagmanager.com *.jumio.ai *.google.com *.auth0.com *.bold.co *.googleapis.com *.typeform.com *.youtube.com *.payzen.eu; worker-src 'self' blob:;media-src 'self' data: *.ctfassets.net; frame-ancestors 'self' https://bold.co https://web.bold.co https://www.bold.co 2 default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://open.spotify.com/ https://australianunity.esaas.inmoment.com.au/cgi-bin/qwebcorporate?idx=QJYD2R https://beyondblue.tfaforms.net/ https://turningpoint.raiselysite.com/ https://turningpoint.raiselysite.com/downer https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/ https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://prod-donation-form.vercel.app/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://api.stripe.com https://maps.googleapis.com; frame-ancestors 'self' pages.sitecorecloud.io https://beyondblue-npsp.my.salesforce-sites.com; 2 default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://static.cloudflareinsights.com https://*.googletagmanager.com https://*.google-analytics.com https://www.clarity.ms https://images.dmca.com https://unpkg.com https://d3apzcqz3ghyay.cloudfront.net https://s0-greate.net; connect-src 'self' https://s0-greate.net https://api.revanced.app https://n.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; 2 frame-ancestors 'self' https://*.particle.io http://particle.lookbookhq.com https://particle.lookbookhq.com http://particle.pathfactory.com https://particle.pathfactory.com 2 default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 'wasm-unsafe-eval'; worker-src blob:; child-src blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https: blob:; media-src 'self' video.tesa.com *.youtube.com *.zohocdn.com static.zdassets.com; connect-src 'self' https: blob: wss://*.hotjar.com wss://*.zohopublic.eu wss://*.zopim.com; frame-ancestors 'none' 2 default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.cloudflareinsights.com cloudflareinsights.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 2 default-src 'none'; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com https://charts.mongodb.com *.bluesnap.com *.hotjar.com *.google.com https://visomdm.com/ ; connect-src https://api.descope.com https://visomdm.com wss://visomdm.com https://pro.ip-api.com *.hotjar.io *.glbth.com *.visomdm.com *.atvmanager.com *.teacherview.live https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com wss://*.glbth.com wss://*.visomdm.com wss://*.atvmanager.com wss://*.teacherview.live wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.ggpht.com tawk.link blob: *.googleusercontent.com *.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com *.tile.openstreetmap.org data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.hotjar.com *.tawk.to *.openstreetmap.org *.google.com *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' https://itunes.apple.com/ ; frame-ancestors 'self' https://visomdm.com/ https://masonconsole.com 2 frame-ancestors 'self' https://*.punchout2go.com/ https://*.gep.com/ https://*.ariba.com/ https://*.hubwoo.com/ https://*.sciquest.com/ https://*.tradecentric.com/ 2 form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 2 frame-ancestors self https://cms.double11.com 2 frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/ https://www-chevroleteltreboluniversidad-com-mx.proj.wpx.gm.com/ https://www-chevroleteltreboluniversidad-com-mx.prd1.wpx.gm.com/ https://www.chevroleteltreboluniversidad.com.mx/ https://www-buickgmccuautla-com-mx.proj.wpx.gm.com/ https://www-buickgmccuautla-com-mx.prd1.wpx.gm.com/ https://www.buickgmccuautla.com.mx/ *.fidev.bet fidev.bet *.jsitor.com jsitor.com gmfinancial.everfi-next.net *.gmfinancial.com gmfinancial.com; 2 frame-ancestors 'self' https://agcovirtualshowroom.com https://www.agcovirtualshowroom.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.stitcher.com use.typekit.net https://fonts.gstatic.com data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.gstatic.com *.bakermckenzie-podcastlibrary-wordpress.onenorth.com bakermckenzie-podcastlibrary-wordpress.onenorth.com blob: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.oribi.io *.onetrust.com *.stitcher.com *.google-analytics.com translate.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org *.mktoresp.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com translate.google.com *.google-analytics.com app-static.turtl.co static.ads-twitter.com munchkin.marketo.net cdn.cookielaw.org *.ceros.com connect.facebook.net *.cloudfront.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: filesystem: *.google-analytics.com *.bakermckenzie.com bakermckenzie.com *.googletagmanager.com gstatic.com *.gstatic.com translate.google.com *.siteimproveanalytics.io p.adsymptotic.com cdn.cookielaw.org; frame-src 'self' gateway.zscalertwo.net *.youtube.com *.stitcher.com *.libsyn.com *.buzzsprout.com *.spotify.com *.podbean.com *.soundcloud.com *.podcasts.apple.com omny.fm *.vbrick.com *.bryter.io *.bakermckenzie.com *.youtube-nocookie.com *.vimeo.com *.google.com *.googletagmanager.com *.yoshki.com app-static.turtl.co view.ceros.com 2 : default-src 'self'; font-src 'self' *.tagbox.com *.gstatic.com *.fontawesome.com *.cloudflare.com data:; img-src 'self' mapsresources-pa.googleapis.com media.licdn.com maps.googleapis.com openhaus.app *.cloudfront.net s7d9.scene7.com i.ytimg.com *.google.ie maps.gstatic.com ui-avatars.com yt3.ggpht.com pbs.twimg.com *.taggbox.com cloud.tagbox.com *.google-analytics.com *.prnewswire.com c212.net *.mathtag.com *.googletagmanager.com px.ads.linkedin.com *.simpleanalyticscdn.com *.cookielaw.org *.google.com *.cloudinary.com *.storepoint.co *.storepoint-icons.com media.igt.com *.vimeocdn.com linkedin.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' wlcdn.cstmapp.com unpkg.com cdn.mxpnl.com *.igtjackpots.com *.googleapis.com cdn.datatables.net github.hubspot.com cdn.addevent.com platform.twitter.com widget.taggbox.com *.tagbox.com *.cookielaw.org a.usbrowserspeed.com *.smartenterprisewisdom.com *.usbrowserspeed.com plausible.io *.fontawesome.com *.jsdelivr.net *.jquery.com *.igt.com *.youtube.com scripts.simpleanalyticscdn.com *.remarketstats.com *.googletagmanager.com *.liadm.com *.doubleclick.net *.hotjar.com acsbapp.com *.hotjar.com *.doubleclick.net *.google-analytics.com *.clickcertain.com *.storepoint.co *.licdn.com blob:; connect-src *.igtjackpots.com api-js.mixpanel.com api.openhaus.app igtjackpots.com maps.googleapis.com *.igt.com *.google-analytics.com *.cookielaw.org *.fontawesome.com plausible.io acsbapp.com *.liadm.com *.google.com *.acsbapp.com *.storepoint.co *.mapbox.com *.onetrust.com *.doubleclick.net px.ads.linkedin.com *.taggbox.com wss://ws.hotjar.com *.hotjar.io; style-src 'self' 'unsafe-inline' *.igtjackpots.com cdn.datatables.net *.fontawesome.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.taggbox.com *.tagbox.com *.typography.com *.igt.com *.googleapis.com *.mapbox.com *.storepoint.co *.cloudflare.com; frame-ancestors 'self'; frame-src 'self' free.timeanddate.com a.cstmapp.com *.googletagmanager.com *.openhaus.app platform.twitter.com *.vimeo.com *.youtube-nocookie.com *.youtube.com *.doubleclick.net; report-uri https://7qjmna92.uriports.com/reports/report; report-to default 2 frame-ancestors 'self' https://*.jugendherberge.de https://piwik.jugendherberge.de 2 frame-ancestors 'self' https://explore.manh.com/; 2 default-src 'self' files.virgool.io https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'self' countly.virgool.io; connect-src 'self' vod.virgool.io https://static.cloudflareinsights.com sentry.hamravesh.com files.virgool.io https://*.analytics.google.com https://*.google-analytics.com stats.vstat.ir cdn.iframe.ly https://open.iframe.ly iframely.com https://geoip-db.com https://sentry.virgool.io https://*.googletagmanager.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'self' countly.virgool.io pagead2.googlesyndication.com; font-src 'self' data: https://static.virgool.io; img-src blob: data: https: 'self' files.virgool.io https://*.google-analytics.com https://*.googletagmanager.com pagead2.googlesyndication.com; object-src 'self' virgool.io; media-src blob: 'self' vod.virgool.io https://open.iframe.ly cdn.virgool.io files.virgool.io iframely.com open.iframe.ly; script-src 'self' blob: https://virgool.io 'unsafe-inline' files.virgool.io https://*.googletagmanager.com cdn.iframe.ly https://open.iframe.ly iframely.com open.iframe.ly https://cdn.iframe.ly https://geoip-db.com https: 'self' 'unsafe-inline' manifest.json https://sentry.virgool.io 'self' countly.virgool.io pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com; style-src 'unsafe-inline' data: https: 'self'; frame-src 'self' cdn.iframe.ly https://cdn.iframe.ly https://open.iframe.ly open.iframe.ly iframely.com googleads.g.doubleclick.net tpc.googlesyndication.com chromenull: https: webviewprogressproxy: ; worker-src blob: 'self'; manifest-src https://virgool.io/manifest.json; frame-ancestors 'self' pelikan.media;; upgrade-insecure-requests 2 default-src 'self' * data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com cdn.cookielaw.org *.tctm.co *.tctm.xyz *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com; style-src 'self' data: blob: 'unsafe-inline' *; connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com; font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com ; 2 default-src 'self'; img-src 'self' blob: data: https://vercel.live/ https://vercel.com https://emoji.slack-edge.com/ https://sockjs-mt1.pusher.com/ https://vercel.fides-cdn.ethyca.com/ https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://gvsmhepiuiax2e6y.public.blob.vercel-storage.com/ https://4o3mjgkuedjhm5we.public.blob.vercel-storage.com https://ss5vlswhqmiddtca.public.blob.vercel-storage.com/ https://7oslg1lqcbxvjpfm.public.blob.vercel-storage.com/ https://heapanalytics.com; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://va.vercel-scripts.com/v1/ https://js.stripe.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/ https://cdn.heapanalytics.com *.heapanalytics.com; style-src 'self' 'unsafe-inline' https://vercel.live/ https://vercel.fides-cdn.ethyca.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com data: https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; connect-src 'self' https://vercel.live/ https://vercel.com https://*.pusher.com/ https://blob.vercel-storage.com https://*.blob.vercel-storage.com https://blobs.vusercontent.net wss://*.pusher.com/ https://fides-vercel.us.fides.ethyca.com/api/v1/ https://cdn-api.ethyca.com/location https://privacy-vercel.us.fides.ethyca.com/api/v1/ https://api.getkoala.com https://*.sentry.io/api/; frame-src 'self' http://localhost:* https://*.vusercontent.net/ https://*.lite.vusercontent.net/ https://generated.vusercontent.net/ https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://js.stripe.com/ https://*.accounts.dev https://api.stack-auth.com/api/v1/auth/oauth/*; frame-ancestors 'self' https://*.notion.so https://notion.so https://v0-git-shu-e7sf.vercel.sh; media-src 'self' https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://4nwqv0zkit3b9v6h.public.blob.vercel-storage.com/; report-uri /api/csp-report; 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; style-src 'self' https: 'unsafe-inline' *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; font-src 'self' data: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; connect-src 'self' *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; frame-src 'self' data: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; frame-ancestors 'self' *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; object-src data: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; media-src 'self' data: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; worker-src 'self' data: blob: *.ads-twitter.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.sibs.com *.speedtestcustom.com *.supplia.es *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com cihbank.ma t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 2 frame-ancestors 'self' https://samsungfood.kinsta.cloud 2 default-src 'self'; connect-src 'self' https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://privacy-proxy.usercentrics.eu https://aggregator.service.usercentrics.eu https://maps.googleapis.com https://region1.google-analytics.com https://px.ads.linkedin.com https://bat.bing.com https://graphql.usercentrics.eu https://www.johanniter-intranet.de https://assets.brevo.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.com https://*.sibforms.com https://joga-johanniter.concludis.de https://www.4juh.de https://juh-live.uscreen.net https://ct.pinterest.com https://s.pinimg.com/ https://prod-cdn.eu.yextapis.com https://eu.yextevents.com https://api.openai.com/ https://load.smart-rechner.de/; img-src 'self' data: https://app.usercentrics.eu https://assets.johanniter.de https://uct.service.usercentrics.eu https://maps.gstatic.com https://snap.licdn.com https://bat.bing.com https://www.google.com https://www.facebook.com https://www.googletagmanager.com https://www.google.de https://*.ads.linkedin.com https://www.linkedin.com https://maps.googleapis.com https://secure.fundraisingbox.com https://api.spendino.de https://*.johanniter.321.works https://*.google-analytics.com https://www.eye-able-cdn.com https://juh-live.uscreen.net https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.com https://s.pinimg.com/ https://load.smart-rechner.de/; font-src 'self' data: 'unsafe-inline' https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://privacy-proxy.usercentrics.eu https://aggregator.service.usercentrics.eu https://maps.googleapis.com https://region1.google-analytics.com https://px.ads.linkedin.com https://bat.bing.com https://graphql.usercentrics.eu https://www.johanniter-intranet.de https://assets.brevo.com https://joga-johanniter.concludis.de; frame-src 'self' blob: https://privacy-proxy.usercentrics.eu https://www.johanniterhausnotruf.de https://www.youtube-nocookie.com https://td.doubleclick.net https://*.johanniter.de https://secure.fundraisingbox.com https://kursbuchung.johanniter.de https://api.spendino.de https://www.johanniter-intranet.de https://*.johanniter-formular.de https://app.usercentrics.eu https://www.pflegegrad-berechnen.de https://johanniter-rundgaenge.de https://johanniter-karte.de https://graphical-editor.kameleoon.com https://gateway.spendino.de/ https://sipg.micropayment.de/ https://www.podcaster.de/ https://ct.pinterest.com https://search-embed.johanniter.de.eu.pagescdn.com/ https://easyverein.com/ https://pm-pflegemarkt.com/ https://app.supademo.com https://ibe.hotels-online-buchen.de/; frame-ancestors 'self' https://www.4juh.de https://*.eye-able.com https://*.kameleoon.com https://*.johanniter.de https://app.supademo.com; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://maps.googleapis.com https://maps.google.com https://www.googletagmanager.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://secure.fundraisingbox.com https://www.googleadservices.com https://api.spendino.de https://www.paypal.com https://code.jquery.com https://*.johanniter-formular.de https://sibforms.com https://assets-v12.live.typo3.johanniter.321.works https://*.johanniter.de https://load.smart-rechner.de https://joga-johanniter.concludis.de https://juh-stage.uscreen.net https://juh-live.uscreen.net https://s.pinimg.com/ https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.com https://ct.pinterest.com https://assets.eu.sitescdn.net https://search-embed.johanniter.de.eu.pagescdn.com/ https://static.hotjar.com/ https://*.hotjar.io/ https://ws.hotjar.com/ https://script.hotjar.com/ wss://script.hotjar.com/ https://ibe.hotels-online-buchen.de/ https://amplify.outbrain.com/; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://www.paypal.com https://www.johanniter-intranet.de https://sibforms.com https://load.smart-rechner.de https://www.eye-able-cdn.com https://static.kameleoon.com https://graphical-editor.kameleoon.com https://joga-johanniter.concludis.de https://juh-live.uscreen.net https://assets.eu.sitescdn.net 2 frame-ancestors 'self' https://hullfilm360.com; 2 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:;; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 2 default-src 'self' *.plex.com *.rockwellautomation.com; img-src 'self' *.plex.com *.rockwellautomation.com rockwellautomation.scene7.com *.cookielaw.org data: cm.everesttech.net dpm.demdex.net s1284661142.t.eloqua.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com secure.adnxs.com www.googletagmanager.com *.sharethis.com blob: b.6sc.co; font-src 'self' *.plex.com *.rockwellautomation.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.plex.com *.rockwellautomation.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.plex.com *.rockwellautomation.com rockwellautomation.tt.omtrdc.net *.cookielaw.org assets.adobedtm.com js.driftt.com *.storylane.io blob: s.go-mpulse.net acsbapp.com www.googletagmanager.com j.6sc.co eloqua.plex.com img.en25.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com vidyard.plex.com platform-api.sharethis.com cdn-0.d41.co ecf.d41.co api1139.d41.co id.rlcdn.com buttons-config.sharethis.com *.sharethis.com 'unsafe-eval'; connect-src 'self' *.plex.com *.rockwellautomation.com *.cookielaw.org *.onetrust.com rockwellautomation.tt.omtrdc.net stats.g.doubleclick.net api1139.d41.co ff.d41.co rockwellautomation.scene7.com 68794910.akstat.io tracking.plex.rockwellautomation.com *.sharethis.com s7mbrstream.scene7.com *.vidyard.com data: dpm.demdex.net analytics.google.com www.google-analytics.com cdn.acsbapp.com accesswidget-log-receiver.acsbapp.com *.acsbapp.com acsbapp.com c.go-mpulse.net www.bing.com j.6sc.co ipv6.6sc.co epsilon.6sense.com c.6sc.co; frame-src 'self' *.plex.com *.rockwellautomation.com js.driftt.com rockwell.demdex.net play.vidyard.com *.sharethis.com *.storylane.io; form-action 'self' *.plex.com *.rockwellautomation.com s1284661142.t.eloqua.com s1748.t.eloqua.com tracking.plex.rockwellautomation.com rockwellautomation.custhelp.com; media-src 'self' *.plex.com *.rockwellautomation.com rockwellautomation.scene7.com *.vidyard.com preview1.assetsadobe.com blob:; 2 object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca *.arcgis.com 2 default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://open.spotify.com https://iveco.ubiest.com https://tools.eurolandir.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com;frame-ancestors 'self'; 2 font-src 'self' 2 default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com app.pendo.io cdn.pendo.io data.pendo.io app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io *.truste.com *.newrelic.com *.nr-data.net app.pendo.io data.pendo.io api.feedback.us.pendo.io app.eu.pendo.io data.eu.pendo.io api.feedback.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com app.launchdarkly.com events.launchdarkly.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com cdn.jsdelivr.net iph.zoominsoftware.io www.googletagmanager.com www.google-analytics.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com data: app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com cdn.pendo.io app.pendo.io data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com 0jjym5j2w4.execute-api.us-east-1.amazonaws.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io; frame-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com *.policytech.com ethicspointvp.com app.pendo.io portal.feedback.us.pendo.io app.eu.pendo.io portal.feedback.eu.pendo.io player.vimeo.com 'self' 'unsafe-eval' *.navexglobal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com app.pendo.io cdn.pendo.io app.eu.pendo.io cdn.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net cloud.typography.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net fonts.gstatic.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.ethicspointvp.com doorman.navexglobal.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://secure.gravatar.com/ *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g10696554090.co g10696554090.co *.clarity.ms https://www.googleadservices.com/ https://script.hotjar.com/ https://player.vimeo.com/ https://www.clarity.ms/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.clarity.ms/ https://script.hotjar.com/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://player.vimeo.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://www.google.com/ https://js.hsadspixel.net/ https://js.hubspot.com/ https://js.usemessages.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://scout-cdn.salesloft.com/ https://api.lightboxcdn.com/ https://js.hs-analytics.net/ https://static.hsappstatic.net/ https://js.hscollectedforms.net/ https://cdn.bizible.com/ https://j.6sc.co/ https://snap.licdn.com/ https://polyfill.io/ https://*.hs-scripts.com/ https://js.hsforms.net/ https://consent.trustarc.com/ https://secure.leadforensics.com/ https://connect.facebook.net/ https://dev.visualwebsiteoptimizer.com/ https://geotargetly-api-2.com/ https://www.lightboxcdn.com/ https://www.googletagmanager.com/ https://extend.vimeocdn.com/ https://cdn.jsdelivr.net/ https://js.hs-scripts.com/ https://*.hs-scripts.com/ https://js.hs-scripts.com/ https://cdn.dreamdata.cloud https://consent.trustarc.com https://js.hs-scripts.com/ https://*.hs-scripts.com/ https://static.cloudflareinsights.com/ *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.lightboxcdn.com/ https://fonts.googleapis.com/ https://s3.lightboxcdn.com/ https://consent.trustarc.com https://cdn.dreamdata.cloud/ *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.personifyhealth.com *.personifyhealth.com/* *.cloudfront.net *.linkedin.com *.google.co.uk *.google.com https://ps.w.org/ https://s.w.org/ https://i.vimeocdn.com/ https://cdn.bizibly.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://track.hubspot.com/ https://secure.gravatar.com/ https://cdn.bizible.com/ https://c.bing.com/ https://c.clarity.ms/c.gif https://s3.lightboxcdn.com/ https://google.at/ https://www.googletagmanager.com/ https://attr.ml-api.io/ https://secure.adnxs.com/ https://www.google.at/ https://b.6sc.co/ https://www.google-analytics.com/ https://analytics.twitter.com/ https://t.co/ https://www.google.ba/ https://www.google.com/ https://b.6sc.co/ https://dev.visualwebsiteoptimizer.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://s.ml-attr.com/ https://consent.trustarc.com/ https://dify.wpengine.com/ https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://perf-na1.hsforms.com/ https://www.lightboxcdn.com/ https://consent.trustarc.com https://cdn.dreamdata.cloud/ https://*.hubspot.com/ https://consent-pref.trustarc.com/ s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' *.clarity.ms *.6sense.com *.linkedin.com https://u.clarity.ms/collect *.google-analytics.com/ https://stats.g.doubleclick.net/ https://bat.bing.com/ https://www.google.at/ https://in.hotjar.com/ https://y.clarity.ms/collect https://api.hubapi.com/ https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://js.hs-banner.com/ https://ws.zoominfo.com/ https://ws.zoominfo.com/pixel/collect *.hubspot.com/ https://idx.liadm.com/ https://scout.salesloft.com/ https://c.6sc.co/ https://secure.adnxs.com/ https://vc.hotjar.io/ https://cdn.linkedin.oribi.io/ https://epsilon-cloudfront.6sense.com/v3/company/details https://epsilon.6sense.com/v3/company/details https://www.google-analytics.com/j/ https://google.com/pagead/form-data/ https://ipv6.6sc.co/ https://epsilon.6sense.com/ https://q.clarity.ms/ https://www.google-analytics.com/ https://vimeo.com/ https://google.at/ https://google.com/ https://region1.analytics.google.com/ https://my.wpengine.com/ https://api.hubspot.com/ https://forms.hscollectedforms.net/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com/ https://yoast.com/ https://*.visualwebsiteoptimizer.com https://consent.trustarc.com https://cdn.dreamdata.cloud/ https://js.hs-scripts.com/ https://*.hs-scripts.com/ https://js.hs-scripts.com/ https://consent-pref.trustarc.com/ *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com/ https://s3.lightboxcdn.com/ https://consent.trustarc.com https://cdn.dreamdata.cloud/ data: fonts.gstatic.com fonts.googleapis.com; object-src * https://consent.trustarc.com https://cdn.dreamdata.cloud https://cdn.dreamdata.cloud/; media-src * *.vimeo.com *.akamized.net; frame-src 'self' https://forms.hsforms.com/ https://www.google.com/ https://player.vimeo.com/ https://consent-pref.trustarc.com/ https://app.hubspot.com/ https://consent.trustarc.com https://cdn.dreamdata.cloud/ https://js.hs-scripts.com/ https://*.hs-scripts.com/ https://393154.hs-sites.com/ https://*.hs-sites.com/ *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; worker-src * blob:; report-uri https://personifyhealth.com/?gdsih-csp-report; 2 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; child-src 'self' blob:; style-src 'unsafe-inline' https:; 2 base-uri 'self'; default-src 'self'; connect-src 'self' data: https://api.storyblok.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://logs1412.xiti.com https://px.ads.linkedin.com; img-src 'self' data: https://a.storyblok.com https://cdn.cookielaw.org https://assets.kuehne-nagel.com https://logs1412.xiti.com https://px.ads.linkedin.com; frame-src * ; form-action 'self'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src 'self' https://a.storyblok.com https://recordingassets-store-prod-useast1-osdops.s3.amazonaws.com https://assets.kuehne-nagel.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://app.storyblok.com https://www.googletagmanager.com https://e.video-cdn.net https://cdn.cookielaw.org https://tag.aticdn.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; frame-ancestors 'self' https://app.storyblok.com; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.co.uk data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://www.needlefresh.co.uk https://*.lidl.co.uk; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.co.uk data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 2 frame-ancestors *.seoclerk.com *.seoclerks.com *.listingdock.com *.codeclerks.com *.wordclerks.com *.pixelclerks.com; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://cdn.ampproject.org https://code.jquery.com https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://mc.yandex.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com http://www.googletagmanager.com https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://infragrid.v.network https://*.forter.com https://js.volt.io https://static.ads-twitter.com https://js.adsrvr.org https://goldwater.cloud;connect-src 'self' 'report-sample' data: blob: ws: wss: https://cdn.ampproject.org https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://ces2007.org https://*.google.com https://stats.g.doubleclick.net wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin wss://*.bitget.site wss://*.bitget.live wss://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.glassgs.com https://mc.yandex.com wss://*.bitget.style https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com https://www.google.co.kr https://www.google.com.bd https://google.com https://www.google.co.in https://www.google.ru https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://ton-connect.github.io https://browser-http-intake.logs.datadoghq.com https://infragrid.v.network https://cdnjs.cloudflare.com https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com https://goldwater.cloud;frame-src 'self' 'report-sample' blob: data: https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetimg.com https://*.bitgetpro.site https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.bitget.style https://mc.yandex.com https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://pixel.mathtagmedia.com https://td.doubleclick.net https://www.bitgetapp.com https://www.bitgetapps.com https://pixel.mathtag.com https://*.bitget.com https://*.revolut.com https://*.multiexc.com https://*.thedecard.com https://forms-prod.sprinklr.com https://thedecard.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com https://insight.adsrvr.org;frame-ancestors 'self' https://*.bitgetpro.site https://xdreampay.com https://forms-prod.sprinklr.com;report-uri https://a643dc1f417234b232e383bb33da229f.report-uri.com/r/d/csp/enforce /v1/buried/log/cspSecurity; 2 default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com/ https://acrobatservices.adobe.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/ https://www.youtube.com/ https://wavedw.santandergroup.net/ https://td.doubleclick.net/ https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com; img-src 'self' https://bat.bing.net/ https://cdn.cookielaw.org https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src 'self' https://tools.euroland.com/ https://tools.eurolandir.com/ https://acrobatservices.adobe.com/ https://qvdt3feo.com/ https://sf16-website-login.neutral.ttwstatic.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-dev.wdesk.org cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com www.adobe.io tag.oniad.com sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com www.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://www.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/ https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' https://bat.bing.net/ https://www.google.com https://cdn-prod.wdesk.com/ https://googleads.g.doubleclick.net/pagead/landing https://www.google.com/pagead/landing https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p data:; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.advantshop.net *.advantshop.by *.advantshop.com *.advantshop.kz *.advstatic.ru *.advant.shop www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net apis.google.com vk.com www.facebook.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com counter.rambler.ru cdn.jsdelivr.net ymetrica.com mc.yandex.ru yastatic.net api-maps.yandex.ru top-fwz1.mail.ru counter.yadro.ru top-abd.mail.ru *.jivosite.com *.chat2desk.com static.woopra.com www.woopra.com dadata.ru advantshop.disqus.com www.googletagmanager.com tagmanager.google.com ajax.googleapis.com advantschool.ru privacy-cs.mail.ru mc.webvisor.org data:; 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; frame-src *; frame-ancestors *; worker-src blob:; 2 frame-ancestors 'self' https://www.einpresswire.com https://www.milesight.cn https://m.milesight.cn https://console-develop-debug.milesight.com https://console-test.milesight.com https://console-stress.milesight.com https://console-pre.milesight.com https://console.milesight.com https://good360vr.com https://www.delmation.nl 2 base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2 default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 2 form-action 'self' *.facebook.com *.workhuman.com; frame-ancestors 'self' app.contentful.com; frame-src 'self' *.workhuman.com *.workhumanpreprod.com vercel.app vercel.live *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.facebook.com *.twitter.com 862-jiq-698.mktoweb.com cookie.havasedge.com fast.wistia.net fast.wistia.com youtube.com www.youtube.com bat.bing.com; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; upgrade-insecure-requests; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 2 connect-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.visualstudio.com *.google-analytics.com *.googleapis.com *.cloudfront.net *.azure.com *.snapchat.com *.doubleclick.net *.qbrick.com *.dna.ip-only.net .hotjar.com *.hotjar.io wss: *.hotjar.com; default-src 'self' *.jotun.com *.jotunprofessionals.com * localhost:*; frame-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.hcaptcha.com *.snapchat.com *.youtube.com *.issuu.com; media-src 'self' data: https: blob: *.jotun.com *.jotunprofessionals.com *.dna.ip-only.net; img-src 'self' data: https: *.jotun.com *.jotunprofessionals.com *.googletagmanager.com *.google.com *.google.nl *.cloudfront.net *.sharethis.com *.azure.com *.zaius.eu *.facebook.com *.dna.ip-only.net localhost:* *.hotjar.com; style-src 'self' *.jotun.com *.jotunprofessionals.com localhost:* *.jsdelivr.net *.googleapis.com 'unsafe-inline' *.hotjar.com *.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' *.hotjar.com; script-src 'self' data: https: blob: localhost:* *.jotun.com *.jotunprofessionals.com *.hcaptcha.com *.azure.com *.qbrick.com *.jsdelivr.net *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com 'unsafe-inline' 'unsafe-eval' *.hotjar.com 'unsafe-inline'; script-src-elem 'self' https: localhost:* *.jotun.com *.jotunprofessionals.com *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com *.spinnaker-js.com sc-static.net *.snapchat.com *.google-analytics.com *.googleapis.com *.facebook.net *.youtube.com *.qbrick.com 'unsafe-inline' *.hotjar.com 'unsafe-inline' 2 style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com *.tinymce.com www.reservecloud.com *.curator.io platform.twitter.com cdnjs.cloudflare.com uicdn.toast.com *.technolutions.net; 2 frame-ancestors 'self' https://support.turbovpn.com https://admin.turbovpn.com 2 default-src 'self' data: blob: ws: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.sentry.io *.facebook.com *.facebook.net *.hotjar.com *.cloudflare.com *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.doubleclick.net *.avantorsciences.com *.avantorsciences.cn *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.worldpay.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.chatlayer.ai *.sinch.com *.ably-realtime.com *.ably.io *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.cloudflare.com *.bing.com *.avantorsciences.com *.avantorsciences.cn *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.cloudflare.com *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.sinch.com *.ably-realtime.com *.ably.io *.chatlayer.ai *.sentry.io *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.lfeeder.com *.leadfeeder.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.worldpay.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.avantorsciences.cn *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com export.highcharts.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.eye-able.com *.eye-able-cdn.com; font-src 'self' data: *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com *.youtube.com data.w52.com *.eye-able.com *.eye-able-cdn.com blob:; img-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com *.youtube.com *.ytimg.com *.eye-able.com *.eye-able-cdn.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com blob:; frame-ancestors 'self' file://* social.cloud.tbintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.onetrust.com; img-src * data: ; font-src 'self' data: privacyportal-cdn.onetrust.com; connect-src *; object-src 'none'; child-src *.usatoday.com *.themuse.com *.dayforcehcm.com *.office.com *.google.com *.youtube.com *.gannett.com *.formstack.com *.gstatic.com *.app.com *.onetrust.com; frame-ancestors *; upgrade-insecure-requests; sandbox allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; base-uri 'self'; report-uri https://reporting-api.gannettinnovation.com; report-to default 2 default-src 'self' https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://matomo.ovgu.de/; img-src 'self' *.ovgu.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.ovgu.de/; object-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.ovgu.de *.uni-magdeburg.de; frame-src https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://www.google.com/maps/ *.ovgu.de *.uni-magdeburg.de; upgrade-insecure-requests 2 default-src 'self' www.google-analytics.com privacy-policy.truste.com *.marchex.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com privacy-policy.truste.com *.marchex.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' privacy-policy.truste.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src 'self'; 2 default-src 'self' 'unsafe-inline' https: 2 frame-ancestors 'self' https://*.lcl.fr https://*.id.fr.cly; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monitor.azure.com *.applicationinsights.azure.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.alchemer.com *.ensighten.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.browser-intake-datadoghq.com *.dotomi.com *.amazon-adsystem.com;script-src-attr 'self' 'unsafe-inline' *.monitor.azure.com *.applicationinsights.azure.com;img-src 'self' data: cdn.jsdelivr.net *.ctfassets.net *.googleapis.com *.google.com google.com *.gstatic.com *.googletagmanager.com browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.alchemer.com *.google-analytics.com *.googlesyndication.com *.ensighten.com;frame-src 'self' *.google.com *.brightcove.net *.youtube.com *.vimeo.com *.google.com *.gstatic.com *.googletagmanager.com browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.alchemer.com;frame-ancestors 'self' app.contentful.com *.lively.com *.googletagmanager.com;connect-src 'self' *.googleapis.com *.monitor.azure.com *.applicationinsights.azure.com *.google.com *.gstatic.com *.googletagmanager.com browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.amazon-adsystem.com *.youtube.com *.paa-reporting-advertising.amazon *.google-analytics.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.alchemer.com https://api.lively.com;worker-src 'self' blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 frame-ancestors 'self' login.microsoftonline.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft 2 upgrade-insecure-requests;frame-ancestors 'self' *.bochk.com *.bocgroup.com *.ftcwifi.com *.posangonline.com 2 default-src 'self' https://pretix.eu https://static.pretix.space; script-src 'self' 'sha256-+tmFggeXIPOAC2UgcQ3LW/gPHTkwyWg3/D6FOJ5BHGo=' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io; connect-src 'self' https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.space; media-src 'self' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space; form-action 'self' https: https://pretix.eu 2 default-src 'self' https://play.vidyard.com; connect-src 'self' https://googleads.g.doubleclick.net https://analytics.ahrefs.com/api/event https://www.google.com https://*.linkedin.com https://*.zi-scripts.com https://*.googlesyndication.com https://*.calibermind.com https://*.visualwebsiteoptimizer.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://*.yoast.com https://*.certinia.com https://*.metarouter.io https://*.6sc.co https://analytics.google.com https://*.6sense.com https://*.mktoutil.com https://*.chilipiper.com https://c.6sc.co https://secure.adnxs.com https://ws.zoominfo.com https://*.pathfactory.com https://bidr.io https://rlcdn.com https://stats.g.doubleclick.net https://*.marketo.com https://munchkin.marketo.net https://*.mktoresp.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://bat.bing.com https://cdn.cookielaw.org https://play.vidyard.com https://web-analytics.engagio.com https://www.google-analytics.com https://www.googletagmanager.com https://*.onetrust.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.pardot.com https://*.cloudflareinsights.com https://*.vwo.com https://analytics.ahrefs.com https://*.zi-scripts.com https://unpkg.com https://yoast.com https://*.yoast.com https://static.srcspot.com https://*.clarity.ms https://*.calibermind.com https://*.metarouter.io https://www.googleoptimize.com https://js.chilipiper.com https://j.6sc.co https://cdn-app.pathfactory.com https://s.adroll.com https://ws-assets.zoominfo.com https://*.certinia.com https://*.google.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://app.cdn.lookbookhq.com https://*.marketo.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://play.vidyard.com https://*.netdna-ssl.com https://www.googletagmanager.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.vidyard.com https://img.en25.com http://ct.capterra.com https://tribl.io https://munchkin.marketo.net https://bat.bing.com https://snap.licdn.com https://a.quora.com https://web-analytics.engagio.com https://googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net https://platform.twitter.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://ml314.com https://www.googleadservices.com; img-src https: data: https://www.google-analytics.com https://optimize.google.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com; frame-src 'self' mailto: api-cbb17618.duosecurity.com https://dev.visualwebsiteoptimizer.com https://scores.securityscorecard.io https://*.doubleclick.net https://public-profile.whistic.com https://financialforce.outgrow.us https://financialforce.chilipiper.com https://securityscorecard.com https://player.vimeo.com https://*.certinia.com https://*.twitter.com https://bid.g.doubleclick.net https://*.vidyard.com https://app-sjg.marketo.com https://tribl.io https://*.google.com https://www.googletagmanager.com; font-src 'self' data: https://*.pathfactory.com https://*.netdna-ssl.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.certinia.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://js.chilipiper.com https://*.certinia.com https://cdnjs.cloudflare.com https://*.google.com https://fonts.googleapis.com https://platform.twitter.com https://app.cdn.lookbookhq.com https://1x8clt34ex4l3nepm7b15t5f-wpengine.netdna-ssl.com https://tribl.io https://*.netdna-ssl.com https://www.googletagmanager.com https://code.jquery.com https://gmpg.org https://maxcdn.bootstrapcdn.com https://tribl.io https://cdn.cookielaw.org https://app-sjg.marketo.com https://cdn-app.pathfactory.com; frame-ancestors 'self' https://library.certinia.com; object-src 'none'; upgrade-insecure-requests; worker-src 'self' blob:; 2 frame-ancestors 'self' dw.beyondtrustcloud.com dwspectrum.com; 2 default-src https: wss: 'unsafe-inline'; font-src * 'self' data:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 frame-ancestors 'self' *.translate.goog translate.google.com; 2 default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 2 frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 2 object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http:; frame-ancestors https://app.contentful.com 2 frame-ancestors 'self' *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 2 default-src c.wgr.de 'self'; script-src c.wgr.de 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com maps.googleapis.com https://l.ecn-ldr.de; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.lu https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.facebook.com d32wqyuo10o653.cloudfront.net *.gstatic.com *.econda-monitor.de; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; child-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; font-src c.wgr.de 'self' data:; connect-src https://mein.westermann.de/ 'self' www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.lu https://www.facebook.com https://graph.facebook.com *.crosssell.info *.econda-monitor.de 2 default-src 'self'; style-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.mikmak.ai/ *.swaven.com/ *.aptaclub.com/ *.q4web.com/ *.adobe.com/ *.unpkg.com/ https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.googletagmanager.com/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline'; script-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://js-agent.newrelic.com/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mikmak.ai/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.google.com.mx/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.mikmak.ai/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/; frame-src 'self' *.algolia.io/ https://forms.office.com/ *.aptaclub.com/ *.googletagmanager.com/ *.adobe.io/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.mikmak.ai/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/ *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/; connect-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://bam.eu01.nr-data.net/ *.google.com/ *.jsdelivr.net/ *.algolia.net/ *.googletagmanager.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/ *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.mikmak.ai/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/; font-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.googletagmanager.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.mikmak.ai/ *.swaven.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/; media-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.mikmak.ai/ *.swaven.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.googletagmanager.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 2 default-src: 'self' 'googleads.g.doubleclick.net' 'fonts.googleapi.com' 'img.youtube.com' 'i.ytimg.com' 'latencytimer.azurewebsites.net''s.ytimg.com' 'youtube.com' 'googleads.g.doubleclick.net' 'yt3.ggpht.com' 'fonts.gstatic.com'; script-src: 'self' 'www.googletagmanager.com' 'www.google-analytics.com' 'player.wowza.com' 'youtube.com' 'static.doubleclick.net' 'googleads.g.doubleclick.net'; style-src: 'self' 'youtube.com' 'googleads.g.doubleclick.net' 2 default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.doubleclick.net *.googleadservices.com *.recaptcha.net munchkin.marketo.net *.eloqua.com *.en25.com *.pagestrip.com player.vimeo.com *.ssl.cf1.rackcdn.com *.youtube.com s3.amazonaws.com magna.us5.list-manage.com *.baidu.com *.usersnap.com *.adform.net *.adnxs.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com forms-eu1.hsforms.com *.cookielaw.org *.google.com *.mediavalet.com cdn.jsdelivr.net cdnjs.com code.jquery.com consent.cookiebot.com consentcdn.cookiebot.com cookie-cdn.cookiepro.com cse.google.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net geolocation.onetrust.com js-eu1.hsforms.net kendo.cdn.telerik.com maxcdn.bootstrapcdn.com mc.us5.list-manage.com platform.stumbleupon.com/1/widgets.js publish.twitter.com rum-static.pingdom.net s.ytimg.com s7.addthis.com secure.adnxs.com sjs.bizographics.com snap.licdn.com stackpath.bootstrapcdn.com syndication.twitter.com unpkg.com v1.addthisedge.com walls.io www.googletagmanager.com www.youtube.com/iframe_api z.moatads.com *.hsleadflows.net js-eu1.hubspot.com www.52cloudacute.com www.acuteimaginative.com js.hsforms.net 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.pagestrip.com *.ssl.cf1.rackcdn.com cdn.jsdelivr.net cdn.mediavalet.com cdn-images.mailchimp.com cdnjs.cloudflare.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net form.asana.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com www.youtube.com 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://www.google.co.uk https://dec.azureedge.net https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com https://puui.qpic.cn https://cms.sps-digital.com https://stats.g.doubleclick.net https://www.google.ca https://hm.baidu.com https://mcusercontent.com https://cdn-images.mailchimp.com https://www.google.vg https://www.google.de https://www.google.fr *.rackcdn.com *.adnxs.com *.hsforms.com *.hubspot.com cdn.mediavalet.com https://insights.apps-magna.com https://media.corporate-ir.net https://px4.ads.linkedin.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com *.magna.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://mpt-product-information.com/ https://td.doubleclick.net/ https://www.recaptcha.net/ https://magna.gcs-web.com/ https://my.walls.io/ https://www.google.com/ https://forms-eu1.hsforms.com/ https://www.facebook.com/ https://magna.s2.positionierung.at/ https://form.asana.com/ https://app.truelook.cloud/ https://embed.mediavalet.com/ https://www.googletagmanager.com/ https://js.hsforms.net; connect-src 'self' *.google-analytics.com *.mktoresp.com *.linkedin.oribi.io *.addthis.com *.hs-banner.com *.hubspot.com *.hubapi.com forms-eu1.hscollectedforms.net *.google.com *.analytics.google.com *.dec.sitefinity.com *.pagestrip.com analytics.google.com cdn.cookielaw.org cookie-cdn.cookiepro.com emea3.recruitmentplatform.com forms-eu1.hsforms.com geolocation.onetrust.com global3.recruitmentplatform.com hm.baidu.com m.addthis.com magna-na.magna.com pagead2.googlesyndication.com pagestrip.com privacyportal.cookiepro.com px.ads.linkedin.com rum-collector-2.pingdom.net s7.addthis.com stats.g.doubleclick.net www.google.ca www.google.de www.google.se www.google.vg googleads.g.doubleclick.net ib.adnxs.com www.facebook.com fclog.baidu.com forms.hsforms.com cdn.mediavalet.com; media-src 'self' data: blob: *.ssl.cf1.rackcdn.com *.cf2.rackcdn.com *.cf1.rackcdn.com *.iosr.cf1.rackcdn.com https://cms.sps-digital.com https://cdn.mediavalet.com; child-src 'self' https://embed.mediavalet.com/ https://td.doubleclick.net/ https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io https://www.magnapeople.com https://mpt-product-information.com/ https://magna-staging.jifflenow.com/ https://magna.jifflenow.com/ https://www.recaptcha.net https://www.mpt-product-information.com https://bid.g.doubleclick.net https://open.spotify.com/ https://www.youtube-nocookie.com/ https://forms-eu1.hsforms.com/ https://magna.s2.positionierung.at/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.veracode.com https://boards.greenhouse.io https://www.trustradius.com https://widgets.peerspot.com https://www.gartner.com https://play.vidyard.com https://*.cloudfront.net https://script.crazyegg.com https://js.adsrvr.org https://cdn.heapanalytics.com https://j.6sc.co https://cdn.cookielaw.org https://tracking.intentsify.io https://snap.licdn.com https://connect.facebook.net https://munchkin.marketo.net https://trk.techtarget.com https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://cdnjs.cloudflare.com https://region1.analytics.google.com https://www.google.it/ads/ga-audiences https://region1.google-analytics.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://use.typekit.net https://p.typekit.net https://*.veracode.com https://boards.greenhouse.io https://www.trustradius.com https://*.cloudfront.net https://www.gartner.com cdnjs.cloudflare.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://pos.baidu.com https://*.veracode.com https://boards.greenhouse.io https://*.vidyard.com https://widgets.peerspot.com https://www.peerspot.com https://*.cloudfront.net https://www.veracode.com https://heapanalytics.com https://b.6sc.co https://px.ads.linkedin.com https://www.facebook.com https://pubads.g.doubleclick.net https://cdn.cookielaw.org https://www.linkedin.com https://images.mutinycdn.com https://reviews.static.gartner.com https://www.google.it googleads.g.doubleclick.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://play.vidyard.com https://*.cloudfront.net https://www.trustradius.com https://www.google.com https://script.crazyegg.com https://cdn.cookielaw.org https://ipv6.6sc.co https://epsilon.6sense.com https://v.eps.6sc.co https://px.ads.linkedin.com https://tracking.crazyegg.com https://c.6sc.co https://pagestates-tracking.crazyegg.com https://secure.adnxs.com https://assets-tracking.crazyegg.com https://geolocation.onetrust.com https://ibc-flow.techtarget.com https://www.facebook.com https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://790-zkw-291.mktoresp.com https://privacyportal.onetrust.com https://region1.analytics.google.com https://www.google.it/ads/ga-audiences https://region1.google-analytics.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://use.typekit.net https://*.veracode.com https://*.cloudfront.net data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://www.veracode.com; frame-src 'self' https://*.veracode.com https://play.vidyard.com https://boards.greenhouse.io https://www.googletagmanager.com https://td.doubleclick.net https://insight.adsrvr.org https://match.adsrvr.org https://www.gartner.com https://region1.analytics.google.com https://www.google.it/ads/ga-audiences https://www.facebook.com https://region1.google-analytics.com https://job-boards.greenhouse.io www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://wella-pro.cms.wella.digital; object-src 'none'; upgrade-insecure-requests 2 base-uri 'self'; child-src * gap:; frame-src * gap:; connect-src *; default-src 'self' 'unsafe-inline' *.google-analytics.com *.hotjar.com *.googletagmanager.com *.dre.pt *.diariodarepublica.pt *.hotjar.io *.doubleclick.net *.knightlab.com *.google.com *.google.pt gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data:; img-src * data: blob:; script-src 'unsafe-inline' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.gstatic.com 'unsafe-inline'; frame-ancestors *.incm.pt *.dre.pt *.diariodarepublica.pt 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=QmFfbV50zGg86PoU%2FPmlgCPncx7nK4lHGNKHLcDHpBL9qNtwomDk4pe281XupagUleA7xfTY5TjTuluXVbvB4w%3D%3D; 2 frame-ancestors 'self' https://app.cux.io https://pracujew.rossmann.pl 2 default-src * http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 2 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src https://civi.digitalcourage.de https://digitalcourage.video https://streaming.media.ccc.de; frame-ancestors https://*.rc3.world https://*.rc3.cccv.de https://party.tabascoeye.de; 2 base-uri 'none'; default-src 'self' data: https: wss: 'unsafe-inline'; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://www.googletagmanager.com https://widget.netigate.se https://widget-api.netigate.se https://widgetapi-stage.netigate.se https://netigate.se https://devwidgetstatic.z6.web.core.windows.net; frame-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://s20.video-stream-hosting.de https://start.video-stream-hosting.de https://*.frcapi.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com https://cdn.cookielaw.org 2 frame-ancestors 'self' stvr.sk *.stvr.sk *.dev.stvr.sk stvr.org *.stvr.org 2 frame-ancestors 'self' https://microapps.google.com/ 2 base-uri 'self'; font-src 'self' https: data:; form-action 'self' *.adyen.com; frame-ancestors 'self' *.webflow.com *.webflow.io *.jobleads.com; img-src 'self' https: data:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.optimizely.com *.optimizely.io; upgrade-insecure-requests; connect-src 'self' https: wss: *.optimizely.com *.optimizely.io; 2 default-src *.ewe.de *.delivery.consentmanager.net; script-src 'self' 'unsafe-inline' *.ewe.de www.youtube.com *.intelliad.de dzn97c6tb0xj.cloudfront.net d2gm32i8dgh326.cloudfront.net s.ytimg.com empfehlen-admin.pso-vertrieb.de ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud connect.facebook.net www.dwin1.com *.adform.net www.ewe-empfehlen.de *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud experiences.ewe.de pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev pub-9e9b8076c1e04ada8d131e726daedf4b.r2.dev cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de lantern.roeyecdn.com cdn.consentmanager.net delivery.consentmanager.net *.criteo.com *.criteo.net *.delivery.consentmanager.net; connect-src 'self' *.ewe.de 3k53vn4sgd.execute-api.eu-central-1.amazonaws.com/prod/address-autocomplete api.luk.ewe-solar.de api.luk.ewe-waerme.de ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud ewe-journeys.staging.wlp.cloud ewe-experiences-bff.staging.wlp.cloud global.sitesearch360.com *.g.doubleclick.net *.criteo.com *.criteo.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com api.mypurecloud.de insights.sitesearch360.com *.adform.net api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de www.google.com/pagead/ ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-gw.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud experiences-bff.ewe.de ewe-journeys.staging.wlp.cloud ewe-gw.staging.wlp.cloud sentry.taktsoft.com mpgm8yfu.apicdn.sanity.io track.ewe.de www.facebook.com pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev tracking-ewe.production.wlp.cloud *.delivery.consentmanager.net; img-src 'self' *.ewe.de *.intelliad.de *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net *.smartadserver.com adservice.google.com *.gstatic.com cdn.consentmanager.net a.delivery.consentmanager.net connect.facebook.net adservice.google.de cdn.cai.tools.sap blob: data: ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-prices.production.wlp.cloud cdn.sanity.io ewe-journeys.staging.wlp.cloud *.criteo.com *.criteo.net ; style-src 'self' 'unsafe-inline' *.ewe.de cdnjs.cloudflare.com ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev; font-src 'self' *.ewe.de cdnjs.cloudflare.com data: ewe-journeys.production.wlp.cloud experiences.ewe.de ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev cdn.consentmanager.net delivery.consentmanager.net d.delivery.consentmanager.net; frame-src ewe-journeys.production.wlp.cloud ewe-experiences-bff.production.wlp.cloud www.facebook.com widget.whappodo.com youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud apps.mypurecloud.de td.doubleclick.net *.ewe.de gum.criteo.com fledge.eu.criteo.com fledge.criteo.com cdn.consentmanager.net; media-src 'self' data.ewe.de; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 2 child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.facebook.com *.facebook.com/* *.vimeo.com *.isnetworld.com *.mypurecloud.com; frame-ancestors 'self' *.lightning.force.com; form-action 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com https://s.ytimg.com https://plausible.io; img-src 'self' data: https://cdn.prgloo.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com https://img.youtube.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com; object-src 'self'; report-uri /service/csp; 2 default-src 'self' blob: *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.googleoptimize.com *.googletagmanager.com *.licdn.com *.marketo.net *.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com *.tricentis.com *.trustradius.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://js.adsrvr.org https://bat.bing.com https://cdn.bizible.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://api.company-target.com https://cdn.cookielaw.org https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://*.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://snap.licdn.com https://munchkin.marketo.net https://cdn.mouseflow.com https://eu.mouseflow.com https://netlify-cdp-loader.netlify.app https://*.tricentis.com https://affiliates.tricentis.com https://fast.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://www.youtube.com/iframe_api https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net/trustquotes https://b.6sc.co https://j.6sc.co https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.onetrust.com https://js.sentry-cdn.com https://www.redditstatic.com/ads/pixel.js https://browser.sentry-cdn.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://bat.bing-int.com static.ads-twitter.com; style-src 'self' 'unsafe-inline' 'report-sample' *.marketo.net *.tricentis.com https://www.tricentis.com https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://pages.tricentis.com https://lps.tricentis.com https://www.trustradius.com https://*.typekit.net https://d30ia583fbtg8i.cloudfront.net https://*.onetrust.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.doubleclick.net http://ad.doubleclick.net *.mktoresp.com *.mktoutil.com *.google.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io *.company-target.com https://ws.zoominfo.com bat.bing.com *.google-analytics.com *.demandbase.com *.wistia.com *.onetrust.com *.facebook.com pages.tricentis.com lps.tricentis.com be.tricentis.com *.googlesyndication.com *.googletagmanager.com *.mouseflow.com https://eu.mouseflow.com https://o2.mouseflow.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net dx.mountain.com px.mountain.com gs.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.litix.io https://px.ads.linkedin.com https://ipv6.6sc.co https://c.6sc.co https://logx.optimizely.com https://*.optimizely.com https://*.6sense.com https://eps.6sc.co https://v.eps.6sc.co https://bat.bing.net https://pagead2.googlesyndication.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://controltower.ml-optimizely.com https://cdn.optimizely.com https://cdn.bizible.com https://bat.bing-int.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://amplify.outbrain.com https://tr.outbrain.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt https://google.com; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net https://dudodiprj2sv7.cloudfront.net/font/glyphicons/ https://*.onetrust.com; frame-ancestors 'self' https://www.tricentis.com https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://player.vimeo.com https://fast.wistia.net *.wistia.com https://www.youtube.com https://app.netlify.com https://s.company-target.com https://capture.navattic.com https://tricentis.navattic.com https://a26508490611.cdn.optimizely.com https://a26508490611.cdn-pci.optimizely.com; img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.doubleclick.net http://ad.doubleclick.net https://pubads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://adservice.google.com https://*.googletagmanager.com https://fonts.gstatic.com *.tricentis.com https://www.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com *.capterra.com *.wistia.com *.linkedin.com https://px.ads.linkedin.com *.cookielaw.org *.googlesyndication.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://capterra.s3.amazonaws.com https://eu.mouseflow.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://px.ads.linkedin.com https://b.6sc.co https://cdn.optimizely.com https://alb.reddit.com https://px.ads.linkedin.com https://bat.bing.net https://*.tricentis.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://www.googleadservices.com https://weglot-lang-tricentis-backend.pantheonsite.io https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt https://google.com; media-src 'self' https://js.intercomcdn.com blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; report-uri https://65eb3282bc57ae1120bf66ab.endpoint.csper.io?v=35; worker-src 'self' blob:; 2 default-src 'self' *.storyblok.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: aaa.artefact.com aaa.medion.com ad2.adfarm1.adition.com api.signalize.com app.contentsquare.com app.storyblok.com app.usercentrics.eu bat.bing.com c.amazon-adsystem.com cdn.parcellab.com connect.facebook.net https://exaccess.loyalsys.io *.amazonaws.com *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynamicyield.com *.dynamicyield.eu *.etracker.com *.google.com https://www.youtube.com *.netigate.se *.scarabresearch.com media.medion.com netigate.se s.pinimg.com tag.mention-me.com vercel.live vitals.vercel-insights.com www.etracker.de www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com https://ui-elements.loyalsys.io https://sw-assets.ekomiapps.de/static_resources/; child-src blob:; worker-src blob:; connect-src 'self' ad2.adfarm1.adition.com api.parcellab.com api.paypal.com api.signalize.com api.usercentrics.eu ara.paa-reporting-advertising.amazon *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynamicyield.com *.dynamicyield.eu *.etracker.de *.fact-finder.de *.google-analytics.com *.googlesyndication.com *.netigate.se *.pusher.com *.run.app *.usercentrics.eu www.google.com www.google-analytics.com www.googleadservices.com webshoprain.medion.com ct.pinterest.com netigate.se preprod.medion.com recommender.scarabresearch.com sentry.brandung-dev.de vercel.live vitals.vercel-insights.com webchannel-content.eservice.emarsys.net www.paypal.com https://api.paypal.com https://contact-api.loyalsys.io https://contact-exaccess.loyalsys.io https://bat.bing.com https://adservice.google.com aaa.artefact.com aaa.medion.com https://sw-assets.ekomiapps.de/; style-src 'self' 'unsafe-inline' *.signalize.com *.dynamicyield.com cdn.parcellab.com vercel.live netigate.se *.netigate.se https://smart-widget-assets.ekomiapps.de/static_resources/ https://sw-assets.ekomiapps.de/static_resources/; img-src 'self' blob: data: app.usercentrics.eu bat.bing.com googleads.g.doubleclick.net www.google.com www.google.de assets.vercel.com *.medion.com www.facebook.com *.outbrain.com *.paypal.com www.paypalobjects.com uct.service.usercentrics.eu www.googleadservices.com cdn.dynamicyield.com cdn-eu.dynamicyield.com www.google-analytics.com *.google.nl www.googletagmanager.com www.google.co.in *.signalize.com ad.doubleclick.net contextual.media.net pixel.rubiconproject.com match.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv eb2.3lift.com cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com ad.yieldlab.net e1.emxdgt.com cm.g.doubleclick.net x.bidswitch.net exchange.mediavine.com simage2.pubmatic.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com gum.criteo.com ups.analytics.yahoo.com ib.adnxs.com jadserve.postrelease.com *.criteo.net icons.parcellab.com *.cliplister.com vercel.com region1.analytics.google.com stats.g.doubleclick.net *.contentsquare.net ad2.adfarm1.adition.com netigate.se *.netigate.se adservice.google.com https://smart-widget-assets.ekomiapps.de/resources/ https://sw-assets.ekomiapps.de/resources/; font-src 'self' data: assets.vercel.com www.paypalobjects.com *.signalize.com *.dynamicyield.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https://app.storyblok.com https://www.paypal.com/ scanblue.com netigate.se *.netigate.se; frame-src 'self' https://aax-eu.amazon-adsystem.com https://app.usercentrics.eu/ https://ct.pinterest.com/ https://vercel.live/ https://www.paypal.com/ https://www.paypalobjects.com/ https://www.youtube.com *.amazon-adsystem.com *.cliplister.com *.criteo.com *.doubleclick.net *.fls.doubleclick.net *.scanblue.cloud *.scanblue.com gum.criteo.com netigate.se *.netigate.se www.google.com www.googletagmanager.com www.youtube-nocookie.com *.medion.com; 2 upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; 2 default-src 'self' http://cas.headless.svc.cluster.local:8080 https://*.mpsv.cz https://*.uradprace.cz https://*.google-analytics.com https://*.hotjar.com/ https://*.hotjar.io/ https://stats.g.doubleclick.net/ https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://nominatim.openstreetmap.org https://*.clarity.ms/collect wss://*.hotjar.com/ wss://*.mpsv.cz:9001 wss://*.uradprace.cz:9001 wss://*.predu.sk; img-src 'self' data: https://*.mpsv.cz https://*.gstatic.com https://www.google-analytics.com https://c.seznam.cz/retargeting https://www.google.com/ads/ https://www.google.cz/ads/ https://www.google.com/pagead/ https://www.google.cz/pagead/ https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.openstreetmap.org https://*.clarity.ms/c.gif https://c.bing.com; frame-src 'self' data: formapps: https://www.google.com https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.youtube.com https://player.rss.com/ https://www.youtube-nocookie.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://*.predu.sk https://*.mpsv.cz; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://cas.headless.svc.cluster.local:8080 https://*.gstatic.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://www.google.com https://www.google-analytics.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://portal.gov.cz https://*.predu.sk https://*.mpsv.cz https://unpkg.com/leaflet/dist/leaflet.js https://unpkg.com/leaflet.markercluster/dist/leaflet.markercluster.js https://cdnjs.cloudflare.com/ajax/libs/proj4js/2.7.5/proj4.js https://www.clarity.ms/tag/ https://www.clarity.ms/s/; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.mpsv.cz; font-src 'self' data:; frame-ancestors 'self' https://www.mpsv.cz https://www.uradprace.cz https://*.mpsv.cz; 2 frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://*.kappa.mgmaglev.xyz https://*.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com https://ht-affiliate-qa.hindustantimes.com http://ht-affiliate-preprod.hindustantimes.com https://staging.livemint.com https://pre-prod.livemint.com https://qa-www.hindustantimes.com https://preprod-www.hindustantimes.com https://www.livemint.com https://www.hindustantimes.com 2 frame-ancestors 'self' https://lucid.app 2 frame-ancestors http://webvisor.com; 2 default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net coolingsearch.org cdn.ckeditor.com; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/ https://app.rankedvote.co/ 2 default-src * blob:;connect-src 'self' 'unsafe-inline' https://forms.hsforms.com https://region1.google-analytics.com https://us.consent.api.termly.io https://forms.hubspot.com https://hubspot-forms-static-embed.s2.amazonaws.com https://px.ads.linkedin.com https://*.hs-sites.com https://adservice.google.com https://dev.visualwebsiteoptimizer.com https://*.prodpad.com https://prodpad.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://pixel-config.reddit.com https://aplo-evnt.com https://www.googleadservices.com;frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://game.crisp.chat https://aplo-evnt.com https://www.googletagmanager.com https://td.doubleclick.net;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://*.fs1.hubspotusercontent-na1.net https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.swrooms.com https://js.hubspot.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://static.hsappstatic.net https://js.hsforms.net https://www.youtube.com https://youtube.com https://js.hsadspixel.net https://dev.visualwebsiteoptimizer.com https://*.prodpad.com https://prodpad.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat data:;img-src * data: 2 default-src 'self' fl.ru *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.mail.ru *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.acstat.com artfut.com www.artut.com *.adriver.ru counter.rambler.ru mc.yandex.ru *.mail.ru *.tns-counter.ru; img-src data: blob: *; media-src *.fl.ru *.usedesk.ru static.fl.ru production-flru.website.yandexcloud.net; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru static.fl.ru production-flru.website.yandexcloud.net; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru static.fl.ru smartcaptcha.yandexcloud.net yookassa.ru production-flru.website.yandexcloud.net *.hcaptcha.com *.soundcloud.com direct.yandex.ru mc.yandex.ru *.yandex.md yastatic.net *.typeform.com *.adriver.ru rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru static.fl.ru; connect-src 'self' *.fl.ru fl.ru fl.ru:* *.fl.ru:* ws://fl.ru:* wss://fl.ru:* ws://*.fl.ru:* wss://*.fl.ru:* static.fl.ru ws://*.usedesk.ru *.usedesk.ru *.hcaptcha.com *.popmechanic.ru *.mindbox.ru *.mradx.net *.mail.ru vk.com *.vk.com *.adriver.ru *.acstat.com static.fl.ru *.mail.ru *.yandex.ru yandex.ru ymetrica1.com; 2 frame-ancestors 'self' https://*.forumcommunity.net/ 2 default-src 'self' https: data: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 2 frame-ancestors 'self' https://metallic.io/ 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data:; connect-src https://hcaptcha.com https://*.hcaptcha.com https://o1026979.ingest.sentry.io/; report-uri https://o1026979.ingest.sentry.io/api/5996803/security/?sentry_key=e8c418276d2e4ea7af6b35e151b190bb&sentry_environment=production 2 upgrade-insecure-requests; object-src https://www.datocms-assets.com; block-all-mixed-content; frame-ancestors 'self' https://plugins-cdn.datocms.com; 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; 2 default-src blob: data: ws: 'unsafe-inline' 'unsafe-eval' *.teva.com *.teva-eu.com dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud *.dgdeepai.com chat.digitalgenius.com rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnauserservices.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net edge.fullstory.com rs.fullstory.com *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me pixel.pub.lilyai.net *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com assets.bounceexchange.com pixel-config.reddit.com *.powerreviews.com *.truefitcorp.com *.terracycle.com *.squarecdn.com js.squareup.com www.truefit.com *.typekit.net widgets.trustedshops.com *.integrations.etrusted.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp tr.snapchat.com tr6.snapchat.com *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.datadome.co *.captcha-delivery.com *.kampyle.com *.fls.doubleclick.net *.doubleclick.net google.com adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com api.fillr.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.lightboxcdn.com *.list-manage.com *.us14.list-manage.com api.us-1.gladly.chat chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com ws.us-1.gladly.chat *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com analytics.tiktok.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d2lxqodqbpy7c2.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net gateway.zscalerthree.net dm.slim02.jp nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com *.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com ct.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashsocial.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com *.squarecdn.com js.squareup.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; style-src blob: data: 'unsafe-inline' *.teva.com *.teva-eu.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.etrusted.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net *.klarnaservices.com ui.powerreviews.com *.osano.com web-assets.stylitics.com *.lightboxcdn.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com; font-src data: *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com static.rakuten.com *.global-e.com cdn.honey.io chat.digitalgenius.com likeshop.me script.hotjar.com cdn.joinhoney.com *.lightboxcdn.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; media-src blob: *.teva.com *.teva-eu.com dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com cdn8.forter.com google.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com cdn.gladly.com; child-src *.teva.com *.teva-eu.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com chat-sdk.cdn.gladly.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.klarna.com *.klarnaservices.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pci-connect.squareup.com www.sandbox.paypal.com *.ediemidnightzombies.com *.datadome.co *.captcha-delivery.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com cdn-checkout.joinhoney.com tr.snapchat.com sandbox.frame.hub-box.com frame.hub-box.com pci-connect.squareup.com www.googletagmanager.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com cdn.attn.tv creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; worker-src blob: *.teva.com *.teva-eu.com *.osano.com *.captcha-delivery.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.weglot.com googletagmanager.com www.googletagmanager.com connect.facebook.net *.analytics.google.com *.google.com *.google.cz www.gstatic.com use.fontawesome.com new.wedos.live us-assets.i.posthog.com s.w.org wedos.zone com.wedos.zone wedos.com www.wedos.com wedos.protection wedos.global vedos.cz wedos.online wedos.website wedos.name wedos.eu sodew.ai sodew.cz sodew.hu secure.gravatar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.weglot.com googletagmanager.com www.googletagmanager.com connect.facebook.net use.fontawesome.com *.google.com *.google.cz *.analytics.google.com s.w.org new.wedos.live wedos.zone com.wedos.zone wedos.com www.wedos.com wedos.protection wedos.global vedos.cz wedos.online wedos.website wedos.name wedos.eu sodew.ai sodew.cz sodew.hu; font-src 'self' data: fonts.gstatic.com use.fontawesome.com cdn.weglot.com drtina.art wedos.zone com.wedos.zone wedos.com www.wedos.com wedos.protection wedos.global vedos.cz wedos.online wedos.website wedos.name wedos.eu sodew.ai sodew.cz sodew.hu; img-src 'self' data: secure.gravatar.com cdn.weglot.com googletagmanager.com www.googletagmanager.com connect.facebook.net *.analytics.google.com *.google.com *.google.cz use.fontawesome.com s.w.org new.wedos.live us-assets.i.posthog.com wedos.zone com.wedos.zone wedos.com www.wedos.com wedos.protection wedos.global vedos.cz wedos.online wedos.website wedos.name wedos.eu sodew.ai sodew.cz sodew.hu; connect-src 'self' googletagmanager.com www.googletagmanager.com *.google-analytics.com region1.google-analytics.com *.analytics.google.com *.google.com *.google.cz www.gstatic.com fonts.googleapis.com fonts.gstatic.com api.weglot.com cdn.weglot.com weglot.com s.w.org connect.facebook.net new.wedos.live us-assets.i.posthog.com us.i.posthog.com typebot-viewer.wedos.org; worker-src 'self' blob: cdn.weglot.com wedos.zone com.wedos.zone wedos.com www.wedos.com wedos.protection wedos.global vedos.cz wedos.online wedos.website wedos.name wedos.eu sodew.ai sodew.cz sodew.hu; frame-src 'self' www.googletagmanager.com www.google.com; object-src 'none'; base-uri 'self'; form-action *; 2 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' login.transporeon.com login.int.transporeon.com login.dev.transporeon.com login.test.transporeon.com www.transporeon.com; 2 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hotjar.com *.hotjar.io code.jquery.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com rawgit.com *.googleapis.com tpc.googlesyndication.com www.youtube.com ad-log.dable.io pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.qualtrics.com tools.ietf.org eqms.rhbgroup.com; frame-src 'self' *.qualtrics.com eqms.rhbgroup.com www.youtube-nocookie.com tpc.googlesyndication.com omny.fm assets.bwbx.io www.youtube.com www.google.com td.doubleclick.net *.fls.doubleclick.net pixel.mathtag.com; style-src 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; img-src * blob: data:; font-src 'self' * data:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.qualtrics.com tools.ietf.org eqms.rhbgroup.com transient-api-admin-lb.intranet.rhbgroup.com transientstg.rhbgroup.com www.google.com.sg fonts.googleapis.com stats.g.doubleclick.net pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.googleapis.com www.googleapis.com www.google.com.my cdn.linkedin.oribi.io; upgrade-insecure-requests; 2 default-src 'unsafe-eval' 'unsafe-inline' blob: *;frame-src about: *;img-src data: about: blob: *;font-src data: *;frame-ancestors self my.readymag.com readymag.website readymag.com 2 frame-ancestors *.pennymac.com *.adobe.com 2 frame-ancestors 'self' https://dev.effinity.fr; object-src 'none' 2 default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.google.com *.gstatic.com *.sojern.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mgm.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mgm.mo 'self'; img-src *.googletagmanager.com *.mgm.mo *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.doubleclick.net *.facebook.net *.facebook.com data: blob: 'self';media-src 'self' *.mgm.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' *.tiqcdn.com *.youtube.com *.ytimg.com *.recaptcha.net *.doubleclick.net *.facebook.com *.googletagmanager.com *.google.com; connect-src 'self' *.mgm.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; 2 frame-ancestors https://engage.bruker.com https://tongji.baidu.com 'self'; object-src 'none'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' blob: data: * 2 default-src 'self' data: 'unsafe-inline' https://challenges.cloudflare.com https://*.brightcove.net https://*.google-analytics.com https://*.google.com https://*.brightcove.com *.akamaihd.net *.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://*.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com https://public.tableau.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://files.bettybot.ai https://snap.licdn.com https://*.simpli.fi https://challenges.cloudflare.com https://unpkg.com https://*.fontawesome.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://*.classmarker.com https://cdn.ckeditor.com https://code.jquery.com https://cdn.jsdelivr.net https://public.tableau.com blob:; style-src 'self' 'unsafe-inline' https://files.bettybot.ai https://tagmanager.google.com https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com players.brightcove.net https://cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' https://files.bettybot.ai https://*.linkedin.com https://*.simpli.fi https://d3qoh5n5udjkx5.cloudfront.net https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.crossref.org https://stats.g.doubleclick.net https://*.brightcove.com http://*.brightcove.com *.boltdns.net https://imagebank.osa.org https://imagebank.optica.org https://account.optica.org https://cdn.ckeditor.com https://public.tableau.com https://www.osapublishing.org https://players.brightcove.net *.akamaihd.net; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com about:; connect-src 'self' https://betty-api.tasio.co https://*.brightcovecdn.com https://*.algolia.net https://*.algolianet.com https://*.ads.linkedin.com https://*.fontawesome.com https://opgadmin https://*.optica.org https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://players.brightcove.net edge.api.brightcove.com *.boltdns.net *.akamaihd.net https://cdn.jsdelivr.net; media-src 'self' 'unsafe-inline' https://opg.optica.org https://www.osapublishing.org *.boltdns.net https://*.brightcove.com *.brightcovecdn.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com blob: data:; object-src 'self' 'unsafe-inline' *.akamaihd.net *.boltdns.net; prefetch-src 'self' *.boltdns.net 2 default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://code.jquery.com https://widget.trustpilot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.datatables.net https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/npm https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.bunny.net https://unpkg.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/npm https://cdn.jsdelivr.net 'unsafe-inline'; img-src * data: blob:; font-src 'self' https://fonts.gstatic.com https://fonts.bunny.net; connect-src 'self' https://stats.revbid.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://widget.trustpilot.com https://www.google.com/ https://www.gstatic.com/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://vercel.live https://www.datadoghq-browser-agent.com https://embed.typeform.com https://static.zdassets.com https://*.zendesk.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net https://cdn.prod.website-files.com; style-src 'self' 'unsafe-inline' https://embed.typeform.com https://cdn.prod.website-files.com https://fonts.googleapis.com; img-src 'self' https://static.arkhamintelligence.com https://explorer-api.walletconnect.com https://*.zendesk.com data: https://*.google.com https://cdn.prod.website-files.com; font-src 'self' https://fonts.gstatic.com https://cdn.prod.website-files.com; connect-src 'self' https://browser-intake-datadoghq.com wss://arkm.com https://arkm.com https://explorer-api.walletconnect.com https://api.mixpanel.com https://ekr.zdassets.com https://*.zdassets.com https://*.zendesk.com https://api.typeform.com https://tracking.typeform.com wss://*.zendesk.com https://*.google.com https://www.google-analytics.com; frame-src 'self' https://vercel.live blob: https://form.typeform.com https://www.youtube.com https://www.googletagmanager.com https://td.doubleclick.net; worker-src 'self' blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf13099fba9124cbb76a582d44fe80de0&dd-evp-origin=content-security-policy&ddsource=csp-report; 2 worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net unpkg.com *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.mail.cafepress.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com *.eml.stockingshop.com *.eml.ornamentstreet.com *.eml.baubles.co.uk track.cordial.io tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.turnto.com *.turnto.eu wac.edgecast.net s.axon.ai c.albss.com *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com *.simplytoimpress.com *.photoaffections.com *.canvasworld.com *.mycustomcase.com *.simplytoimpress.co.uk *.parkerandpip.com *.legacylane.com *.gifts.com *.personalcreations.com *.stockingshop.com *.ornamentstreet.com *.baubles.co.uk *.cafepress.com cdn.gonift.com shopper.shop.pe d2mjzob2nc713b.cloudfront.net capig.gifts.com nexus.ensighten.com *.mczbf.com *.herbstarsbuilding.com *.hcaptcha.com d32u6scf3pzwp7.cloudfront.net;frame-ancestors 'self' https://www.gifts.com https://*.personalcreations.com;object-src 'self' https://www.gifts.com;upgrade-insecure-requests 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com always 2 frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com https://www.uol.com.br; 2 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src 'self' https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; base-uri 'self'; 2 default-src 'self' https://trillian.cachefly.net https://static.olark.com https://forms.hubspot.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-attr 'self' 'unsafe-inline' blob: https://*.sc-static.net https://*.bazaarvoice.com https://*.bing.com https://*.cloudfront.net https://*.cookielaw.org https://*.cquotient.com https://*.crazyegg.com https://*.criteo.com https://*.facebook.net https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.igodigital.com https://*.online-metrix.net https://*.pinimg.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.com https://*.toysrus.ca; script-src-elem 'self' 'unsafe-inline' blob: https://*.sc-static.net https://*.bazaarvoice.com https://*.bing.com https://*.cloudfront.net https://*.cookielaw.org https://*.cquotient.com https://*.crazyegg.com https://*.criteo.com https://*.facebook.net https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.iesnare.com https://*.igodigital.com https://*.online-metrix.net https://*.pinimg.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.com https://*.toysrus.ca https://*.typeform.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://*.cloudflare.com https://*.flippenterprise.net https://*.force.com https://*.googleapis.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.typeform.com https://*.typekit.net; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com https://*.bazaarvoice.com https://*.bing.com https://*.bing.net https://*.cookielaw.org https://*.demandware.net https://*.documentforce.com https://*.doubleclick.net https://*.facebook.com https://*.flippenterprise.net https://*.force.com https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.igodigital.com https://*.online-metrix.net https://*.postescanada-canadapost.ca https://*.salesforce.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.cloud https://*.syndigo.com https://*.wishabi.com https://*.wishabi.net https://*.stickyadstv.com; font-src 'self' data: https://*.amazonaws.com https://*.cloudflare.com https://*.gstatic.com https://*.typekit.net https://*.walmartimages.com; connect-src 'self' https://*.bazaarvoice.com https://*.bing.com https://*.bing.net https://*.cookielaw.org https://*.crazyegg.com https://*.criteo.com https://*.doubleclick.net https://*.facebook.com https://*.flipp.com https://*.flippback.com https://*.flippenterprise.net https://*.google-analytics.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.onetrust.com https://*.pinterest.com https://*.postescanada-canadapost.ca https://*.salesforce-sites.com https://*.signifyd.com https://*.smarterhq.io https://*.syndigo.com https://*.typeform.com https://*.wishabi.net; frame-src 'self' https://*.gstatic.com https://*.bazaarvoice.com https://*.bing.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.force.com https://*.google.com https://*.googletagmanager.com https://*.online-metrix.net https://*.opendns.com https://*.pinterest.com https://*.realexpayments.com https://*.signifyd.com https://*.toysrus.ca https://*.typeform.com https://*.youtube.com https://*.zscloud.net; block-all-mixed-content; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 2 frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2 frame-ancestors 'self' https://manage.electronicdesign.com https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2 default-src 'unsafe-inline' https: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self' https://*.tio.ch 2 script-src 'self' *.hdfcsec.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.zopim.com *.facebook.net *.everestjs.net *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.izooto.com *.jsdelivr.net *.wa.me *.razorpay.com *.razorpay.in 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' http://localhost:3000 https://*.vippstech.no https://cm.mobilepay.dev.local http://cd.sitecore.svc.cluster.local https://*.cookiebot.com https://*.linkedin.com https://*.mixpanel.com https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:3000 https://*.vippstech.no https://*.boost.ai https://*.cookiebot.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.adform.net https://snap.licdn.com https://*.puzzel.com https://*.mixpanel.com; style-src 'self' 'unsafe-inline' http://localhost:3000 https://*.vippstech.no; img-src 'self' blob: data: http://localhost:3000 https://*.dev.local https://*.vippstech.no https://*.cookiebot.com https://*.linkedin.com https://googleads.g.doubleclick.net http://vippsmobilepay.com http://vipps.se http://vipps.no https://*.vippstech.no http://mobilepay.dk http://mobilepay.fi https://*.boost.ai http://*.vippstech.no; font-src 'self' http://localhost:3000 https://*.vippstech.no; object-src 'none'; base-uri 'self' http://localhost:3000 https://*.vippstech.no; form-action 'self' http://localhost:3000 https://*.vippstech.no; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://stats.g.doubleclick.net https://*.cookiebot.com https://*.puzzel.com https://*.linkedin.com https://*.mixpanel.com https://*.boost.ai; 2 default-src 'none'; connect-src 'self' https://*.getjerry.com https://*.jerry.ai https://growthbook-api.getjerry.app https://*.s3.us-west-2.amazonaws.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://verifi.podscribe.com https://ipv4.podscribe.com https://vimeo.com; font-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://www.googletagmanager.com https://td.doubleclick.net https://e.infogram.com https://embed.reddit.com https://www.tiktok.com https://player.vimeo.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' blob: data: https://images.ctfassets.net https://jerry-uploads-prod.s3.amazonaws.com https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://secure.gravatar.com https://i2.ytimg.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://verifi.podscribe.com https://i.vimeocdn.com https://i.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://cdn.jsdelivr.net 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://e.infogram.com https://d34r8q7sht0t9k.cloudfront.net https://embed.reddit.com https://www.tiktok.com https://player.vimeo.com https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai https://cdn.jsdelivr.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; worker-src 'self' https://getjerry.com https://jerry.ai https://*.getjerry.com https://*.jerry.ai blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2 frame-ancestors 'self' *.bidorbuy.co.za *.bobshop.co.za *.bob.co.za *.qa.bobshop.co.za; 2 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://static.addtoany.com https://*.piwik.pro https://apps.usw2.pure.cloud https://*.rochesterregional.org https://*.elderone.org https://*.blackbaudhosting.com https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://cdn.jsdelivr.net/npm/@fullcalendar/ https://*.fonts.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.sitecorecloud.io https://*.rochesterregional.org https://*.elderone.org https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.fonts.net; img-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://edge.sitecorecloud.io https://*.rochesterregional.org https://*.blackbaudhosting.com https://*.elderone.org https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io ; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://edge-platform.sitecorecloud.io https://*.coveo.com https://*.rochesterregional.org https://*.elderone.org https://edge.sitecorecloud.io https://edge.sitecorecloud.io/* https://api-cdn.usw2.pure.cloud https://static.addtoany.com https://*.piwik.pro https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io wss://webmessaging.usw2.pure.cloud ; font-src 'self' https://*.googleapis.com https://*.gstatic.com https://prod-rrh.vercel.app https://*.rochesterregional.org https://*.elderone.org data: https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.fonts.net; frame-src 'self' https://*.rochesterregional.org https://*.blackbaudhosting.com https://*.elderone.org https://www.youtube.com https://apps.usw2.pure.cloud https://static.addtoany.com https://*.piwik.pro https://kuula.co https://*.vimeo.com https://vimeo.com https://i.vimeocdn.com https://*.blackbaud.com https://*.blackbaudcdn.net https://my.walls.io https://cdn.walls.io https://*.juicer.io https://*.airtable.com https://airtable.com https://my.matterport.com/; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 2 default-src 'none'; connect-src 'self' https://8133842.fls.doubleclick.net https://dpm.demdex.net https://ingdirect.d1.sc.omtrdc.net https://*.au.ingdirect.intranet https://*.au.ing.net https://*.ingdirect.com.au https://*.biabau.ingdirect.intranet https://*.biab.au.ing.net https://ingdirectaustralia.tt.omtrdc.net http://www.ingdirect.com.au/ https://www.google.com/ccm/; font-src 'self' data:; frame-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://www.googletagmanager.com/gtag/ https://www.youtube.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://ingbankaultd.demdex.net/ https://i.ytimg.com/ https://calculators.infochoice.com.au/ https://keyfactssheet.infochoice.com.au/ https://www.ratecity.com.au/; img-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://ad.doubleclick.net/ https://td.doubleclick.net/ https://cm.everesttech.net/ https://www.facebook.com/tr/ https://www.facebook.com/tr https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://ingdirect.d1.sc.omtrdc.net/ https://calculators.infochoice.com.au/Content/images/ https://i.ytimg.com/ https://dpm.demdex.net/ https://campaigns.ing.com.au/ data:; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://dpm.demdex.net https://ingdirectaustralia.tt.omtrdc.net/m2 https://calculators.infochoice.com.au/ https://www.ratecity.com.au/ https://connect.facebook.net/ https://campaigns.ing.com.au/ https://www.ing.com.au/Offers/; style-src 'self' 'unsafe-inline'; worker-src 'self' 2 frame-ancestors 'self' https://www.99.co; 2 frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 2 default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://www.clarity.ms https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.youtube.com https://www.googleoptimize.com https://uimarketpro.com https://static-prod.uberall.com/ https://uberall.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://*.adform.net; connect-src 'self' https://*.clarity.ms https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://geolocation.onetrust.com https://pubsub.googleapis.com https://uberall.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: https://i.ytimg.com https://www.googletagmanager.com https://static-prod.uberall.com http://www.acens.com https://*.acens.com https://panel.acens.net https://cdn.cookielaw.org https://img.youtube.com https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://challenges.cloudflare.com https://www.googletagmanager.com https://centrodedatos.com/ https://td.doubleclick.net/ https://www.google.com https://www.facebook.com/ https://www.youtube.com/; manifest-src 'self'; 2 default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.afterpay.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.azure.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.cloudflareinsights.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hoyts.co.nz *.hoyts.com.au *.in.applicationinsights.azure.com *.jsdelivr.net *.paypal.com *.paypalobjects.com *.recaptcha.net *.report-uri.com *.smooch.io *.snapchat.com *.vimeo.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com analytics.tiktok.com analytics-ipv6.tiktokw.us apps.rokt.com az416426.vo.msecnd.net cdn.jsdelivr.net emailvalidatoruatfunc.azurewebsites.net google.com insights.algolia.io js.monitor.azure.com sc-static.net tr.snapchat.com stream.mux.com kg668dbov0.execute-api.us-east-1.amazonaws.com; object-src 'none'; frame-src *; img-src 'self' https: data:;upgrade-insecure-requests;report-uri https://hoyts.report-uri.com/r/d/csp/enforce 2 default-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; connect-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; img-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.crazyegg.com; frame-ancestors 'self' https://a.cms.omniupdate.com; font-src * 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com; 2 frame-ancestors https://caramel.la https://caramel.la/* 'self' 2 frame-ancestors 'self' https://*.crsadmin.com; 2 frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com wss://*.screenmeet.com https://*.screenmeet.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://vercel.live https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.piwik.pro https://portal.konvolo.com/chat-widget-bundle.js ; connect-src 'self' ws: *.api.sanity.io https://feed.jobylon.com policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://vercel.live https://*.piwik.pro ; style-src 'self' 'unsafe-inline' policy.app.cookieinformation.com https://*.piwik.pro ; img-src 'self' blob: data: cdn.sanity.io policy.app.cookieinformation.com i.ytimg.com avatars.githubusercontent.com www.gstatic.com www.googletagmanager.com https://*.piwik.pro ; font-src 'self' https://*.piwik.pro ; object-src 'none'; frame-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' app.bankid.no; upgrade-insecure-requests; 2 Content-Security-Policy: frame-ancestors 'self' https://*.superbid.net; 2 frame-ancestors 'self' https://*.eyemed.com https://*.luxottica.com https://*.essilorluxottica.com; 2 default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org https://*.facebook.com https://*.clarity.ms; style-src 'self' 'nonce-8Jhw1Lzp' 'sha256-ND6iXW1aHR5g8r/LihFfVXNCyOKpEA+yocHMpZEXexw=' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-58kCxrZMl/eGrC3RTZz3GdbVVWE7J0AIn2DvVm+5jjM=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org https://*.facebook.net https://analytics.ahrefs.com; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://*.cookie-script.com https://o4504927879692288.ingest.sentry.io https://analytics.ahrefs.com; 2 base-uri 'none'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.run.app ws.zoominfo.com api.country.is js.zi-scripts.com *.outgrow.co *.clickcease.com *.umbraco.com *.hockeystack.com *.youtube-nocookie.com qaltd.outgrow.us dyv6f9ner1ir9.cloudfront.net *.6sc.co *.6sense.com *.quantcount.com *.quantserve.com google.com www.google.com *.oribi.io pixel.mathtag.com secure.adnxs.com *.techtarget.com s.ml-attr.com attr.ml-api.io analytics.tiktok.com js.usemessages.com qaapprenticeships.com cgtforms.com fonts.gstatic.com fonts.googleapis.com s3-eu-west-1.amazonaws.com *.leadforensics.com webeo-web-content.s3-eu-west-1.amazonaws.com cdn.jsdelivr.net ldynamicspublicapi.leadforensics.com *.postcodeanywhere.co.uk secure.cold5road.com *.vzaar.com *.hsleadflows.net *.brightedge.com *.b0e8.com *.b038.com *.bc0a.com *.feefo.com *.soundcloud.com *.hotjar.com *.google-analytics.com *.googleadservices.com *.vimeo.com vimeo.com *.hubapi.com *.google.co.uk *.doubleclick.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.cookiebot.com *.hotjar.com *.hotjar.io *.pcapredict.com cdn.jsdelivr.net *.hsforms.net *.hsforms.com static.hotjar.com *.google-analytics.com *.wowanalytics.com *.wowanalytics.co.uk *.bing.com *.infinity-tracking.net *.facebook.com *.facebook.net *.twitter.com *.licdn.com *.mailanyone.net *.googleapis.com fonts.gstatic.com *.googlesyndication.com *.google-analytics.com *.algolianet.com *.algolia.net *.youtube.com *.qa-stg.com *.qa.com *.google.com *.ads-twitter.com *.gstatic.com t.co *.gatorleads.co.uk *.hubspot.com *.googletagmanager.com *.linkedin.com *.thinkology.co.uk *.twitter.com data: wss: blob: edge.fullstory.com rs.fullstory.com; 2 frame-ancestors 'self' https://sites.ncleg.gov 2 frame-ancestors self https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.cookielaw.org; 2 frame-ancestors 'self' https://*.lancashire.ac.uk https://*.uclan.ac.uk https://virtualexperience.uclan.ac.uk ; form-action 'self' https://secure.worldpay.com https://www.facebook.com/tr/ ; object-src 'none' ; report-uri https://o4504649999843328.ingest.us.sentry.io/api/4504650032939008/security/?sentry_key=7d3c8a66013c44dab7d98ce4734a30e4 ; report-to csp-reporting-endpoint 2 upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 2 default-src 'self' https://jsonplaceholder.typicode.com/ https://api.ntplc.co.th/ https://*.googleapis.com https://*.googleapis.com/* https://uatweb.nteservice.com https://jsonip.com/; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://accounts.google.com/gsi/client http://localhost:3000 http://localhost:5001 http://localhost:3001 https://cdn.jsdelivr.net/npm/axios@1.1.2/dist/axios.min.js https://unpkg.com/vue-thailand-address@3/dist/db.web.js https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js http://localhost:5500 https://api-preweb.ntplc.co.th/ https://jsonplaceholder.typicode.com/ https://code.jquery.com/jquery-3.7.0.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js https://cdn.datatables.net/1.13.7/js/jquery.dataTables.min.js https://cdn.datatables.net/buttons/2.4.1/js/dataTables.buttons.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/pdfmake.min.js https://cdnjs.cloudflare.com/ajax/libs/pdfmake/0.2.7/vfs_fonts.js https://cdn.datatables.net/buttons/2.4.1/js/buttons.html5.min.js https://cdn.datatables.net/buttons/2.4.1/js/buttons.print.min.js https://cdn.datatables.net/fixedcolumns/3.3.2/js/dataTables.fixedColumns.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.3.0/js/bootstrap.bundle.min.js https://cdn.datatables.net/plug-ins/1.10.25/api/sum().js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://cdn.jsdelivr.net/npm/vue/dist/vue.js https://api.ntplc.co.th/ https://uatweb.nteservice.com https://cdn.jsdelivr.net/npm/air-datepicker@3.5.3/air-datepicker.min.js https://jsonip.com/ https://texttospeech.googleapis.com/* https://nt.webchat.zwiz.app/sdk.js cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.google-analytics.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://accounts.google.com/gsi/style http://localhost:3000 http://localhost:5001 http://localhost:3001 http://localhost:5500 https://api-preweb.ntplc.co.th/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://cdn.datatables.net/1.13.7/css/jquery.dataTables.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.datatables.net/fixedcolumns/3.3.2/css/fixedColumns.dataTables.min.css https://code.jquery.com/ui/1.12.1/themes/ui-lightness/jquery-ui.css https://cdn.jsdelivr.net/npm/vue-thailand-address@3/dist/vue-thailand-address.min.css https://www.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com https://cdn.jsdelivr.net/npm/air-datepicker@3.5.3/air-datepicker.min.css https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com http://localhost:3000 http://localhost:3001 https://api-preweb.ntplc.co.th http://localhost:5001 http://localhost:5500 platform.twitter.com https://api.ntplc.co.th/ https://ntplc.co.th/ https://www.ntplc.co.th/images/ https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.google-analytics.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' www.youtube-nocookie.com www.google.com https://www.youtube.com https://nt.webchat.zwiz.app/ web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com validate.theoplayer.com license.theoplayer.com exzillamedia-aaea.streaming.media.azure.net texttospeech.googleapis.com www.nteservice.com maps.googleapis.com https://www.youtube.com https://api-preweb.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com https://jsonip.com/ https://ntplc.co.th/ https://texttospeech.googleapis.com/* https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.google-analytics.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://api-preweb.ntplc.co.th/ https://api.ntplc.co.th/ https://uatweb.nteservice.com web-chat.nativechat.com 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 2 frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src assets.sitescdn.net play.goconsensus.com *.confirmit.eu *.softwareag.com *.techtarget.com bat.bing.com *.baidu.com *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.ceros.com *.marketo.net *.marketo.com siteimproveanalytics.com *.adobe.com *.rlcdn.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.bizible.com *.facebook.net *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' frame-src https://player.vimeo.com; 2 default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.europe-west1.firebasedatabase.app https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.google.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com *.doubleclick.net https://connect.facebook.net https://analytics.tiktok.com https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://*.onetrust.com https://*.hotjar.com;connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk https://*.sndcdn.com https://*.radiomast.io; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com https://*.typekit.net https://*.nts.live; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://*.google.com *.doubleclick.net *.firebaseapp.com https://js.stripe.com *.paypal.com https://www.paypalobjects.com https://www.googletagmanager.com; 2 frame-ancestors 'self'; base-uri 'self'; form-action *.amazon.de blog.teufel.de checkout.getalma.eu checkout.sandbox.getalma.eu *.contentsquare.com *.contentsquare.net *.kameleoon.com *.kameleoon.eu *.kameleoon.io m.exactag.com payments.amazon.de payments.amazon.es payments.amazon.fr payments.amazon.it *.przelewy24.pl retoure.teufel.de row.ups.com service.teufel.de supportb2b.teufel.de support.teufel.de testblog.teufel.de test.saferpay.com teufelsurvey.fra1.qualtrics.com www.saferpay.com www.terminland.de teufel.de zed.teufel.de teufelaudio.at teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://code.jquery.com https://kendo.cdn.telerik.com https://softwareplattform.test.115.de https://*.conword.io https://report.frankfurt.de; style-src 'self' 'unsafe-inline' https://kendo.cdn.telerik.com; img-src 'self' data: https://softwareplattform.test.115.de https://*.frankfurt.de; media-src 'self' 'unsafe-inline' blob: https://*.frankfurt.de https://*.stadt-frankfurt.de https://softwareplattform.test.115.de; font-src 'self' data: ; connect-src 'self' https://*.frankfurt.de https://*.stadt-frankfurt.de https://softwareplattform.test.115.de https://*.conword.io; frame-src 'self' https://*.frankfurt.de https://softwareplattform.test.115.de https://*.urbanpulse.de; worker-src 'self' blob:; upgrade-insecure-requests; 2 default-src 'self' px.ads.linkedin.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk analytics.google.com www.google.com www.google-analytics.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com geoid.investisdigital.com www.googletagmanager.com www.connectidfeed.com static.cloudflareinsights.com; img-src 'self' 'unsafe-inline' data: px4.ads.linkedin.com cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com www.linkedin.com www.lfeeder.com fonts.gstatic.com naspers-corp-v2.cm.invdcloud-is.co.uk px.ads.linkedin.com tr-rc.lfeeder.com i.vimeocdn.com i.ytimg.com www.youtube-nocookie.com naspers-corp-v2.cm.idxcloud.co.uk google-analytics.com tr.lfeeder.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.google.com www.google.co.in viz.tools.investis.com www.brightcove.com www.boltdns.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com www.connectidfeed.com p.typekit.net; frame-src 'self' www.youtube-nocookie.com td.doubleclick.net player.vimeo.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk otp.tools.investis.com cdn.jsdelivr.net www.youtube.com cdnjs.cloudflare.com www.google.com code.jquery.com www.google-analytics.com fonts.googleapis.com www.googletagmanager.com www.connectidfeed.com irs.tools.investis.com; style-src assets.investisdigital.com 'self' 'unsafe-inline' 'unsafe-eval' p.typekit.net naspers-corp-v2.cm.invdcloud-is.co.uk fonts.googleapis.com www.googletagmanager.com naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net viz.tools.investis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com use.typekit.net assets.investisdigital.com; script-src www.linkedin.com px.ads.linkedin.com snap.licdn.com player.vimeo.com f.vimeocdn.com www.youtube-nocookie.com sc.lfeeder.com staticcontents.investisdigital.com static.cloudflareinsights.com analytics.google.com www.google.com www.google-analytics.com www.amazonaws.com assets.investisdigital.com www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net 'self' 'unsafe-inline' otp.tools.investis.com www.youtube.com connect.facebook.net 'unsafe-eval' unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com viz.tools.investis.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com use.typekit.net irs.tools.investis.com; media-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.linkedin.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.brightcovecdn.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com; connect-src jzkss3k18d.execute-api.eu-west-1.amazonaws.com edge.api.brightcove.com www.linkedin.com px.ads.linkedin.com www.youtube-nocookie.com analytics.google.com www.google.com www.google-analytics.com www.amazonaws.com assets.investisdigital.com viz.tools.investis.com www.naspers.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk stats.g.doubleclick.net www.connectidfeed.com www.brightcove.com geoid.investisdigital.com region1.google-analytics.com cookiemanager.investisdigital.com www.youtube.com fonts.googleapis.com; font-src 'self' naspers-corp-v2.cm.invdcloud-is.co.uk fonts.gstatic.com naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.connectidfeed.com www.googletagmanager.com use.typekit.net; object-src 'none'; base-uri 'self'; 2 frame-ancestors 'self' https://*.quikr.com; frame-src 'self' https://*.doubleclick.net https://www.googletagmanager.com https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://*.google.com https://www.youtube.com https://*.facebook.com https://www.googleadservices.com https://api.juspay.in https://sender.cleverwebserver.com https://c.clvrads.com 2 frame-ancestors 'self' https://www.circana.com https://*.circana.com https://*.iriworldwide.com; 2 frame-ancestors 'self' https://planeetta.ladesk.com 2 default-src 'self'; img-src 'self' data: pixel.wp.com *.hemi.xyz secure.gravatar.com *.wordpress.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.hemi.xyz *.wp.com cdn.markfi.xyz; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.wp.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.hemi.xyz api.github.com cdn.markfi.xyz a.markfi.xyz; frame-src 'self' *.youtube.com; worker-src 'self' blob:; 2 frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2 default-src 'self'; style-src 'self' 'unsafe-inline' https://*.inside-graph.com https://fonts.googleapis.com https://*.typekit.net; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.queue-it.net https://*.krxd.net https://bam.nr-data.net https://*.adsrvr.org https://*.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://pixel.mathtag.com https://*.visualwebsiteoptimizer.com https://*.analytics.yahoo.com https://www.google-analytics.com https://s.yimg.com https://js-agent.newrelic.com https://*.inside-graph.com https://staticcdn.co.nz; img-src 'self' data: https://*.krxd.net https://*.mylotto.co.nz https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.nz https://staticcdn.co.nz https://shielded.co.nz https://*.adsrvr.org https://*.doubleclick.net; connect-src 'self' https://*.mylotto.co.nz https://misnwhpjb8.execute-api.ap-southeast-2.amazonaws.com https://bam.nr-data.net wss://*.inside-graph.com https://*.inside-graph.com https://*.google-analytics.com https://*.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://cornerstonecx.co.nz https://*.krxd.net https://*.adsrvr.org https://*.windcave.com https://*.paymentexpress.com https://*.doubleclick.net https://*.mathtag.com https://*.finrings.com https://*.youtube.com https://*.vimeo.com https://*.wagerworks.com https://*.nz.rgsgames.com https://*.az4.rgsgames.com https://*.i-w-g.com https://*.mylotto.co.nz https://*.flashtalking.com https://staticcdn.co.nz; font-src 'self' data: https://*.mylotto.co.nz https://mylotto.co.nz https://*.inside-graph.com https://fonts.gstatic.com 2 frame-ancestors 'self' lob.de *.lehmanns.de *.lehmanns.ch lehmannspro.de lehmannsbib.de *.socialnet.de; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.lehmanns.de *.lehmanns.ch *.googleapis.com *.google-analytics.com *.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com widgets.trustedshops.com 2 frame-ancestors https://jsapps.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com https://dev.fanniemay.com https://staging.thorntons.com https://staging.fanniemay.com https://www.fanniemay.com https://www.thorntons.com accstorefront.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com:443 2 frame-ancestors 'self' googleads.g.doubleclick.net www.youtube.com propellerads.com *.propellerads.com; 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2 default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ; 2 upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.us *.santanderbank.com; script-src 'self' *.gstatic.com *.openbank.com *.openbank.us *.santanderbank.com https://www.google.com 'nonce-gatsby-script-loader' 'nonce-gatsby-chunk-mapping' 'nonce-tealium' tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.ytimg.com *.googletagmanager.com blob: 'nonce-atjs' *.omtrdc.net 'nonce-gatsby-compilation-hash' *.we-stats.com *.facebook.net *.impactradius-event.com *.amazon-adsystem.com/ https://advertising-api.amazon.com *.redditstatic.com/ads/ https://bat.bing.com/bat.js https://www.clarity.ms/ https://flex.msn.com/mstag/tag/ https://analytics.tiktok.com/ https://business.tiktok.com/ https://s.yimg.com/wi/ytc.js https://ups.analytics.yahoo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://pixel-prod.sprinklr.com/ https://bat.bing.com/p/action/211050051.js https://*.g.doubleclick.net/ api.securedvisit.com content.securedvisit.com track.sv.rkdms.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com https://www.googleadservices.com/; connect-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.google-analytics.com *.we-stats.com *.biocatch.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net https://dpm.demdex.net https://sbna.tt.omtrdc.net https://o.clarity.ms/collect https://*.clarity.ms/collect https://*.omtrdc.net https://assets.adobetarget.com/sbna/ https://s.amazon-adsystem.com/ https://ara.paa-reporting-advertising.amazon/ santander.sv.rkdms.com track.securedvisit.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com https://analytics-fe.digital-cloud.medallia.com https://google.com/; style-src 'unsafe-inline' 'self' *.openbank.com *.openbank.us *.santanderbank.com *.omtrdc.net content.securedvisit.com; img-src 'self' *.openbank.com *.openbank.us *.santanderbank.com data: *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.googlesyndication.com cm.everesttech.net https://dpm.demdex.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ *.r.msn.com https://assets.pinterest.com/images/PinExt.png https://datacloud.tealiumiq.com/vdata/i.gif https://sp.analytics.yahoo.com/ https://b91.yahoo.co.jp/ https://bat.bing.com/action/ https://c.clarity.ms/c.gif https://c.bing.com/c.gif https://*.bing.com/c.gif images.securedvisit.com track.sv.rkdms.com santander.sv.rkdms.com track.securedvisit.com https://www.google.com/; media-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.youtube.com; frame-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.gstatic.com *.youtube.com https://www.google.com *.doubleclick.net blob: sbna.demdex.net https://*.demdex.net https://flex.msn.com/ https://s.amazon-adsystem.com/ https://www.googletagmanager.com/ api.securedvisit.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com; child-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.gstatic.com *.youtube.com https://www.google.com *.doubleclick.net blob: sbna.demdex.net ;frame-ancestors 'self' *.adobedtm.com *.adobe.com; 2 frame-ancestors self https://signup.buildbox.com http://login-redirect.buildbox.com https://www.surveymonkey.com/r/K3GMYZC https://www.surveymonkey.com/r/QRNB36V https://www.surveymonkey.com 2 frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 2 default-src https: unsafe-inline; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://chat.adecco.com wss://directline.botframework.com https://directline.botframework.com https://www.google.com/pagead/landing https://cdn.vev.design https://www.google.com/pagead/landing https://snap.licdn.com/ https://px.ads.linkedin.com https://px.ads.linkedin.com/wa https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://t.indeed.com https://apply.indeed.com/ https://maps.googleapis.com https://api-us2.herefish.com https://cdn.equalweb.com https://access.equalweb.com wss://chatbot-api.jobijoba.io https://*.herefish.com https://cdn.cookielaw.org https://chatbot-widget.jobijoba.io https://api.omappapi.com https://api.herefish.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.qualified.com wss://*.qualified.com https://js.qualified.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://was-nam-us-qa-calculation.azurewebsites.net https://was-nam-us-prd-calculation.azurewebsites.net https://stats.g.doubleclick.net https://help.hotjar.com https://support.google.com https://*.omappapi.com https://bhgateway.azurewebsites.net https://was-nam-us-dev-bhapi.azurewebsites.net https://bhgatewayqa.azurewebsites.net/tk/fol/d00d7224567448908769a002fb2c7a55/cs https://bhgateway.azurewebsites.net/tk/fol/be667283af7c4d799c7adc7d062166c0/cs *.onetrust.com *.cookie-cdn.cookiepro.com https://693-hjb-668.mktoresp.com https://www.google.com https://api.company-target.com/; font-src 'self' https:;frame-ancestors 'self' https://mycrc.lhh.com https://cdn.linkedin.oribi.io https://www.jobup.ch https://www.jobs.ch https://www.experteer.ch https://pro.komin.io/; 2 img-src 'self' data: *.cookielaw.org *.6sc.co *.google.com *.linkedin.com *.reddit.com *.hubspot.com *.facebook.com *.sanity.io *.fontawesome.com *.hsforms.com *.wistia.com *.mutinyhq.io https://*.mutinycdn.com https://*.doubleclick.net https://*.googletagmanager.com https://c.clarity.ms https://*.bing.com https://*.greencolumnhealth.com https://*.getdbt.com https://impartner.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://*.googleapis.com https://packages.prmcdn.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.hs-scripts.com js.hsforms.net *.6sc.co *.mutinyhq.io https://*.mutinycdn.com blob: https:; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com https://cloud.getdbt.com https://*.cloud.getdbt.com https://*.dbt.com https://www.facebook.com; frame-ancestors 'self' https://*.youtube.com https://*.wistia.com https://app.mutinyhq.com *.getdbt.com *.vercel.app http://localhost:3000; 2 default-src 'self' blob: https://challenges.cloudflare.com https://vod-progressive-ak.vimeocdn.com https://cdn.simplecast.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://apps.sitecore.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com http://ajax.googleapis.com https://maps.googleapis.com https://geoip-js.com https://www.google-analytics.com https://cdn.siteimprove.net https://player.simplecast.com cdnjs.cloudflare.com https://my2.siteimprove.com https://id.siteimprove.com unpkg.com https://*.sharethis.com https://player.vimeo.com https://*.vimeocdn.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://cdn.yoshki.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://*.siteimproveanalytics.io https://cdn.yoshki.com; style-src 'self' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' https://challenges.cloudflare.com https://cdn.cookielaw.org https://www.googletagmanager.com https://maps.googleapis.com https://js.maxmind.com https://cdnjs.cloudflare.com/polyfill/ https://siteimproveanalytics.com https://www.google-analytics.com https://platform-api.sharethis.com https://extend.vimeocdn.com https://cdn.siteimprove.net http://ajax.googleapis.com https://code.jquery.com cdn.jsdelivr.net unpkg.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' independentsector.org; 2 frame-ancestors 'self' https://*.tenniswarehouse-europe.com https://*.tennis-warehouse.com https://*.runningwarehouse.com https://*.runningwarehouse.eu https://www.runningwarehouse.de https://www.runningwarehouse.it https://www.runningwarehouse.es https://www.runningwarehouse.fr; 2 default-src 'self' data:; connect-src 'self' piwik.itzbund.de cldf-wzw-od.r53.cdn.tv1.eu; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtu.be *.ytimg.com *.vimeo.com *.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com youtube.com *.youtu.be youtu.be *.vimeo.com *.aktion-mensch.de *.materna.de *.cdninstagram.com *.youtube-nocookie.com *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtu.be *.vimeo.com *.twitter.com *.instagram.com *.cdninstagram.com *.youtube-nocookie.com *.3qsdn.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtu.be *.twitter.com *.cdninstagram.com *.youtube-nocookie.com *.ytimg.com *.openstreetmap.org; frame-ancestors 'self'; upgrade-insecure-requests; 2 report-uri /csp-report.php; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://img.bankid.cz; connect-src 'self' *.analytics.google.com *.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2 frame-ancestors 'self' https://*.tsum.ru https://*.tsum.com; report-uri https://sentry.tsum.com/api/14/security/?sentry_key=009c465ac17e4f3fb722940ac763c938 2 base-uri 'none'; font-src 'self' https://*.motel-one.com https://*.the-cloud-one.com https://*.computop-paygate.com https://*.brame-gamification.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://*.dialogshift.com *.abtasty.com; form-action 'self' https://*.motel-one.com https://*.the-cloud-one.com; frame-ancestors 'self' https://*.motel-one.com https://*.the-cloud-one.com; img-src 'self' data: https://*.motel-one.com https://*.the-cloud-one.com https://image.feature.motel-one.com https://image.stage.motel-one.com https://image.motel-one.com https://i.ytimg.com https://*.facebook.com https://*.abtasty.com https://*.hurra.com https://*.editor-assets.abtasty.com https://*.adup-tech.com https://*.doubleclick.net https://*.bing.com https://*.bing.net https://*.cdninstagram.com https://*.squarelovin.com https://squarelovin.com https://ik.imagekit.io https://*.google-analytics.com https://t.co https://*.adnxs.com https://*.demdex.net https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.postrelease.com https://*.ivitrack.com https://*.adform.net https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.sharethrough.com https://*.pinimg.com https://*.mediavine.com https://*.facebook.net https://*.google.de https://*.google.com https://*.google.rs https://*.google.ro https://*.google.nl https://*.cx.atdmt.com https://maps.gstatic.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://assets.pinterest.com https://log.pinterest.com https://*.fbcdn.net https://image.motel-one.com https://*.motel-one.com https://*.the-cloud-one.com https://*.gstatic.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://analytics.twitter.com https://*.demdex.net https://*.criteo.com https://id5-sync.com https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.yieldlab.net https://*.postrelease.com https://*.ivitrack.com https://*.adform.net https://*.omnitagjs.com https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.twiago.com https://*.360yield.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.media.net https://*.sharethrough.com https://www.googletagmanager.com https://ih.adscale.de https://ads.betweendigital.com https://ads.travelaudience.com https://sync.1rx.io https://sync.targeting.unrulymedia.com editor-assets.abtasty.com; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https://*.motel-one.com https://*.the-cloud-one.com 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.abtasty.com https://try.abtasty.com try.abtasty.com https://common-fonts.abtasty.com https://*.hurra.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.pinterest.com https://*.googletagmanager.com https://*.bing.com https://*.bing.net https://*.squarelovin.com https://fonts.googleapis.com https://tagmanager.google.com https://*.google.com https://*.dialogshift.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.googletagmanager.com/debug/badge https://try.abtasty.com https://*.hurra.com https://*.adup-tech.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.bing.com https://*.bing.net https://cdnjs.cloudflare.com https://code.jquery.com https://brame-static.s3.amazonaws.com https://*.googleapis.com https://www.google-analytics.com https://*.creativecdn.com https://s.ytimg.com https://*.googleadservices.com https://*.facebook.com https://*.dialogshift.com https://*.criteo.com https://*.criteo.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ch https://*.google.co.cr https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.co.zw https://*.google.de https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.kw https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.im https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://static.ads-twitter.com https://analytics.twitter.com https://assets.pinterest.com https://log.pinterest.com https://*.squarelovin.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://ads.travelaudience.com https://*.triptease.io https://sgtm.motel-one.com https://sgtm.jobs.motel-one.com https://sgtm.the-cloud-one.com try.abtasty.com blob: *.abtasty.com; upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.triptease.io https://*.motel-one.com https://*.the-cloud-one.com; connect-src 'self' https://*.motel-one.com https://*.the-cloud-one.com https://*.google.com https://*.googletagmanager.com https://*.ingest.sentry.io https://*.abtasty.com https://*.googleapis.com https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.facebook.com https://*.surveysparrow.com https://*.google-analytics.com https://maps.googleapis.com https://*.adup-tech.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.dialogshift.com https://core.prod.co25.net https://*.bing.com https://*.bing.net https://*.triptease.io *.abtasty.com analytics.tiktok.com; frame-src 'self' https://*.motel-one.com https://*.motel-one.local https://*.the-cloud-one.com https://*.the-cloud-one.local https://*.hurra.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.googletagmanager.com https://www.youtube-nocookie.com https://*.computop-paygate.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://www.youtube.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.googleadservices.com https://creativecdn.com https://*.creativecdn.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.google.de https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.usercentrics.eu https://log.pinterest.com https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://*.brame-gamification.com https://*.triptease.io; 2 img-src * 'self' https: 'unsafe-eval' data: https://*.transcend.io/* https://*.mutinycdn.com/* https://*.mutinyhq.io/* https://*.mutinyhq.com/* https://*.qualified.com/* https://*.wistia.com/* http://splashthat.com/* http://*.marketo.net/* http://*.6sc.co/* https://app.qualified.com/ https://sync.transcend.io/ https://vercel.live/ https://www.youtube.com/ http://668-yxh-576.mktoweb.com/ https://cdn.transcend.io/ https://splashthat.com/ http://splashthat.com/ http://munchkin.marketo.net/ wss://ws.qualified.com/ https://client-registry.mutinycdn.com/ http://668-yxh-576.mktoresp.com https://videos.ctfassets.net/ wss://ws7.hotjar.com/ wss://ws-us3.pusher.com/ https://events.rm-api.com/ https://app.mutinyhq.com/; frame-ancestors 'self' https://app.mutinyhq.com/; 2 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';frame-src 'self' https: blob:;style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://cdnjs.cloudflare.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:* https://cdn.jsdelivr.net:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'self'; 2 frame-ancestors 'self' https://top.gg 2 connect-src 'self' *.google.com google.com *.google-analytics.com www.google-analytics.com *.analytics.google.com *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.fundraiseup.com *.paypal.com *.fndrsp-checkout.net fndrsp-checkout.net *.fndrsp.net fndrsp.net pagead2.googlesyndication.com *.googlesyndication.com *.civiccomputing.com *.shopifysvc.com *.myshopify.com *.ads.linkedin.com api.getaddress.io; default-src 'self' www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com *.fundraiseup.com; frame-src 'self' data: *.google.com google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net *.stripe.com *.paypal.com muchloved.com www.muchloved.com *.muchloved.com *.amazonaws.com *.dwcdn.net; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com *.vimeocdn.com *.ytimg.com *.twitter.com *.youtube.com *.pixeledeggs.com *.doubleclick.net *.fundraiseup.com ucarecdn.com *.paypal.com *.paypalobjects.com www.facebook.com *.facebook.com cdn.shopify.com *.shopify.com *.ads.linkedin.com *.adalyser.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net muchloved.com www.muchloved.com *.muchloved.com cc.cdn.civiccomputing.com *.civiccomputing.com *.cdn.civiccomputing.com sdks.shopifycdn.com *.shopifycdn.com snap.licdn.com *.licdn.com *.adalyser.com; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com *.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.hotjar.com *.fundraiseup.com *.stripe.com *.paypal.com *.civiccomputing.com *.cdn.civiccomputing.com cc.cdn.civiccomputing.com muchloved.com www.muchloved.com *.muchloved.com sdks.shopifycdn.com *.shopifycdn.com snap.licdn.com *.licdn.com *.adalyser.com cdn.getaddress.io; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.hotjar.com fonts.googleapis.com; worker-src 'self' blob:; 2 default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src 'self' blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' https://*.schoology.com http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org https://*.iap.lausd.net 2 frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://cdn.appdynamics.com https://cloud.typography.com https://flyers.pcoptimum.ca https://aq.flippenterprise.net blob: *.salesforceliveagent.com https://lcljoefresh.sc.omtrdc.net https://smetrics.pcoptimum.ca https://www.circularhub.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://optimize.google.com https://tagmanager.google.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://*.hotjar.com *.doubleclick.net https://tagmanager.google.com https://s.pinimg.com https://ct.pinterest.com *.ecdrsvc.com https://dsum-sec.casalemedia.com https://spotxchange.com https://pubmatic.com https://rubiconproject.com *.kampyle.com *.medallia.ca *.zuora.com https://ws1.postescanada-canadapost.ca https://static.ada.support https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal-ca.onetrust.com https://geolocation.onetrust.com https://static.pcoptimum.ca https://storage.googleapis.com https://fonts.googleapis.com; frame-src https://www.circularhub.com https://lcljoefresh.demdex.net https://cdn.appdynamics.com https://optimize.google.com https://bid.g.doubleclick.net https://vars.hotjar.com *.doubleclick.net https://flyers.pcoptimum.ca *.kampyle.com *.medallia.ca *.zuora.com https://pc-optimum.ada.support https://f.wishabi.net https://www.googleadservices.com https://www.googletagmanager.com https://preview.emagazines.com/; connect-src 'self' https://api.loblaw.ca https://api.pcoptimum.ca https://assets-platform.loblaws.ca https://accounts.pcid.ca https://api.pcid.ca https://ws2.bullseyelocations.com https://storage.googleapis.com https://static.pcoptimum.ca https://flyers.pcoptimum.ca https://aq.flippenterprise.net https://dam.flippenterprise.net https://sentry.io https://sfml.flippback.com https://multi-item-broker.flippback.com https://cdn-gateflipp.flippback.com https://p.flipp.com https://maps.gstatic.com https://maps.googleapis.com https://smetrics.pcoptimum.ca https://dpm.demdex.net https://lcljoefresh.demdex.net *.omtrdc.net https://connect.facebook.net https://tagmanager.google.com https://www.google-analytics.com https://www.google.com *.hotjar.com *.doubleclick.net https://s.pinimg.com https://ct.pinterest.com *.ecdrsvc.com https://dsum-sec.casalemedia.com https://spotxchange.com https://pubmatic.com https://rubiconproject.com https://spmini.loblaws.ca https://spq.pcoptimum.ca https://sp.pcoptimum.ca https://col.eum-appdynamics.com *.kampyle.com *.medallia.ca https://cdn.contentful.com https://assets.pcoptimum.ca https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://sentry-dev.loblaw.digital https://sentry-prod.loblaw.digital https://rollout.ada.support/pc-optimum/client.json https://pc-optimum.ada.support https://browser-http-intake.logs.datadoghq.com https://static.ada.support https://dis-prod.assetful.loblaw.ca https://assets.shop.loblaws.ca https://tw2ff8hfo0.kameleoon.eu https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://events.kameleoon.com https://api.kameleoon.com/ https://data.kameleoon.io https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal-ca.onetrust.com https://ccmapp.loblaw.ca https://geolocation.onetrust.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://assets.shop.loblaws.ca *.kampyle.com *.medallia.ca https://tagmanager.google.com https://optimize.google.com https://ws1.postescanada-canadapost.ca https://aq.flippenterprise.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com; img-src 'self' blob: https://assets.pcoptimum.ca https://pcoptimum.s3.us-east-1.amazonaws.com https://pcoptimum.s3.amazonaws.com https://assets.shop.loblaws.ca https://assets.beauty.shoppersdrugmart.ca https://assets.beautyboutique.ca data: https://f.wishabi.net https://aq.flippenterprise.net https://cdn.flippenterprise.net https://a.wishabi.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.facebook.com https://cm.everesttech.net https://www.google.com https://www.google.ca https://dpm.demdex.net https://www.googletagmanager.com https://lcljoefresh.sc.omtrdc.net https://cx.atdmt.com https://connect.facebook.net https://cm.everesttech.net https://cdn.appdynamics.com https://www.google-analytics.com https://optimize.google.com https://fcmatch.google.com https://fcmatch.youtube.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://script.hotjar.com https://ct.pinterest.com *.ecdrsvc.com https://dsum-sec.casalemedia.com https://spotxchange.com https://pubmatic.com https://rubiconproject.com *.doubleclick.net *.kampyle.com *.medallia.ca *.ctfassets.net https://*.assetful.loblaw.ca https://smetrics.pcoptimum.ca https://ws1.postescanada-canadapost.ca https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://match.adsrvr.org https://static.pcoptimum.ca https://digital.loblaws.ca; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://assets.beautyboutique.ca data: *.kampyle.com *.medallia.ca https://assets.loblaws.ca; media-src 'self' *.lwcdn.com https://f.wishabi.net https://s7d1.scene7.com; upgrade-insecure-requests 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.rueducommerce.fr *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com www.googletagmanager.com *.gstatic.com *.cloudfront.net connect.facebook.net www.google-analytics.com www.googlecommerce.com aswpapieu.com aswpsdkeu.com *.doubleclick.net *.g.doubleclick.net *.groupe-ldlc.com *.google.com *.google.fr www.facebook.com www.gstatic.com *.googleapis.com www.youtube.com www.youtube-nocookie.com mpshare.iesnare.com *.trustpilot.com *.twitch.tv *.bimp.fr analytics.tiktok.com www.tiktok.com platform.twitter.com syndication.twitter.com *.ttwstatic.com dl.asnapieu.com mycliplister.com *.mycliplister.com *.demoup.com script.tapfiliate.com *.cloudflare.com www.dwin1.com lantern.roeyecdn.com profiling.veoxa.com ad.ad-srv.net sv.ciblelink.com js.cookieless-data.com js.sddan.com trk.datnova.com www.awin1.com the.sciencebehindecommerce.com tracking.groupe-ldlc.com plausible.io *.plausible.io actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.rr.skeepers.io *.caast.tv *.mux.com;img-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com media.ldlc.com *.gstatic.com *.rueducommerce.fr *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com chat.userlike.com connect.facebook.net dl.asnapieu.com *.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com tracking.groupe-ldlc.com js.cookieless-data.com lantern.roeye.com secure.adnxs.com www.wepowerconnections.com www.awin1.com trk.datnova.com plausible.io *.plausible.io actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.rr.skeepers.io *.caast.tv;connect-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com media.ldlc.com *.gstatic.com *.rueducommerce.fr *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com wss://umd.userlike.com chat.userlike.com connect.facebook.net dl.asnapieu.com *.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com frstre.com tracking.groupe-ldlc.com the.sciencebehindecommerce.com www.googleadservices.com www.wepowerconnections.com plausible.io *.plausible.io actorssl-5637.kxcdn.com *.myfeelback.com *.skeepers.io *.rr.skeepers.io *.caast.tv wss://*.caast.tv *.mux.com;frame-ancestors 'self';report-uri https://www.rueducommerce.fr/sentry/api/2/security/?sentry_key=c8b22032a6c9c94aab9079191a8e0008; 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2 default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com ; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com https://*.cookiebot.com ; connect-src 'self' cdn.sanity.io cdn.equinor.com https://bcdn.screen9.com https://qcdn.screen9.com https://h61q9gi9.api.sanity.io https://h61q9gi9.apicdn.sanity.io/ https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://*.cookiebot.com https://eu-api.friendlycaptcha.eu ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://*.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://www.youtube-nocookie.com https://h61q9gi9.api.sanity.io http://localhost:3333; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://qcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 2 default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 2 frame-ancestors 'self' https://inside.polo-motorrad.com https://polo-motorrad.staffbase.com http://staffbase.com localhost:* 2 upgrade-insecure-requests; frame-ancestors 'self' *.ibercajadirecto.com *.ibercaja.es; 2 default-src 'self'; script-src 'self' 'nonce-9736fe8a-6062-479f-962f-8b48bf420150' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-9736fe8a-6062-479f-962f-8b48bf420150' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 2 frame-ancestors 'self' https://franklin.instructure.com; 2 frame-ancestors 'self' https://solar.justpark.com https://business.justpark.com https://pay-26l.pages.dev/ https://o2landingpage.kinsta.cloud/ https://pay.justpark.com/ https://app.storyblok.com/ 2 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.pagescdn.com *.yextpages.net *.ahni.com; 2 default-src 'self' blob: data: gap:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.entel.cl *.en.tel *.ampproject.org *.cliengo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.adnxs.com *.doubleclick.net *.rfihub.com *.vimeo.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.bing.com *.qualtrics.com *.cloudfront.net *.google-analytics.com *.youtube.com *.run.app *.visualwebsiteoptimizer.com *.ocularsolution.com *.creativecdn.com https://www.liveentel.cl/ https://cdn.cookielaw.org/ https://ws01.a365.com.pe:5443 https://ad.soicos.com https://api.instanda.us https://entel.sistemaimpulsa.com https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://ds-aksb-a.akamaihd.net/aksb.min.js https://front.optimonk.com/public/122144/js/preload.js https://gs-cdn.optimonk.com/jfclientsdk/latest/jfclientsdk.min.js https://hit.uptrendsdata.com/rum.min.js https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://unpkg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://entel.sistemaimpulsa.com/catchform-oportunidades.js https://js.hs-analytics.net/ https://js.hs-banner.com/6758175.js https://js.hs-scripts.com/6758175.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://prism.app-us1.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://track.neianalytics.com/piwik.js https://trackcmp.net/t_prism_sitemessages.php https://www.googleadservices.com wss://claudia-bff-web-production.lisstaylor.net/ https://snap.licdn.com/ https://www.gstatic.com https://smtpjs.com/v3/smtp.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/releases/v5.0.6/js/all.js https://www.google-analytics.com/analytics.js https://embedded-files.tryadviser.com https://cloudfront.barilliance.com/entel.cl https://cloudfront.barilliance.com/entel.cl/cbar.js.php https://www.barilliance.net https://static.barilliance.com/web-push/service-worker.js https://assets.videsk.io https://api.telegram.org https://www.google.cl http://js.hsforms.net/forms/v2.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://hcaptcha.com https://cdn.alive.haus/ https://api-events.alive.haus/ https://site.golive.haus/ https://*.maze.co/ https://tags.tiqcdn.com/libs/tealiumjs/latest/tealium_collect.min.js https://tags.tiqcdn.com/shared/tms/ https://analytics.tiktok.com/ https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://app.vwo.com https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js visitor-service-us-east-1.tealiumiq.com visitor-service.tealiumiq.com https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://cdn.jsdelivr.net/npm/fuse.js@6.5.3 https://www.datadoghq-browser-agent.com https://web-vitals-script.leaderint.workers.dev https://*.clarity.ms; style-src 'unsafe-inline' 'report-sample' 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.googletagmanager.com *.bing.com *.onesignal.com *.doubleclick.net *.ocularsolution.com https://cdn.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://embedded-files.tryadviser.com https://assets.videsk.io https://www.barilliance.net https://*.maze.co https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://app.vwo.com; font-src 'self' 'unsafe-inline' data: *.entel.cl *.en.tel *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net https://cdn.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.maze.co https://*.digitalretail.vodafone.com https://db.onlinewebfonts.com/t/ https://entel.cdn.modyo.com; object-src 'self'; base-uri 'self'; connect-src 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.google.cl *.googleapis.com *.googletagmanager.com *.google-analytics.com *.bing.com *.analytics.google.com *.g.doubleclick.net *.onesignal.com *.doubleclick.net *.rfihub.com *.zendesk.com *.onetrust.com *.qualtrics.com *.creativecdn.com *.visualwebsiteoptimizer.com *.ocularsolution.com https://d5phz18u4wuww.cloudfront.net https://*.clarity.ms https://connect.facebook.net https://graph.instagram.com wss://olivia-bff-web-production.coffeew.net https://entel.sistemaimpulsa.com https://api.hsforms.com https://ws01.a365.com.pe:5443 https://api.instanda.us https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/decrypt https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js https://corsanywhereentel-dot-entel-vm-md-run.rj.r.appspot.com https://entel-vm-md-ct.rj.r.appspot.com https://front.optimonk.com https://jfapiprod.optimonk.com https://hit.uptrendsdata.com https://n2.mouseflow.com https://54.94.191.152 https://api.hubapi.com https://forms.hubspot.com https://hooks.zapier.com http://200.27.23.102/Test_WF_ENTEL6/WebServices/WorkflowEngineSOA.asmx https://cdn.ampproject.org https://gcs-storage.airavirtual.com https://portal.cci-entel.cl https://eccnetserver.entelcallcenter.cl https://cdn.cookielaw.org https://api.videsk.io wss://api.videsk.io https://api.telegram.org https://forms.hsforms.com https://js.hs-banner.com https://cdn.alive.haus https://api-events.alive.haus https://www.liveentel.cl https://site.golive.haus https://api.ipify.org https://www.barilliance.net https://*.maze.co/ https://prompts.maze.co https://graph.microsoft.com https://mindicador.cl/api/uf https://fonts.gstatic.com https://www.gstatic.com https://www.googleoptimize.com https://lh3.googleusercontent.com https://cdn.mouseflow.com https://www.youtube.com/iframe_api https://analytics.tiktok.com https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://gateway.zscalertwo.net https://app.vwo.com https://collect.tealiumiq.com/entel/ https://visitor-service-us-east-1.tealiumiq.com https://visitor-service.tealiumiq.com https://backend-asistente-memoria-ia-thzsrfkbnq-uc.a.run.app https://uat-api-buscador-lanus.web.app https://prod-api-buscador-lanus.web.app https://api-servicio-2g-pro.web.app https://entelcl-cdn.s3.amazonaws.com https://browser-intake-us5-datadoghq.com https://rum-collector.leaderint.workers.dev https://uat-api-contratos-2025.web.app https://prod-api-contratos-2025.web.app https://service-bridge-dev-914639200389.us-central1.run.app https://service-bridge-prod-914639200389.us-central1.run.app; frame-src 'self' bytedance: sslocal: *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.google.cl *.ventastecnicas.cl *.ocularsolution.com *.doubleclick.net *.onesignal.com *.rfihub.com *.vimeo.com *.qualtrics.com *.visualwebsiteoptimizer.com *.creativecdn.com https://www.liveentel.cl https://eccnetserver.entelcallcenter.cl https://entel-vm-md.firebaseapp.com https://entel-vm-md-run.firebaseapp.com/ https://www.googletagmanager.com https://individeo.com https://gum.criteo.com https://www.youtube.com https://digitalcorp.cl https://entelfidelizacion.cl https://lw.cliengo.com https://www.youtube-nocookie.com https://www.facebook.com https://entelchile.speedtestcustom.com https://qaentel.autoasegurado.cl https://entelagenda.totalpack.cl https://entelecommerce.speedtestcustom.com https://entel.tryadviser.com https://forms.hsforms.com https://bop-tde.brightstar.com https://alb-alive-1021733634.us-west-2.elb.amazonaws.com https://cdn.alive.haus https://api-events.alive.haus https://site.golive.haus https://www.barilliance.net https://bop-tde.brightcell-logistics.com https://gateway.zscalertwo.net https://app.vwo.com; frame-ancestors 'self' *.creativecdn.com https://entel.cl https://www.entel.cl https://testentel.cl https://altiplano.entel.cl https://corporaciones.entel.cl https://empresas.entel.cl https://miperfil.entel.cl https://miportal.entel.cl https://appswls.entel.cl https://ifpso.entel.cl https://ifpiap.entel.cl https://portal.entel.cl https://bop-tde.brightcell-logistics.com; img-src 'self' data: *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google-analytics.com *.google.cl *.google.com *.google.com.br *.google.com.ar *.google.co.in *.googletagmanager.com *.googleusercontent.com *.googleapis.com *.analytics.google.com *.bing.com *.rfihub.com *.doubleclick.net *.onesignal.com *.cliengo.com *.adnxs.com *.ocularsolution.com *.qualtrics.com *.g.doubleclick.net *.barilliance.com *.hubspotusercontent-na1.net *.visualwebsiteoptimizer.com *.creativecdn.com *.hsforms.com https://*.clarity.ms https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://ds-aksb-a.akamaihd.net https://www.facebook.com https://connect.facebook.net https://scontent.cdninstagram.com https://graph.instagram.com https://pixel-rmk.blueknow.com https://f.hubspotusercontent20.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://track.neianalytics.com https://p.adsymptotic.com https://pixel.rubiconproject.com https://ad.soicos.com/conv.php https://www.linkedin.com/px/li_sync https://embedded-files.tryadviser.com https://cdn.cookielaw.org https://assets.videsk.io https://videsk.io https://bimgs.s3.amazonaws.com https://firebasestorage.googleapis.com https://www.barilliance.net https://*.maze.co https://storage.cloud.google.com https://analytics.tiktok.com https://*.digitalretail.vodafone.com https://admin-portal-media-bucket-prod.s3.eu-central-1.amazonaws.com https://entel.cdn.modyo.com https://app.vwo.com https://useruploads.vwo.io https://d21y75miwcfqoq.cloudfront.net/593efb91 https://d5phz18u4wuww.cloudfront.net; manifest-src 'self'; media-src 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.vimeo.com *.onesignal.com *.doubleclick.net *.ocularsolution.com https://www.entel.cl https://entel.cl https://vod-progressive.akamaized.net https://www.barilliance.net https://entel.cdn.modyo.com; worker-src 'self' blob: https://www.entel.cl/public/js/importer.js https://www.barilliance.net https://www.entel.cl; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://cdn.tolt.io https://unpkg.com https://cdn.jsdelivr.net https://www.youtube.com https://www.youtube-nocookie.com https://tally.so https://va.vercel-scripts.com https://www.googletagmanager.com https://widget.kapa.ai https://www.google.com https://www.gstatic.com https://metrics.kapa.ai https://proxyhog.prisma-data.net https://cdn.cr-relay.com https://app.enzuzo.com/ https://static.ads-twitter.com https://snap.licdn.com https://vercel.live https://58qr5yci46.execute-api.us-east-1.amazonaws.com https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tolt.io https://proxyhog.prisma-data.net; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com; img-src 'self' data: https://cdn.sanity.io https://prismalens.vercel.app https://api.producthunt.com https://www.google.com https://pbs.twimg.com/ https://cdn.tolt.io https://cdn-cookieyes.com https://website-prisma.vercel.app https://www.cursor.com/ https://cursor.com/ https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net; connect-src 'self' https://api.github.com https://p2zxqf70.api.sanity.io https://www.youtube.com https://cdn.jsdelivr.net https://accelerate-analytics-exporter.prisma-data.net https://www.prisma-status.com https://api.rippling.com https://api.producthunt.com https://api.tally.so https://forms.tally.so https://widgets.tally.so https://embed.tally.so https://assets.tally.so https://va.vercel-scripts.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://metrics.kapa.ai https://cdn-cookieyes.com https://log.cookieyes.com https://*.algolia.net https://*.algolianet.com https://proxyhog.prisma-data.net https://directory.cookieyes.com https://api.cr-relay.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://internal-t.posthog.com https://vercel.live https://react-tweet.vercel.app https://cdn.tolt.io https://58qr5yci46.execute-api.us-east-1.amazonaws.com https://analytics.twitter.com https://t.co https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://unpkg.com; media-src 'self' https://*.prisma.io https://unpkg.com https://cdn.jsdelivr.net https://www.youtube.com; frame-src 'self' https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://tally.so https://forms.tally.so https://widgets.tally.so https://embed.tally.so https://assets.tally.so https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://vercel.live/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://calculator.prisma.io/ https://ppg-pricing-calculator.vercel.app; child-src 'self' https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://tally.so https://forms.tally.so https://widgets.tally.so https://embed.tally.so https://assets.tally.so https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; worker-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 2 default-src 'none'; media-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.io; font-src 'self' data:; connect-src 'self' preview.contentful.com *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.com *.lr-ingest.io; img-src 'self' data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.io; worker-src 'self' blob:; frame-src 'self' mailto: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *; 2 default-src data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.spareroom.co.uk *.spareroom.com *.spareroom.fr *.spareroom.net *.appartager.com *.cookiepro.com *.apple.com *.apple-mapkit.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.gstatic.com *.googletagmanager.com *.spareroom.id *.cloudfunctions.net *.googlesyndication.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com *.vimeo.com *.vimeocdn.com *.stripe.com *.paypal.com *.paypalobjects.com *.trustpilot.com *.doubleclick.net *.rollbar.com *.hotjar.com *.hotjar.io *.polyfill.io *.ytimg.com *.zendesk.com *.zdassets.com *.ideal-postcodes.co.uk *.postcodeanywhere.co.uk *.zopim.com *.bing.com *.abercrombiekent.co.uk *.fontawesome.com *.honey.io *.web.emea-1.jumio.ai *.netverify.com *.erm-assets.com *.onfido.com *.onetrust.com quickchart.io 2 frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.sitescout.com *.sharethis.com *.company-target.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 2 script-src 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de *.emailsys1a.net https://www.google.com/ https://www.gstatic.com/; style-src 'unsafe-inline' 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de; media-src 'self' www.bmv.de bmv.de *.youtube.com *.init-ag.de *.bund.de; font-src 'self' www.bmv.de bmv.de data: 'self' *.init-ag.de *.bund.de; frame-ancestors 'self' www.bmv.de bmv.de *.youtube.com https://*.init-ag.de https://*.powerbi.com https://*.bund.de *.emailsys1a.net; form-action 'self' www.bmv.de bmv.de *.init-ag.de *.bund.de *.emailsys1a.net https://www.google.com/; upgrade-insecure-requests; img-src 'self' www.bmv.de bmv.de data: *.init-ag.de *.bund.de https://*.openstreetmap.org *.emailsys1a.net; default-src 'self' www.bmv.de bmv.de data: https://*.tv1.eu http://*.tv1.eu https://atenekom.eu https://*.etracker.com https://*.etracker.de *.youtube.com https://*.powerbi.com *.init-ag.de *.bund.de https://datawrapper.dwcdn.net/ *.emailsys1a.net https://www.google.com/; 2 frame-ancestors 'self' https://*.nwea.org; 2 frame-ancestors 'self' guides.tvunetworks.com; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src 'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://*.vgrblogg.se/ https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com ; 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.adobemc.com assets.adobedtm.com cdn-scripts.signifyd.com imgs.signifyd.com h64.online-metrix.net https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.bondsaustralia.com; 2 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 2 default-src *; img-src * 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors home.siberianhealth.com; 2 frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://edge.sitecorecloud.io https://www.googletagmanager.com https://img.youtube.com https://i.vimeocdn.com https://i.ytimg.com; media-src 'self' https://edge.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; object-src 'self' https://edge.sitecorecloud.io https://otp.tools.investis.com; frame-src 'self' *.oneok.com https://edge.sitecorecloud.io https://www.google.com https://www.youtube.com https://player.vimeo.com https://otp.tools.investis.com; connect-src 'self' https://*.sitecorecloud.io https://www.google-analytics.com *.oneok.com https://vimeo.com; frame-ancestors 'none'; 2 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; connect-src 'self' https://api.friendlycaptcha.com https://piwik.bzga.de 2 default-src 'self'; font-src 'self' data: https://cdn.jdrf.design https://cdn.acsbapp.com https://doublethedonation.com/fonts/inter/ https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com *.userway.org matchbox.hepdata.com; frame-ancestors 'self'; frame-src 'self' blob: https://app.blackbaud.com/ https://cdn.userway.org https://www.tiktok.com/ https://platform.twitter.com https://ndam-landing-page.s3.amazonaws.com https://www.googletagmanager.com https://widget.thegivingblock.com/ https://td.doubleclick.net/ https://word.rodeo/ https://prod-useast-b.online.tableau.com/ https://www2.breakthrought1d.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://public.tableau.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com https://x.adroll.com; img-src 'self' blob: https://img.youtube.com/ https://*.adentifi.com https://doublethedonation.com/api/img/ https://www.facebook.com/ https://connect.facebook.net https://s.amazon-adsystem.com/ https://cm.g.doubleclick.net https://public.tableau.com/static/images/Ma/MapsActiveGrants-US/MapsActiveGrants-US/1.png https://public.tableau.com/static/images/7N/7NPFK7P5M/1.png data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com https://dpm.demdex.net https://usermatch.krxd.net https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com *.userway.org https://ups.analytics.yahoo.com https://eb2.3lift.com https://d.adroll.com https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.google-analytics.com https://www.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com ajax.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.breakthrought1d.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.adentifi.com https://widget.thegivingblock.com/widget/script.js https://doublethedonation.com/api/js/ddplugin.js *.userway.org https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://www.tiktok.com/embed.js https://www.gstatic.com https://app.blackbaud.com https://sdk.amazonaws.com/js/aws-sdk-2.927.0.min.js https://code.jquery.com/jquery-3.6.0.min.js https://www.harborcompliance.com/js/dynamic-disclosures.js https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js https://prod-useast-b.online.tableau.com/javascripts/api/tableau.embedding.3.latest.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js https://www.dafdirect.org https://public.tableau.com/javascripts/api/viz_v1.js https://analytics.tiktok.com https://d.adroll.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com snap.licdn.com https://ams.wpml.org; style-src 'report-sample' 'self' 'unsafe-inline' https://doublethedonation.com/api/css/ddplugin.css *.userway.org https://ams.wpml.org https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://www.dafdirect.org https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cloud.typography.com matchbox.hepdata.com; worker-src 'self' blob: https://www.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is; connect-src 'self' https://unpkg.com/ https://www.google.com/ccm/collect *.userway.org https://doublethedonation.com/api/v1/ https://ndam-landing-page.s3.amazonaws.com https://bt1d-320050302261.s3-accesspoint.us-east-1.amazonaws.com https://www.harborcompliance.com/dynamic-disclosures/public-api/subscriptions/fb24b4c8-2b27-4d65-86d7-e37bff85eb69 https://prod-useast-b.online.tableau.com/vizportal/api/web/v1/auth/embed/signin https://analytics.google.com https://*.optimizely.com https://optimizely.com https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.breakthrought1d.org https://acsbapp.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.google-analytics.com https://www.google.co.in https://cdn.acsbapp.com https://logx.optimizely.com https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com bat.bing.com https://ams.wpml.org; 2 frame-ancestors https://affiliate.freevpnplanet.com; 2 frame-ancestors 'self' cdn.adkaora.space cdn.ampproject.org *.g.doubleclick.net blob: elpopular.pe *.googleapis.com *.googlesyndication.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data:; frame-ancestors 'none'; 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' public.govdelivery.com touchpoints.app.cloud.gov www.clarity.ms dap.digitalgov.gov *.google-analytics.com *.typekit.net *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.googletagmanager.com; img-src 'self' blob: data: cg-1b082c1b-3db7-477f-9ca5-bd51a786b41e.s3-us-gov-west-1.amazonaws.com content.govdelivery.com touchpoints.app.cloud.gov *.clarity.ms *.bing.com *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.google-analytics.com *.typekit.net img.youtube.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; connect-src 'self' public.govdelivery.com touchpoints.app.cloud.gov *.clarity.ms performance.typekit.net *.google-analytics.com *.googletagmanager.com *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov; frame-src 'self' public.govdelivery.com *.youtube.com www.googletagmanager.com 2 default-src 'self' *.neuralink.com *.cloudfront.net ; style-src 'self' 'unsafe-inline' *.cloudfront.net *.posthog.com ; connect-src 'self' *.neuralink.com boards-api.greenhouse.io dataplane.rum.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com sts.us-west-2.amazonaws.com *.posthog.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://disygylydtsi.cloudfront.net ; script-src 'self' 'unsafe-inline' *.cloudfront.net *.posthog.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com job-boards.greenhouse.io boards.greenhouse.io ; frame-src 'self' *.neuralink.com *.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ job-boards.greenhouse.io boards.greenhouse.io ; img-src 'self' *.neuralink.com *.cloudfront.net *.buttercms.com https://*.google-analytics.com https://*.googletagmanager.com data: ; font-src 'self' *.neuralink.com data: ; frame-ancestors 'none'; 2 script-src-elem 'self' 'unsafe-inline' https://spm.apps.gov.bc.ca/ https://spt.apps.gov.bc.ca/ https://sp-js.apps.gov.bc.ca/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www2.gov.bc.ca https://use.typekit.net https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com https://dpm.demdex.net https://sync.mathtag.com https://secure.adnxs.com https://www.gstatic.com/dialogflow-console/ https://connect.facebook.net/ https://cdn.jsdelivr.net/gh/ https://static.dialogflow.com/ https://unpkg.com/; 2 frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.tarimorman.gov.tr *.com.tr *.gov.tr *.com 2 default-src https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.adobe.com https://*.adobe.io https://*.adobe.net https://*.omniture.com; connect-src 'self' https: wss://*.hotjar.com; worker-src blob:; 2 script-src 'unsafe-inline' 'unsafe-eval' * blob:; frame-src 'unsafe-inline' *; connect-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-ancestors 'self' https://*.sitecorecloud.io; img-src * data:; upgrade-insecure-requests; 2 default-src 'self' https://*.santander.pt https://*.adobecqms.net data:; object-src 'self' https://*.santander.pt https://*.adobecqms.net; frame-ancestors 'self' https://*.santander.pt https://*.adobecqms.net; frame-src 'self' https://santander.pt https://*.santander.pt https://*.santander.com https://*.adobecqms.net https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.doubleclick.net https://ct.pinterest.com; img-src 'self' https://*.santander.pt https://alb.reddit.com https://t.co https://analytics.twitter.com https://*.linkedin.com https://*.doubleclick.net https://www.google.ie https://www.google.nl https://www.google.fr https://www.google.es https://www.google.com https://www.google.pt https://*.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com https://bat.bing.com https://c.clarity.ms https://www.facebook.com https://c.bing.com https://i.ytimg.com https://*.youtube.com https://*.gruposantander.com https://*.cookielaw.org https://*.santander.com https://*.bing.net https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://snap.licdn.com https://static.ads-twitter.com https://cdn.evgnet.com https://cdn1.adoberesources.net https://www.redditstatic.com https://*.hotjar.com https://connect.facebook.net https://www.clarity.ms https://bat.bing.com https://analytics.tiktok.com https://s.pinimg.com https://*.qualtrics.com https://www.youtube.com https://unpkg.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://ct.pinterest.com https://*.cookielaw.org https://*.santander.com https://*.gruposantander.com https://rum.hlx.page/; font-src 'self' https://*.santander.pt https://fonts.gstatic.com https://*.santander.com data:; connect-src 'self' https://*.santander.pt https://*.santander.com https://*.evergage.com https://*.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.nl https://*.google-analytics.com https://adobedc.demdex.net https://ct.pinterest.com https://*.clarity.ms https://analytics.tiktok.com https://edge.adobedc.net https://bat.bing.com https://*.qualtrics.com https://*.hotjar.io https://*.hotjar.com wss://ws.hotjar.com https://www.redditstatic.com https://*.cookielaw.org https://*.reddit.com wss://webmessaging.mypurecloud.ie https://*.onetrust.com https://*.bing.net https://pagead2.googlesyndication.com https://*.gruposantander.com; form-action 'self' https://santander.pt https://*.santander.pt https://*.santander.com https://*.adobecqms.net; report-to https://www.santander.pt/csp-report; 2 default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com tagmanager.google.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.google.com js.stripe.com cdn.plaid.com maps.googleapis.com eu-cdn.walkme.com cdn.walkme.com eu-playerserver.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://js.hubspot.com https://js.sentry-cdn.com https://*.termly.io https://*.6sc.co 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-GNTGX7BhgMv3AL+bv0bfF+5DVGhSrLhYL7AM7TSnAcY=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' 'sha256-zrkY8YxXr6/SilHSYKlWjWW9kOSQsVsrlGluj7eTzoc=' 'sha256-C1JoeFOby67/dRbyCdcT9jfKk3K2hJnqpQZ3LrmmGzs=' 'sha256-h+WTh8pU5uNkzQn34dBoekwaCks6Qgu9hf59Jqb/a8M=' 'sha256-eTkfGrwjfNw4PoTKuTtm3iiIjEC9yQBVj2D5h6tqi6o=' 'sha256-9VUtn35BYOyG8A3cWD4ORP5iuSR9nYksg2G46hplKWU=' 'sha256-z88Cjvn7Zi20w0l+YppzCZisRg7jQyKfRxVJ8po8+r8=' 'sha256-6G78ZCxC1YDH7kTcNmIyrRCYjaMLptJEI2Cx9A2rDBo=' 'sha256-k6J1oE8SmewVpG2+marpuZHcoWF8GNDw9oPpqE2vKeI=' 'sha256-Cn4LqTM3U5W3KadYoTfUSIqhaoay5Tlv/u6H8DdjD0g='; style-src track.easypost.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com assets.easypost.com www.gstatic.com eu-cdn.walkme.com cdn.walkme.com; img-src easypost-files.s3.us-west-2.amazonaws.com assets.easypost.com assets.track.easypost.com brand.easypostpartnercontent.com cdn.walkme.com d27zb0m07iyic6.cloudfront.net d2qhvajt3imc89.cloudfront.net d3sbxpiag177w8.cloudfront.net dzjsfasj4n94t.cloudfront.net data: ec.walkme.com eu-cdn.walkme.com eu-ec.walkme.com googleads.g.doubleclick.net q.stripe.com region1.analytics.google.com region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com support.easypost.com track.easypost.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com assets.ctfassets.net images.ctfassets.net videos.ctfassets.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://track.hubspot.com https://embedwistia-a.akamaihd.net https://*.youtube.com https://app.termly.io https://*.termly.io https://*.6sc.co http://*.6sc.co; font-src data: assets.easypost.com track.easypost.com fonts.gstatic.com https://*.wistia.com; connect-src easypost-files.s3.us-west-2.amazonaws.com adservice.google.com api-canary.easypost.com api.easypost.com api.lever.co assets.easypost.com cdn.walkme.com ec.walkme.com eu-ec.walkme.com eu-papi.walkme.com eu-rapi.walkme.com https://www.google.com js.stripe.com maps.googleapis.com papi.walkme.com production.plaid.com rapi.walkme.com region1.analytics.google.com region1.google-analytics.com sentry.io track.easypost.com usps.easypost.com www-canary.easypost.com www.easypost.com app.easypost.com www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://app.termly.io https://*.termly.io https://*.6sc.co; worker-src assets.easypost.com www.gstatic.com www.google.com; frame-src analytics.easypost.com assets.track.easypost hire.withgoogle.com cdn.plaid.com eu-cdn.walkme.com cdn.walkme.com js.stripe.com player.captivate.fm track.easypost.com tagmanager.google.com www.googletagmanager.com www.google.com www.youtube.com https://*.hsforms.com https://*.hsforms.net https://app.termly.io https://*.termly.io; media-src blob: assets.easypost.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' 2 frame-ancestors self https://*.123greetings.com http://*.123g.us https://*.123g.us; 2 base-uri 'none'; connect-src 'self' https://552-ogk-141.mktoresp.com https://analytics.google.com https://api.company-target.com https://api.hubapi.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hubspot.com https://forms.hsforms.com https://forms.hubspot.com https://geolocation.onetrust.com https://hubspot-forms-static-embed.s3.amazonaws.com https://openpgpkey.bitgo.com https://pagead2.googlesyndication.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://www.google-analytics.com https://www.google.com; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; form-action https://forms.hsforms.com; frame-ancestors; frame-src https://app.hubspot.com https://forms.hsforms.com https://landing.bitgo.com/ https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://analytics.twitter.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hsforms.com https://googleads.g.doubleclick.net https://id.rlcdn.com https://images.ctfassets.net https://px.ads.linkedin.com https://segments.company-target.com https://t.co https://track.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com; media-src 'self' https://videos.ctfassets.net; object-src; script-src 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://app.hubspot.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://landing.bitgo.com https://munchkin.marketo.net https://pagead2.googlesyndication.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://landing.bitgo.com; worker-src; 2 img-src 'self' *.commercecloud.salesforce.com *.mobify-storefront.com data: *.doubleclick.net *.google.se *.google.com *.collect.igodigital.com ct.pinterest.com ib.adnxs.com images.ctfassets.net *.images.ctfassets.net p.yotpo.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com zoundindustries.my.salesforce.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com yotpo-editor-production.s3.amazonaws.com marshallheadphones-development.improove.tv marshallheadphones-ondemand02.improove.tv *.gstatic.com *.analytics.google.com *.google-analytics.com www.google.com maps.googleapis.com maps.google.com *.staging-marshall.com *.qa-marshall.com *.marshall.com i.ytimg.com i.vimeocdn.com *.facebook.com www.mczbf.com *.hotjar.com idsync.rlcdn.com ade.googlesyndication.com www.googleadservices.com services.sheerid.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu;media-src assets.ctfassets.net *.assets.ctfassets.net *.akamaized.net player.vimeo.com *.vimeocdn.com download-video-ak.vimeocdn.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'self' blob: storage.googleapis.com www.googletagmanager.com action.dstillery.com s.pinimg.com connect.facebook.net acdn.adnxs.com static.hotjar.com 100016846.collect.igodigital.com js.adsrvr.org analytics.tiktok.com www.google-analytics.com action.media6degrees.com *.pingdom.net api.cquotient.com staticw2.yotpo.com widgetsrepository.yotpo.com cdn-widgetsrepository.yotpo.com maps.googleapis.com player.vimeo.com *.youtube.com/ *.youtube-nocookie.com/ *.my.salesforce.com service.force.com *.salesforceliveagent.com *.my.site.com static.lightning.force.com www.google.com www.gstatic.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com connect.facebook.net www.mczbf.com *.hotjar.com cdn.jsdelivr.net assets.voyado.com js.klarna.com static.redeal.se static.onsite.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com api.onsite js.playground.klarna.com *.ada.support googleads.g.doubleclick.net js.playground.klarna.com;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https: staticw2.yotpo.com *.hotjar.com cdn.jsdelivr.net *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu;connect-src 'self' api.cquotient.com *.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com www.google-analytics.com analytics.tiktok.com ct.pinterest.com *.pingdom.net preview.contentful.com cdn.contentful.com staticw2.yotpo.com api.yotpo.com maps.googleapis.com privacyportal.cookiepro.com geolocation.onetrust.com webto.salesforce.com test.salesforce.com *.my.site.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com vimeo.com/ *.googlesyndication.com www.google.com server-side-tagging-iglp74couq-uc.a.run.app/ zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com *.hotjar.com *.hotjar.io connect.facebook.net *.facebook.com www.mczbf.com wss://*.hotjar.com eu.klarnaevt.com js.klarna.com/ *.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu adservice.google.com www.googleadservices.com js.playground.klarna.com track.marshall.com *.ada.support;frame-src 'self' *.doubleclick.net insight.adsrvr.org ct.pinterest.com/ player.vimeo.com/ *.youtube.com/ *.youtube-nocookie.com/ *.spotify.com/ *.my.salesforce.com www.google.com www.googletagmanager.com *.facebook.com zoundindustries--int.sandbox.my.site.com zoundindustries--int.sandbox.my.salesforce-scrt.com zoundindustries.my.site.com zoundindustries.my.salesforce-scrt.com services.sheerid.com js.klarna.com/ https://osm.klarnaservices.com/learn-more/index.html marshall-prod.sitestorage.se static.onsite.voyado.com *.usercentrics.eu api.usercentrics.eu app.usercentrics.eu track.marshall.com *.ada.support;frame-ancestors *.contentful.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none' 2 style-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net 'unsafe-inline' 'unsafe-eval' blob: filesystem:;script-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net blob: 'sha256-KpHv3zgivMSB4dPnfYfqMt2lBibsYvM36EdoBBAsfbM=' 'sha256-CyaL1Is5BrtV1nqGyf5M82XfYCZN/AlWOA1PAYCeQn0=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-NNiElek2Ktxo4OLn2zGTHHeUR6b91/P618EXWJXzl3s=' 'sha256-iJzZc68vmFUdQcHFENrt71ytPNej1jN9vfbHsHeC3EY=' 'sha256-9E/vN59Vhl5uVfXqJSzWab36nu8sc/qubjpo15R2h3c=' 'sha256-MllbaXjKDb8zmCId86PfKk5mI7On1rtSLhAdwB5ydag=' 'sha256-3j0iuCOFkkCuP1aq7ZI49Oe7oT3Onx3ryrb00cOf3cA=' 'unsafe-eval';img-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net blob: data:;object-src 'none';media-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net blob:;worker-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net blob:;connect-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net blob: ws: wss:;frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.hscta.net https://forms.hsforms.com https://www.littelfuse.cn https://track.hubspot.com https://snap.licdn.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://connect.facebook.net https://ucm-us.verint-cdn.com https://js.hs-scripts.com https://js.hsforms.net https://www.youtube.com https://maps.googleapis.com https://view.ceros.com https://forms-na1.hsforms.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.cookielaw.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hubspot.com https://ucm-us.verint-cdn.com https://unpkg.com; style-src 'report-sample' 'self' 'unsafe-inline' https://www.gstatic.com https://assets.ceros.com https://ok7static.oktacdn.com https://login.littelfuse.com https://www.youtube.com https://view.ceros.com https://maxcdn.bootstrapcdn.com https://ucm-us.verint-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://www.google.com.mx https://www.linkedin.com https://f.hubspotusercontent30.net/ https://media-s3-us-east-1.ceros.com https://px.ads.linkedin.com https://www.google.com https://www.facebook.com https://ucm-us.verint-cdn.com https://cdn1-originals.webdamdb.com https://www.littelfuse.cn https://www.googletagmanager.com https://mt.googleapis.com https://maps.gstatic.com https://forms-na1.hsforms.com https://dev-cd.littelfuse.com https://qa-cd.littelfuse.com https://prd-cd.littelfuse.com https://i.ytimg.com https://yt3.ggpht.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://cdn.cookielaw.org https://forms.hsforms.com https://cdn2.webdamdb.com https://perf-na1.hsforms.com https://track.hubspot.com https://littelfuse.componentsearchengine.com; connect-src * 'unsafe-inline'; media-src * 'unsafe-inline'; frame-src https://go.bluevolt.com https://info.littelfuse.com https://electronicscatalogs.littelfuse.com https://engage.littelfuse.com https://bcove.video https://info.littelfuse.com https://forms.hsforms.com https://littelfuse.webdamdb.com https://maps.google.com https://players.brightcove.net https://td.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://view.ceros.com https://littelfuse.componentsearchengine.com; 2 frame-ancestors 'self' https://sonae.outsystemsenterprise.com outsystems://sonae.outsystemsenterprise.com https://cartaocontinente.pt outsystems://cartaocontinente.pt 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: 127.0.0.1 sync-transcend-cdn.com *.transcend-cdn.com *.sync-transcend-cdn.com transcend-cdn.com *.liadm.com *.usbrowserspeed.com *.ip-api.com *.getwarmly.com knotch.com *.knotch.com knotch-cdn.com *.knotch-cdn.com pactsafe.io *.pactsafe.io prod.impartner.live *.impartner.live packages.prmcdn.io pixel-config.reddit.com *.redditstatic.com *.prmcdn.io ironclad.partner-experience.com *.yoast.com *.algolianet.com *.algolia.net *.spotify.com *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.mutinycdn.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: 127.0.0.1 *.remarketstats.com *.redditstatic.com *.liadm.com *.usbrowserspeed.com *.getwarmly.com *.amazonaws.com transcend-cdn.com www.knotch-cdn.com *.knotch-cdn.com yoast.com *.yoast.com prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io *.spotify.com *.cloudfront.net *.pactsafe.io *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.mindtickle.com *.cookielaw.org *.onetrust.com; img-src 'self' blob: data: wss: *.addevent.com *.spotify.com alb.reddit.com pixel-config.reddit.com *.akamaihd.net *.cloudfront.net *.pactsafe.io ironcladapp.com *.storylane.io *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com; font-src 'self' wss: blob: data: *.transcend.io *.mutinycdn.com ipinfo.io ironcladapp.com *.ironcladapp.com *.storylane.io *.wpengine.com *.wpenginepowered.com *.wistia.net *.wistia.com *.gstatic.com *.tryinteract.com fast.wistia.net *.mindtickle.com; media-src 'self' blob: data: wss: *.transcend.io ironcladapp.com *.ironcladapp.com *.wpengine.com ipinfo.io *.wpenginepowered.com *.storylane.io *.mutinycdn.com *.litix.io *.tryinteract.com *.wistia.com fast.wistia.net *.mindtickle.com *.cookielaw.org *.onetrust.com; frame-ancestors *.wistia.net *.wistia.com *.mindtickle.com *.cookielaw.org *.onetrust.com; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bat.bing.com https://*.clickcease.com https://*.clarity.ms https://*.debugbear.com https://*.doubleclick.net https://connect.facebook.net https://tracking.g2crowd.com https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/ https://beacon-v2.helpscout.net https://*.hotjar.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-scripts.com/4990723.js https://*.hubspot.com http://cdn.jsdelivr.net/gh/google/ https://snap.licdn.com https://*.byspotify.com https://*.sentry.io https://*.smarty.com https://*.spreedly.com https://*.survicate.com/workspaces/7953565c19994f080119cfb226af83de/ https://surveys-static-prd.survicate-cdn.com https://521353.tctm.xyz/t.js https://*.termly.io https://vercel.live/_next-live/feedback/feedback.js https://dev.visualwebsiteoptimizer.com https://www.youtube.com https://ws.zoominfo.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tracking.g2crowd.com/attribution_tracking/conversions/5802.js https://js.hs-banner.com/v2/4990723/banner.js https://surveys-static-prd.survicate-cdn.com/widget_core-26.2.0.js; connect-src 'self' https://bat.bing.com https://*.clickcease.com https://*.clarity.ms https://d3hb14vkzrxvla.cloudfront.net https://*.debugbear.com https://*.doubleclick.net https://www.facebook.com https://tracking-api.g2.com https://google.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com/pagead/ https://*.googleapis.com https://pagead2.googlesyndication.com https://*.helpscout.net https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://api.hsforms.com/submissions/v3/integration/submit/4990723/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs https://px.ads.linkedin.com wss://*.pusher.com https://*.spotify.com https://*.sentry.io https://*.smarty.com https://*.smartyops.net https://*.smartyops.org https://*.survicate.com/workspaces/7953565c19994f080119cfb226af83de/ https://*.termly.io https://*.vercel-insights.com https://dev.visualwebsiteoptimizer.com https://ws.zoominfo.com; frame-ancestors 'self'; frame-src 'self' https://asciinema.org https://*.doubleclick.net https://www.facebook.com https://*.google.com https://www.googletagmanager.com https://beacon-v2.helpscout.net https://*.smarty.com https://*.spreedly.com https://vercel.live https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://beacon-v2.helpscout.net https://surveys-static-prd.survicate-cdn.com/fonts/fonts.css; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://surveys-static-prd.survicate-cdn.com; img-src 'self' data: https://chatapi-prod.s3.amazonaws.com https://*.bing.com https://*.clarity.ms https://d33wubrfki0l68.cloudfront.net https://d19k7ckgaizvi3.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://d3jlqkabnnke2x.cloudfront.net https://d79i1fxsrar4t.cloudfront.net https://connect.facebook.net https://www.facebook.com https://*.google.com https://www.googletagmanager.com https://*.gravatar.com https://beacon-v2.helpscout.net https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://*.smarty.com https://dev.visualwebsiteoptimizer.com https://*.ytimg.com https://*.capterra.com; media-src 'self' https://s3.amazonaws.com https://d3jlqkabnnke2x.cloudfront.net https://d79i1fxsrar4t.cloudfront.net https://beacon-v2.helpscout.net https://*.smarty.com; object-src 'self' https://beacon-v2.helpscout.net; base-uri 'self' https://*.helpscout.net; worker-src 'self' blob: https://*.smarty.com; child-src 'self' https://*.spreedly.com; 2 frame-ancestors 'self' https://*.playojo.com https://*.skillonnet.com https://skillonnet.com https://*.netdnstrace.com https://netdnstrace.com https://*.netdnstrace1.com https://netdnstrace1.com https://*.skilldnsproc.com https://skilldnsproc.com https://*.skillprocessing.com https://skillprocessing.com https://*.safe-communication.com https://safe-communication.com https://*.image-tech-storage.com https://image-tech-storage.com https://*.kineticdigital.com; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://ats.ccmp.eu https://www.lidljatek.hu https://lidljatek.hu https://lidl-nyeremenyjatek-spa.apps.01.cf.eu01.stackit.cloud https://*.lidl.hu data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://ats.ccmp.eu https://www.lidljatek.hu https://lidljatek.hu https://lidl-nyeremenyjatek-spa.apps.01.cf.eu01.stackit.cloud https://*.lidl.hu; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.hu data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 frame-ancestors *.yandex.ru 2 frame-ancestors 'self' https://dotcms.com/ https://auth.dotcms.dev/ https://corpsites-headless.dotcms.cloud/ https://new-dotcms-com.vercel.app/ 2 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.wdr.io *.fortum.com *.fortum.se *.fortum.no *.fortum.pl *.fortum.fi *.fortum.in https://fa-se-all-webapp-e1-prd-wa.azurewebsites.net; base-uri 'self'; object-src 'self'; connect-src wss: https: 2 default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2 default-src data: blob: 'self' https://* 'unsafe-eval' 'unsafe-inline';object-src 'none'; upgrade-insecure-requests; 2 default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 2 connect-src 'self' * ws: blob:; 2 default-src 'self' 'unsafe-inline' *.bioeg.de *.bzga.de *.ddev.site data:; script-src 'self' 'unsafe-inline' *.bioeg.de *.bzga.de *.ddev.site; frame-src 'self' https://www.bioeg.de/ https://piwik.bioeg.de/ *.frcapi.com/ https://www.youtube-nocookie.com/; img-src 'self' data: *.ytimg.com *.bioeg.de *.bzga.de 2 frame-ancestors 'self' https://*.knightfoundation.org https://knightfoundation.org 2 frame-ancestors 'self' https://lissaplay.com https://noalvodaroletaapp.com ; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.pendo.io bankauswahl.giropay.de bat.bing.com cdn-ukwest.onetrust.com cdn.appdynamics.com cdn.cquotient.com cdn.curalate.com https://cdn-assets-prod.s3.amazonaws.com connect.facebook.net *.sub2tech.com e.cquotient.com ecommerce-scripts.adscale.com edge.curalate.com embed.typeform.com geolocation.onetrust.com *.doubleclick.net/pagead/viewthroughconversion/ www.google.com/pagead/ www.google.bg/pagead/ *.online-metrix.net intljs.rmtag.com liber11128.pcapredict.com mpsnare.iesnare.com p.cquotient.com s3-eu-west-1.amazonaws.com/appointedd-portal-assets/ services.postcodeanywhere.co.uk snap.licdn.com songbirdstag.cardinalcommerce.com static-demo.mention-me.com static.mention-me.com static.zdassets.com storage-pu.adscale.com tag-demo.mention-me.com tag.mention-me.com tags.rd.linksynergy.com ut.ra.linksynergy.com unpkg.com *.global-e.com webservices.global-e.com *.google-analytics.com www.google.com/recaptcha/ www.googleadservices.com/pagead/ *.googletagmanager.com www.gstatic.com/recaptcha/ *.bglobale.com *.chargebee.com https://ut.rd.linksynergy.com/jsp *.rewardstyle.com *.fullstory.com *.micpn.com *.libertylondon.com login-ds.dotomi.com *.clarity.ms/ https://www.paypalobjects.com/api/ https://www.paypal.com/tagmanager/ https://cdn.jsdelivr.net/npm/ https://polyfill.io/v3/ https://polyfill.io/ t.contentsquare.net app.contentsquare.com *.analytics.google.com *.klarnaservices.com analytics.tiktok.com www.libertylondon.com *.dynamicyield.com *.gocertify.me *.studentbeans.com cdn.linkedin.oribi.io *.klarnacdn.net *.klarna.com maps.googleapis.com *.storage.googleapis.com https://storage.googleapis.com/adscale/static/ecom_js/libertylondon.com/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: *.payments-amazon.com *.global-e.com *.securev2.global-e.com *.profitmetrics.io www.facebook.com *.pinimg.com *.pinterest.com *.bazaarvoice.com api.typeform.com *.appointedd.com *.yimg.com *.yahoo.com *.adsrvr.org *.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net *.rakuten.com *.tryzens-analytics.com https://pzapi-ij.com/ https://static.srcspot.com/ https://server-side-tagging-25tpkba47a-uc.a.run.app; style-src 'self' 'unsafe-inline' bankauswahl.giropay.de cdn.pendo.io https://embed.typeform.com services.postcodeanywhere.co.uk https://use.typekit.net/ https://p.typekit.net/ *.googletagmanager.com *.chargebee.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-7.3.0/ https://cdn.jsdelivr.net/npm/ *.contentsquare.net *.klarnacdn.net *.dynamicyield.com *.gocertify.me *.studentbeans.com fonts.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com *.bazaarvoice.com api.typeform.com *.yimg.com *.yahoo.com *.adsrvr.org *.sub2tech.com; object-src 'self' *.online-metrix.net; base-uri 'self'; connect-src 'self' app.pendo.io bat.bing.com wss://tsock.us1.twilio.com *.twilio.com cdn-assets-prod.s3.amazonaws.com cdn-ukwest.onetrust.com centinelapistag.cardinalcommerce.com col.eum-appdynamics.com connect.facebook.net edge.curalate.com ekr.zdassets.com *.facebook.com *.online-metrix.net libertylondon.zendesk.com libertylondon1588339266.zendesk.com privacyportal-uk.onetrust.com services.postcodeanywhere.co.uk *.doubleclick.net tag-demo.mention-me.com tag.mention-me.com writer.cardinalcommerce.com *.google-analytics.com *.tryzens-analytics.com *.tryzens-analytics.com:12280 wss://widget-mediator.zopim.com *.chargebee.com *.fullstory.com *.clarity.ms *.paypal.com *.algolianet.com *.algolia.net https://insights.algolia.io/ *.contentsquare.net *.analytics.google.com adservice.google.com/pagead/ www.google.com/pagead/ *.klarnaservices.com analytics.tiktok.com www.libertylondon.com *.dynamicyield.com *.gocertify.me *.studentbeans.com cdn.linkedin.oribi.io geolocation.onetrust.com *.cdnwidget.com *.cdnbasket.net *.klarnaevt.com *.klarnacdn.net *.klarna.com https://maps.googleapis.com/ https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: *.bglobale.com *.global-e.com *.securev2.global-e.com *.pinimg.com *.pinterest.com *.profitmetrics.io *.bazaarvoice.com api.typeform.com *.appointedd.com *.yimg.com *.yahoo.com *.adsrvr.org https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://d3lqotgbn3npr.cloudfront.net *.rakuten.com *.sub2tech.com unpkg.com https://server-side-tagging-25tpkba47a-uc.a.run.app https://ecommerce-events.adscale.com/EcommerceProxy; font-src 'self' data: *.global-e.com https://use.typekit.net/ *.klarnacdn.net *.dynamicyield.com *.studentbeans.com fonts.gstatic.com https://fonts.gstatic.com; frame-src 'self' *.doubleclick.net *.appointedd.com core.conversant.mgr.consensu.org form.typeform.com geostag.cardinalcommerce.com *.online-metrix.net libertylondon.typeform.com login.dotomi.com login-ds.dotomi.com demo.mention-me.com static.mention-me.com mention-me.com tags.rd.linksynergy.com webservices.global-e.com www.facebook.com https://www.facebook.com/tr/ www.googleadservices.com *.bglobale.com *.chargebee.com https://centinelapi.cardinalcommerce.com/ *.rewardstyle.com *.paypal.com/smart/ *.contentsquare.net https://cdn.smooch.io/ bytedance: sslocal: www.libertylondon.com *.gocertify.me *.studentbeans.com *.youtube.com *.klarna.com *.google.com *.global-e.com *.securev2.global-e.com *.bazaarvoice.com *.pinimg.com *.pinterest.com api.typeform.com *.yimg.com *.yahoo.com *.adsrvr.org *.klarnaservices.com *.sub2tech.com *.googletagmanager.com; img-src 'self' data: app.pendo.io bat.bing.com consent.linksynergy.com connect.facebook.net ecommerce-scripts.adscale.com cx.atdmt.com edge.curalate.com globale-prod.s3-eu-west-1.amazonaws.com *.doubleclick.net i1.adis.ws i8.amplience.net cdn.media.amplience.net idsync.rlcdn.com liberty.a.bigcontent.io *.linkedin.com nypi.dc-storm.com s3.global-e.com services.postcodeanywhere.co.uk static-demo.mention-me.com tags.rd.linksynergy.com track.linksynergy.com ut.ra.linksynergy.com utils.global-e.com www.facebook.com *.google-analytics.com www.google.co.uk www.google.com *.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://p.adsymptotic.com/ *.libertylondon.com *.micpn.com login-ds.dotomi.com *.clarity.ms *.bing.com *.paypal.com/ *.contentsquare.net *.analytics.google.com analytics.tiktok.com *.dynamicyield.com *.cdnwidget.com *.online-metrix.net *.klarna.com *.klarnacdn.net maps.googleapis.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: *.bazaarvoice.com *.pinimg.com *.pinterest.com *.yimg.com *.yahoo.com *.adsrvr.org https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://d3lqotgbn3npr.cloudfront.net *.bglobale.com https://prf.hn/conversion/; child-src 'self' blob:; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' cdn.media.amplience.net i1.adis.ws static.zdassets.com i8.amplience.net cdn.static.amplience.net *.curalate.com *.bazaarvoice.com; form-action 'self' *.facebook.com *.playground.klarna.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.google.com *.paypal.com *.paypalobjects.com *.bazaarvoice.com *.global-e.com *.securev2.global-e.com *.cardinalcommerce.com development-emea-libertyltd.demandware.net staging-emea-libertyltd.demandware.net dev.libertylondon.com stg.libertylondon.com; upgrade-insecure-requests; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/lib-cspdata; 2 base-uri 'self'; report-to default; report-uri https://www.wayup.com/api/v1/security-reports/; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.wayup.com https://accounts.google.com https://ajax.googleapis.com https://apis.google.com https://analytics.tiktok.com https://www.googletagmanager.com https://snap.licdn.com https://platform.twitter.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://cdn.rudderlabs.com https://cdn.segment.com https://cdnjs.cloudflare.com https://code.createjs.com https://*.adroll.com https://edge.fullstory.com https://guideassets.wayupcdn.com https://munchkin.marketo.net https://platform.twitter.com https://static.ads-twitter.com https://use.fortawesome.com https://use.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://click.appcast.io https://*.youtube.com https://*.facebook.net; style-src 'unsafe-inline' 'self' https://*.wayup.com https://cdn.prod.website-files.com https://community.wayupstudent.wpengine.com https://fonts.googleapis.com https://guideassets.wayupcdn.com https://maxcdn.bootstrapcdn.com https://use.fortawesome.com; object-src 'self' https://*.wayup.com; connect-src 'self' *; font-src 'self' https://*.wayup.com data: https://cdn.prod.website-files.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://guideassets.wayupcdn.com https://maxcdn.bootstrapcdn.com https://static.wayup.com https://use.typekit.net https://static.zip.co; frame-src 'self' https://*.wayup.com https://accounts.google.com https://apis.google.com https://app.periscopedata.com https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://yello.sisense.com https://yello-dev1.sisense.com https://www.youtube.com https://*.adroll.com https://click.appcast.io https://wayup.wistia.com; img-src 'self' blob: data: *; manifest-src 'self' https://guideassets.wayupcdn.com; media-src 'self' https://*.youtube.com; worker-src 'self' data: blob: https://*.wayup.com; 2 script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 2 style-src 'self' 'unsafe-inline'; form-action 'self' 2 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 2 default-src 'self'; font-src 'self' fonts.bunny.net data:; img-src 'self' matomo.sib.swiss fonts.googleapis.com fonts.gstatic.com data: blob: ui-avatars.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss https://unpkg.com; style-src 'self' fonts.bunny.net 'unsafe-inline' https://unpkg.com; connect-src 'self' matomo.sib.swiss https://chat.expasy.org; 2 frame-ancestors 'self' *.mybigcommerce.com *.shopify.com *.amptab.com *.wix.com framer.com 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.googleapis.com https://*.lidl-shop.be https://*.lidl.be https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://fonts.gstatic.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.lidl-shop.be https://*.lidl.be https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://lidl.qualifioapp.com https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.be https://*.lidl.be https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://content.odj.cloud https://contextual.media.net https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://lidl.be https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://match.sharethrough.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.lidl-shop.be https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.googleapis.com https://*.lidl-shop.be https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.fitanalytics.com https://*.googleapis.com https://*.lidl-shop.be https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://cloud.news.lidl.be https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.be https://ligadx.com https://ligatus.com https://login.dognet.be https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src blob: data: 'self' http://*.stash.com http://browser-intake-datadoghq.com http://videos.ctfassets.net http://www.youtube.com; connect-src blob: data: 'self' http://*.doubleclick.net http://*.stash.com http://analytics.google.com http://api.segment.io http://browser-intake-datadoghq.com http://cdn.segment.com http://www.facebook.com http://region1.analytics.google.com http://rum.browser-intake-datadoghq.com http://stats.g.doubleclick.net http://www.google-analytics.com https://experience.ninetailed.co https://ingest.insights.ninetailed.co https://assets.ctfassets.net; script-src blob: data: 'self' 'unsafe-eval' http://*.stash.com http://browser-intake-datadoghq.com http://cdn.segment.com http://www.googletagmanager.com; script-src-elem 'unsafe-inline' 'self' http://*.stash.com http://analytics.google.com http://connect.facebook.net http://www.googletagmanager.com http://widget.trustpilot.com; style-src 'self' http://*.stash.com 'unsafe-inline'; img-src blob: data: 'self' http://*.cloudfront.net http://*.stash.com http://*.wpengine.com http://images.ctfassets.net http://s3.amazonaws.com https://stashpublic.s3.amazonaws.com http://www.facebook.com http://www.google.ca http://www.google.co.in http://www.google.co.ug http://www.google.co.uk http://www.google.de http://www.google.ie http://www.google.it http://www.google.pt http://www.google.nl http://www.googletagmanager.com; font-src 'self' data: http://*.stash.com http://fonts.gstatic.com; object-src 'self' http://*.stash.com; base-uri 'self' http://*.stash.com; form-action 'self' http://*.stash.com; frame-src 'self' http://*.doubleclick.net http://*.stash.com http://www.youtube.com https://*.typeform.com http://widget.trustpilot.com; frame-ancestors 'none'; 2 frame-ancestors www.googletagmanager.com; 2 frame-ancestors 'self' http://www.1001games.com 2 default-src 'self'; connect-src 'self' my.smartis.bi *.smartcallback.ru kraken.rambler.ru *.2gis.com *.comagic.ru wss: mc.yandex.com api-maps.yandex.ru leadgen-prod-api.uiscom.ru api.captcha.clickfraud.ru const.uno sentry.idacloud.ru mc.yandex.ru smartcaptcha.yandexcloud.net suggestions.dadata.ru *.mts.ru *.mail.ru yandex.ru pagead2.googlesyndication.com *.adriver.ru stat1.clickfraud.ru api.clickfraud.dev data:; worker-src 'self' blob:; font-src 'self' *.comagic.ru data:; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.comagic.ru smartcaptcha.yandexcloud.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' smartcallback.ru mod.calltouch.ru api.captcha.clickfraud.ru yastatic.net/s3/front-maps-static/ api-maps.yandex.ru *.comagic.ru smartcaptcha.yandexcloud.net core-renderer-tiles.maps.yandex.net/tiles mc.yandex.ru top-fwz1.mail.ru privacy-cs.mail.ru yastatic.net *.mts.ru tags.soloway.ru *.adriver.ru stat1.clickfraud.ru cdn.jsdelivr.net google.com/recaptcha/ st.top100.ru *.2gis.com; img-src 'self' cdn.jsdelivr.net core-renderer-tiles.maps.yandex.net/tiles api-maps.yandex.ru mc.yandex.ru data: static.creditcore.dvizh.io ad.adriver.ru top-fwz1.mail.ru; frame-src 'self' *.comagic.ru mc.yandex.ru smartcaptcha.yandexcloud.net *.adriver.ru runtime.video.cloud.yandex.net monitoring.timetechnology.ru; 2 frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 2 frame-ancestors 'self' https://alpha.duoke.com https://alpha2.duoke.com https://alpha3.duoke.com https://web.duoke.com https://app.tongpaidang.com https://app.duoke.com 2 frame-ancestors 'self' *.blinds-2go.co.uk; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com *.guardianlife.com *.aws.glic.com guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com www.googletagmanager.com tagmanager.google.com/ maps.googleapis.com www.youtube.com view.ceros.com src.litix.io *.evgnet.com *.bound360.com *.evergage.com guardianlife.us-1.evergage.com *.launchdarkly.com *.aws.glic.com *.wistia.com js.sentry-cdn.com cdn.cookielaw.org cdn.evgnet.com api.ipify.org fast.wistia.net www.google-analytics.com a.tribalfusion.com s.tribalfusion.com snap.licdn.com s.dpmsrv.com a.dpmsrv.com tag.demandbase.com googleads.g.doubleclick.net ad.doubleclick.net www.googleadservices.com connect.facebook.net ib.adnxs.com cm.g.doubleclick.net cdn.appdynamics.com cdn.mouseflow.com td.doubleclick.net block.sse.cisco.com; style-src 'self' 'unsafe-inline' https: *.wistia.com fonts.googleapis.com; img-src 'self' data: *.doubleclick.net *.bing.com *.facebook.com www.googletagmanager.com/ images.ctfassets.net www.google-analytics.com www.google.com maps.googleapis.com ssl.gstatic.com/ fast.wistia.com embed.wistia.com embed-ssl.wistia.com secure.adnxs.com ib.adnxs.com/ www.google.com maps.gstatic.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net cm.g.doubleclick.net id.rlcdn.com/464526.gif match.prod.bidr.io/cookie-sync/demandbase segments.company-target.com block.opendns.com images.ctfassets.net pippio.com *.aws.glic.com cdn.cookielaw.org a.dpmsrv.com a.tribalfusion.com s.tribalfusion.com fast.wistia.net cdn.appdynamics.com s3-us-west-2.amazonaws.com s3.amazonaws.com ade.googlesyndication.com dsum-sec.casalemedia.com; media-src 'self' blob: *.aws.glic.com *.wistia.com; frame-src 'self' *.doubleclick.net *.appdynamics.com/ guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com js.stripe.com hooks.stripe.com www.canva.com www.googletagmanager.com api-sandbox.donut.farm *.ipipeline.com flex.cybersource.com testflex.cybersource.com *.youtube.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com guardianlife.com *.guardianlife.com guardianlife.uat.aws.glic.com *.bound360.com tagmanager.google.com www.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net *.fls.doubleclick.net pi.pardot.com go.pardot.com connect.guardiangroupbenefits.com guardianabsence.webflow.io *.ebix.com *.aws.glic.com a.tribalfusion.com s.company-target.com fast.wistia.net fast.wistia.com; connect-src 'self' pagead2.googlesyndication.com *.guardianlife.com *.aws.glic.com fonts.gstatic.com *.doubleclick.net *.g.doubleclick.net guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com www.google-analytics.com api.stripe.com cdn.contentful.com preview.contentful.com n2.mouseflow.com rules.atgsvcs.com *.ipipeline.com *.donut.farm col.eum-appdynamics.com collectorprod.glic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com fast.wistia.com embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com *.litix.io *.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian bat.bing.com maps.googleapis.com api.company-target.com segments.company-target.com m.addThis.com geolocation.onetrust.com guardianlife-privacy.my.onetrust.com cdn.linkedin.oribi.io www.facebook.com gw.linkedin.oribi.io gw.dr1.linkedin.oribi.io analytics.tiktok.com pixel.mathtag.com guardianabsence.webflow.io *.ebix.com *.evgnet.com *.evergage.com guardianlife.us-1.evergage.com *.launchdarkly.com *.aws.glic.com cdn.segment.com api.segment.io graphql.contentful.com cdn.cookielaw.org www.google.com fast.wistia.net px.ads.linkedin.com tag-logger.demandbase.com cdn.appdynamics.com pdx-col.eum-appdynamics.com privacyportal-na01.onetrust.com; font-src 'self' data: fonts.gstatic.com login.guardianlife.com *.aws.glic.com fast.wistia.com fast.wistia.net 2 frame-ancestors https://*.pressetext.com; 2 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 2 script-src 'self' 'unsafe-inline' 'strict-dynamic' https://use.typekit.net https://www.youtube.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com https://*.azureedge.net https://*.googleadservices.com https://cdn-ukwest.onetrust.com https://www.youtube.com https://sdks.shopifycdn.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com blob: https://cdn-ukwest.onetrust.com https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://fonts.googleapis.com https://p.typekit.net https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; frame-ancestors 'self' 2 default-src data: blob: mediastream: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src data: blob: *; frame-ancestors 'self' https://telegram.org https://*.telegram.org 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.walkme.com https://analytics.tiktok.com https://connect.facebook.net https://extend.vimeocdn.com/ga/41833415.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10892526870/ https://js.adsrvr.org/up_loader.1.1.0.js https://maps.googleapis.com https://up.pixel.ad/assets/up.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://*.clarity.ms https://cdn.jsdelivr.net/npm/publicalbum@latest/embed-ui.min.js https://platform.twitter.com/widgets.js https://player.vimeo.com/api/player.js; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.walkme.com; img-src 'self' blob: data: https://maps.googleapis.com https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://maps.gstatic.com https://*.prnewswire.com https://www.multivu.com https://ad.doubleclick.net https://ball.mediaroom.com https://filecache.mediaroom.com; connect-src 'self' https://analytics.tiktok.com https://maps.googleapis.com https://www.google-analytics.com https://*.walkme.com htttps://localhost:5001 https://localhost:44314 https://localhost:54518 https://*.clarity.ms; font-src 'self' data: https://fonts.gstatic.com; object-src https://stream1.newswire.ca/static/StrobeMediaPlayback.swf; media-src 'self'; frame-src 'self' https://insight.adsrvr.org https://pixel.sitescout.com https://player.vimeo.com https://td.doubleclick.net https://video.ball.com https://www.youtube.com https://*.walkme.com https://pixel-sync.sitescout.com https://www.google.com https://tv.ball.com https://*.adsrvr.org https://*.prnewswire.com https://*.fls.doubleclick.net https://i.vimeocdn.com https://www.googletagmanager.com; frame-ancestors 'self' https://ball-com-2021-cms.bluemod.me/ https://vision-dev-cms.ball.com https://vision-test-cms.ball.com https://vision-cms.ball.com; worker-src 'none'; manifest-src 'self' 2 frame-ancestors 'self' *.mexc.me *.mexc.com *.mexceu.com *.mexc.kr *.mexc.co sensors.xiaoxiame.com *.365huo.xyz *.mexc.fm *.mexc.in *.mexc.us *.greentreeone.com *.gdiii.xyz *.mcaketech.com *.mexc.ae *.mexc.cl *.mexc.ee *.mexc.ge *.mexccex.com *.mexcsite.com *.mx-exchange.co *.winappnet.com *.weappnet.com *.getappnet.com *.cryptolinkapp.com *.mexc.io *.mexc.cc 2 frame-ancestors 'self' *.medialab.com *.vastian.com medialab-test-vastian.azurewebsites.net medialab-qa-vastian.azurewebsites.net https://localhost:7104/ 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com *.adnxs.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.akamaihd.net *.amazon-adsystem.com *.bing.com *.bluekai.com *.c212.net *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.crwdcntrl.net *.cvent-assets.com *.cvent.com *.d1emzqdvia1vut.cloudfront.net *.demandbase.com *.demdex.net *.doubleclick.net *.drivetheweb.com *.errors.adobeaemcloud.com *.everesttech.net *.exelator.com *.google-analytics.com *.google.com *.google.ie *.googleadservices.com *.googletagmanager.com *.gstatic.com *.highcharts.com *.hotjar.com *.ibm.com *.ispot.tv *.jquery.com *.jsdelivr.net *.linkedin.com *.marketo.net *.marketo.com *.mathtag.com *.medallia.eu *.mediaroom.com *.mktoweb.com *.mktoweb.net *.moatads.com *.newrelic.com *.nr-data.net *.omtrdc.net *.pippio.com *.prnewswire.com *.qualtrics.com *.adobeaemcloud.com *.redditstatic.com *.rlcdn.com *.s81c.com *.simplecast.com *.simplecastcdn.com *.sitescout.com *.survata.com *.taboola.com *.talentbrew.com *.talentbrew.io *.teads.tv *.tealiumiq.com *.tidaltv.com *.tiqcdn.com *.tiqcdn.com *.trustarc.com *.truste-svc.net *.truste.com *.trustradius.com *.turn.com *.twitter.com *.typekit.net *.w55c.net *.wallst.com *.yahoo.co.jp *.yahoo.com *.youtube.com *.company-target.com *.licdn.com *.pdst.fm *.kyndryl.com *.scene7.com *.cloudfront.net *.unpkg.com unpkg.com *.seg.js *.adobe.com *.googleapis.com amplify.outbrain.com tr.outbrain.com wave.outbrain.com *.yimg.jp *.trendemon.com; object-src 'none'; worker-src blob: 2 base-uri 'self';form-action 'self';frame-ancestors *.max.co.il; 2 'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datarobot.com *.wistia.net *.wistia.com *.google-analytics.com *.googletagmanager.com *.mktoresp.com *.mktoutil.com *.clickagy.com *.smartling.com *.hotjar.com *.amcharts.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net cdn.evgnet.com munchkin.marketo.net cdn.cookielaw.org blob:; script-src-elem 'self' 'unsafe-inline' *.adsrvr.org *.bing.com *.clearbitscripts.com *.clearbitjs.com *.clickagy.com *.cloudfront.net *.cookiebot.com *.datarobot.com *.doubleclick.net *.evgnet.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.intentsify.io *.jsdelivr.net *.licdn.com *.marketo.net *.sentry-cdn.com *.techtarget.com *.tfaforms.net *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.zoominfo.com *.calendly.com *.amcharts.com *.hotjar.com static.hotjar.com *.onetrust.com *.cookielaw.org dev.visualwebsiteoptimizer.com cdn.jsdelivr.net unpkg.com cdn.evgnet.com munchkin.marketo.net d-code.liadm.com cdn.cookielaw.org; connect-src 'self' *.algolia.net *.algolianet.com *.bing.com *.clearbit.com *.clickagy.com *.cloudfront.net *.cookiebot.com *.cookielaw.org *.doubleclick.net *.datarobot.com *.evergage.com *.facebook.com *.facebook.net *.formassembly.com *.google-analytics.com *.googletagmanager.com *.google.com *.hockeystack.com *.linkedin.com *.mktoresp.com *.mktoutil.com *.amcharts.com *.smartling.com *.techtarget.com *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.zoominfo.com *.geolocation.onetrust.com https://geolocation.onetrust.com *.privacyportal.onetrust.com https://privacyportal.onetrust.com ws.hotjar.com content.hotjar.io insight.adsrvr.org ws.hotjar.com wss://ws.hotjar.com blob:; style-src * 'unsafe-inline'; font-src * data:; img-src * blob: data:; media-src 'self' blob: *.wistia.com fast.wistia.net; frame-src 'self' *.adsrvr.org *.cookiebot.com *.clickagy.com *.datarobot.com *.doubleclick.net *.google.com *.googletagmanager.com *.teamwalnut.com *.wistia.com *.wistia.net *.calendly.com *.amcharts.com *.youtube.com calendly.com; frame-ancestors 'self' *.datarobot.com *.calendly.com calendly.com;; upgrade-insecure-requests 2 default-src 'self'; img-src 'self' data: www.google.com *.cloudfront.net *.doubleclick.net https://*.onetrust.com https://cdn.cookielaw.org https://ht.blackhawknetwork.com https://dd.blackhawknetwork.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com maps.googleapis.com www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.split.io w.usabilla.com *.cloudfront.net cdn.segment.com cdn.mxpnl.com https://static.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://cdn.cookielaw.org https://ht.blackhawknetwork.com https://cdnjs.cloudflare.com/ajax/libs/pako/ https://dd.blackhawknetwork.com/js/ https://dd.blackhawknetwork.com/tags.js https://www.rewardlink.io js.datadome.co ct.captcha-delivery.com https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://*.onetrust.com *.ada.support; style-src 'self' 'unsafe-inline' *.split.io *.cloudfront.net fonts.googleapis.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; connect-src 'self' api.segment.io *.split.io *.mixpanel.com *.doubleclick.net *.rewardlink.io rewardlink-fe.public.prod.tangocard.com https://*.ada.support https://sentry.io https://cdn.cookielaw.org https://*.onetrust.io https://*.onetrust.com https://cdn.segment.com https://ingress.us2.rum-ingress-coralogix.com https://dd.blackhawknetwork.com/js/ https://dd.blackhawknetwork.com/tags.js https://static.ada.support https://tangocard.ada.support https://previews.ada.support https://ws-mt1.pusher.com https://rollout.ada.support/tangocard/client.json https://cookies-data.onetrust.io; frame-src https://www.google.com https://www.google.com/recaptcha/ www.google.com https://tangocard.ada.support https://tangocard-gr.ada.support https://*.rewardlink.io https://*.rewardlink.com geo.captcha-delivery.com https://*.tangocard.com d6tizftlrpuof.cloudfront.net; worker-src 'self' blob:; 2 object-src 'none'; block-all-mixed-content 2 frame-ancestors 'self' https://join-stories.com https://*.join-stories.com 2 connect-src 'self' https://pypi.org https://vimeo.com https://recruiting.lwl.org https://www.outdooractive.com *.sibforms.com *.emailsys1a.net https://sketchfab.com *.readspeaker.com api.newsletter2go.com piwik.lwl.org https://neurabot-api-501967154138.europe-west3.run.app https://neurabot.neuraflow.de www.lwl.org api.openrouteservice.org; style-src 'self' 'unsafe-inline' https://www.lwl.org/anis/map/ https://www.youtube.com *.readspeaker.com sibforms.com https://chat-app.chat-link.de https://chat-app.neurabot.de; frame-ancestors 'self'; default-src 'none'; img-src 'self' data: https://www.lwl.org/osmlwlde/ https://img.youtube.com https://www.lwl.org/anis/map/ https://bossanova.uk https://piwik.lwl.org https://www.lwl.org https://i.vimeocdn.com https://recruiting.lwl.org https://www.outdooractive.com https://sketchfab.com https://static.kulturkurier.de https://static.newsletter2go.com https://my.matterport.com https://mpembed.com files.newsletter2go.com https://res.oastatic.com i.ytimg.com https://i.ytimg.com https://firebasestorage.googleapis.com https://tiles.stadiamaps.com/; frame-src 'self' https://www.youtube.com https://recruiting.lwl.org https://www.outdooractive.com https://sketchfab.com *.sibforms.com *.emailsys1a.net https://lwl.gomus.de https://www.google.com https://my.matterport.com https://mpembed.com https://nrw.db-schulkinowochen.de https://sibforms.com https://statlas-wl.nrw.de https://wms02.exmap.de statlas.westfalen.org https://static.kulturkurier.de www.statlas-wl.nrw.de *.lwl.org glossar.westfalen-regional.de; font-src 'self' data:; media-src 'self' https://intranet.itz.lwl.org https://www.lwl.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.lwl.org/anis/map/ https://www.youtube.com https://www.youtube.com/iframe_api https://cdn.ckeditor.com https://piwik.lwl.org https://vimeo.com https://player.vimeo.com https://cdnjs.cloudflare.com https://recruiting.lwl.org https://www.outdooractive.com https://sketchfab.com *.sibforms.com *.emailsys1a.net https://lwl.gomus.de https://www.google.com https://static.kulturkurier.de https://my.matterport.com https://static.newsletter2go.com https://mpembed.com https://nrw.db-schulkinowochen.de https://sibforms.com https://statlas-wl.nrw.de https://wms02.exmap.de *.readspeaker.com static.newsletter2go.com 'unsafe-eval' https://chat-app.neurabot.de 2 frame-ancestors 'self' https://codepen.io https://cdpn.io https://qatarairways.com https://qatarairways.com.qa https://*.qatarairways.com https://*.qatarairways.com.qa https://www.katara.net https://genevamotorshow.com https://*.discoverqatar.qa https://discoverqatar.qa https://dq-staging-b2b.vibe.travel https://dq-staging-b2c.vibe.travel https://*.qf.org.qa https://staging-czg5cuhcbfd4a7fc.z01.azurefd.net https://educationcity.qa https://mappdev.educationcity.qa https://*.decc.qa https://www.the-afc.com https://www.katarahospitality.com https://qnb.com 2 default-src 'self' *.targetfirst.com *.hsforms.com heeet.io *.heeet.io 'unsafe-inline' *.googleadservices.com webcdn.ringover.com *.schedulehero.io *.revenuehero.io; img-src *.targetfirst.com http://watcheebox.net http://*.watcheebox.net *.reddit.com *.bing.net tag.nrich.ai audience.nrich.ai storage.googleapis.com fonts.gstatic.com *.hsforms.com *.hubspot.com *.linkedin.com *.liadm.com 'self' data: *.clarity.ms *.google.com *.bing.com *.rlcdn.com *.sitescout.com *.clickagy.com www.google.fr webcdn.ringover.com ct.capterra.com *.ytimg.com ytimg.com www.google.com www.facebook.com google-analytics.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com cdn.livechat-files.com; script-src 'self' www.redditstatic.com *.nrich.ai appvizer.one *.hsforms.net *.heeet.io cdn.heeet.io/js/localstorage-gau.js *.snitcher.com *.amazonaws.com *.liadm.com *.hsforms.com *.hs-scripts.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com *.clarity.ms *.targetfirst.com http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' 'unsafe-eval' 'self' *.tapfiliate.com *.hs-scripts.com *.googleoptimize.com bat.bing.com *.clickagy.com *.cloudflare.com *.googleadservices.com *.rsc.cdn77.org cdn77.ringover.com cdn.jsdelivr.net *.algolianet.com *.algolia.net *.googlesyndication.com *.g.doubleclick.net *.welcomekit.co welcomekit.co facebook.com linkedin.com *.link-page.info snippets.freshchat.com snap.licdn.com dc.ads.linkedin.com storage.googleapis.com px.ads.linkedin.com ct.capterra.com google.com google.fr *.trustpilot.com embed.tawk.to *.gotolstoy.com youtube.com pi.pardot.com redirectmail.ringover.com static-v.tawk.to *.google-analytics.com *.googleadservices.com *.googletagmanager.com gstatic.com *.g.doubleclick.net *.gstatic.com *.facebook.net *.gotolstoy.com redirectmail.ringover.com *.google.com *.hotjar.com *.lfeeder.com *.zoominfo.com *.livechatinc.com *.googleanalytics.com *.schedulehero.io *.revenuehero.io; style-src 'self' *.rsc.cdn77.org *.google.com *.googleapis.com *.ringover.com https://fonts.googleapis.com fonts.gstatic.com *.targetfirst.com http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; connect-src wss://*.watcheebox.net http://watcheebox.net http://*.watcheebox.net *.targetfirst.com *.appvizer.one appvizer.one *.redditstatic.com *.reddit.com *.bing.net *.ringover.net wss://*.ringover.net ipapi.co/json *.hsforms.com *.heeet.io *.snitcher.com *.amazonaws.com alocdn.com *.ip-api.com 'self' *.hscollectedforms.net *.hubapi.com *.hubspot.com *.statuspage.io *.liadm.com *.oribi.io *.ads.linkedin.com *.clickagy.com *.clarity.ms *.zoominfo.com *.rsc.cdn77.org cdn.jsdelivr.net *.lfeeder.com *.googleusercontent.com *.algolia.net *.algolianet.com *.googlesyndication.com *.welcomekit.co welcomekit.co *.ringover.com va.tawk.to *.googleadservices.com *.hotjar.com wss://*.hotjar.com *.gotolstoy.com *.google.com *.google-analytics.com *.google.fr *.g.doubleclick.net *.schedulehero.io *.revenuehero.io; font-src 'self' http://watcheebox.net http://*.watcheebox.net 'unsafe-inline' *.rsc.cdn77.org *.gstatic.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.targetfirst.com *.rsc.cdn77.org *.ringover.com cdn.livechatinc.com; frame-src 'self' *.appspot.com *.googletagmanager.com *.ringover.com *.hsforms.com *.cloudflare.com *.google.com *.youtube-nocookie.com *.google.com *.hotjar.com *.gotolstoy.com *.youtube.com youtube-nocookie.com *.livestorm.co calendly.com *.facebook.com *.trustpilot.com *.doubleclick.net *.livechatinc.com *.schedulehero.io; child-src 'self' *.rsc.cdn77.org *.ringover.com; form-action 'self' *.hsforms.com *.rsc.cdn77.org *.facebook.com; frame-ancestors 'self' *.rsc.cdn77.org *.schedulehero.io; object-src 'none'; base-uri 'self' *.rsc.cdn77.org; worker-src 'self' *.rsc.cdn77.org *.ringover.com; manifest-src 'self' *.rsc.cdn77.org; 2 frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 2 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2 frame-ancestors 'self' https://app.contentful.com http://15.156.122.252 https://timescale.ghost.io https://assets.timescale.com https://timescale.com https://www.timescale.com; 2 default-src https:;connect-src https:;font-src https: data:;frame-src https:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 2 img-src data: *; 2 frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr 2 upgrade-insecure-requests; frame-ancestors 'self' ; report-to csp-violation; report-uri https://cspreports.realpage.com/api/reports/save/violation; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.acsbapp.com acsbapp.com *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com *.cookiebot.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.cookiebot.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com *.cookiebot.com; object-src 'none'; 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src 'self' 'unsafe-inline' blob: data: https://*.gstatic.com https://embedr.flickr.com https://widgets.flickr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com https://*.google.com https://*.google.pt https://*.clarity.ms https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com https://www.facebook.com https://embedr.flickr.com https://widgets.flickr.com https://hcaptcha.com https://*.hcaptcha.com https://*.unibuddy.co https://cdn.jsdelivr.net code.jquery.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://hcaptcha.com https://*.hcaptcha.com https://*.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: blob: 'unsafe-inline' https://placehold.it https://*.iscte-iul.pt https://iscte-iul.pt https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.pt https://www.linkedin.com https://www.googleadservices.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ciencia.iscte-iul.pt https://px.ads.linkedin.com https://www.facebook.com https://live.staticflickr.com https://*.clarity.ms; connect-src 'self' https://*.readspeaker.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://*.clarity.ms https://embedr.flickr.com https://*.hcaptcha.com; object-src 'self'; frame-src 'self' https://*.iscte-iul.pt https://*.eventbrite.pt https://*.eventbrite.com https://*.google.com https://*.google.pt https://*.soundcloud.com https://www.youtube.com https://youtu.be https://sketchfab.com https://player.vimeo.com https://www.strava.com https://hcaptcha.com https://*.hcaptcha.com https://forms.office.com https://*.unibuddy.co https://unibuddy.co 2 upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 2 object-src 'none'; upgrade-insecure-requests; 2 default-src 'self' * 'unsafe-inline' *.3qsdn.com *.payengine.de data: blob:; style-src 'self' *.googleapis.com *.eye-able.com *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com; img-src * 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com data: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.livehelpnow.net *.xbselect.com *.redditstatic.com *.twitter.com *.polyfill.io *.paypal.com *.optimove.net *.radar.com *.plaid.com *.braintreegateway.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob 2 frame-ancestors 'self' 'unsafe-inline' *.e-bebek.com *.ebebek.com data: 2 frame-ancestors 'self' https://site.ticketsports.com.br https://www.mapmyrun.com https://www.stay22.com 2 script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline' https://*.tagmanager.com:443 https://*.googleapis.com:443;font-src 'self'; connect-src 'self' https://*.lhsystems.com:443 https://*.stape.io:443 https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://www.google.com.*:443 https://*.lhsystems.com:443 https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests; 2 frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 2 default-src 'self' static.zohocdn.com; font-src 'self' css.zohocdn.com; script-src 'self' 'unsafe-inline' analytics.cdmon.com *.zohopublic.eu *.zohocdn.com connect.facebook.net bat.bing.com static.ads-twitter.com *.hotjar.com script.hotjar.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.redditstatic.com; style-src 'self' 'unsafe-inline' *.zohopublic.eu *.zohocdn.com *.doubleclick.net; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.cdmon.com salesiq.zohopublic.eu *.facebook.com bat.bing.com *.google-analytics.com *.google.com *.doubleclick.net *.trackingplan.com *.googlesyndication.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io *.reddit.com *.redditstatic.com; frame-src 'self' salesiq.zohopublic.eu *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.googletagmanager.com; img-src 'self' data: hostwordpress.es *.hostwordpress.es *.zohopublic.eu static.zohocdn.com analytics.twitter.com t.co *.facebook.com google.com google.es *.ytimg.com bat.bing.com *.google.com *.google.es *.googletagmanager.com secure.gravatar.com *.reddit.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2 default-src 'none'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.trustedshops.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' *.trustedshops.com data:; font-src 'self' data: *.trustedshops.com https://manage.chilly.domains https://swiss.chilly.domains https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com https://stats.ledl.net/; form-action *; connect-src 'self' *.trustedshops.com stats.ledl.net; worker-src 'self' blob: 2 frame-ancestors 'self' https://energy-explorer-test.azurewebsites.net https://energy-explorer.azurewebsites.net https://explorer.hitachienergy.com https://hitachilandscapes.com https://www.hitachienergy.com https://dev.cms.cloud.hitachienergy.cn https://stage.cms.cloud.hitachienergy.cn https://www.hitachienergy.cn https://landscapes.hitachienergy.com https://privacyportal.cookiepro.com 2 upgrade-insecure-requests; frame-src *; 2 default-src 'self';connect-src 'self' google.com *.amazonaws.com *.bigcontent.io *.cardinalcommerce.com *.facebook.com *.google-analytics.com *.google.com *.ketchcdn.com *.ketchjs.com *.klaviyo.com *.launchdarkly.com *.online-metrix.net *.optimizely.com *.paypal.com *.pingone.com *.postcodeanywhere.co.uk *.px-cloud.net *.reddit.com *.redditstatic.com *.yotpo.com *.zdassets.com *.zendesk.com *.zopim.com browser-intake-datadoghq.com wss://widget-mediator.zopim.com;font-src 'self' data: *.bootstrapcdn.com *.cloudflare.com *.gstatic.com *.klaviyo.com *.yotpo.com;frame-ancestors 'self' *.amplience.net *.hasbropulse.com pay.google.com;frame-src 'self' *.cardinalcommerce.com *.cybersource.com *.facebook.com *.google.com *.online-metrix.net *.optimizely.com *.paypal.com *.youtube-nocookie.com;img-src 'self' data: *.amplience.net *.bigcontent.io *.facebook.com *.googletagmanager.com *.gstatic.com *.ketchcdn.com *.online-metrix.net *.postcodeanywhere.co.uk *.reddit.com *.usablenet.com *.yotpo.com *.ytimg.com;media-src 'self' *.amplience.net;script-src 'self' 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' *.cardinalcommerce.com *.cloudflare.com *.cybersource.com *.cquotient.com *.datadoghq-browser-agent.com *.facebook.com *.facebook.net *.getshogun.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ketchcdn.com *.ketchjs.com *.klaviyo.com *.online-metrix.net *.optimizely.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.pingone.com *.postcodeanywhere.co.uk *.px-cdn.net *.px-cloud.net *.redditstatic.com *.usablenet.com *.yotpo.com *.zdassets.com *.zopim.com storage.googleapis.com;style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.getshogun.com *.googleapis.com *.pingone.com *.postcodeanywhere.co.uk *.usablenet.com *.yotpo.com;worker-src 'self' blob:;upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' playcanvas.com msg.playcanvas.com code.playcanvas.com relay.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src https://playcanvas.com 'self' data:; 2 frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ts1.numeroblu.it https://widget.spreaker.com https://assets.sitescdn.net https://platform.twitter.com https://platform.linkedin.com https://*.iubenda.com https://*.liveperson.net https://www.googletagmanager.com https://cdn.eye-able.com https://answers.trenord.com.pagescdn.com https://trenord.mailmnsa.com https://bat.bing.com https://connect.facebook.net https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://www.clarity.ms https://snap.licdn.com https://maps.googleapis.com https://www.geocms.it https://storage.googleapis.com https://*.lpsnmedia.net https://www.google.com https://*.paypal.com https://*.paypalobjects.com https://www.gstatic.com https://s.pinimg.com https://analytics.tiktok.com https://ct.pinterest.com https://download.pi.dynamics.com/sdk/web/msei-0.js; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com *.ads.linkedin.com *.linkedin.oribi.io *.linkedin.com *.doubleclick.net *.googleads.g.doubleclick.net ads-twitter.com ads-api.twitter.com analytics.twitter.com www.googleadservices.com trc.taboola.com www.clarity.ms up.pixel.ad connect.facebook.net munchkin.marketo.net www.googletagmanager.com www.googleadservices.com www.google.com www.clarity.ms classify.gofurther.com collector-52407.us.tvsquared.com *.mountain.com assets.adoberesources.net up.pixel.ad lonrtp1-cdn.marketo.com static.ads-twitter.com snap.licdn.com p.adsymptotic.com sjs.bizographics.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net *.taboola.com www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ; connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net *.yimg.com *.ads.linkedin.com *.linkedin.oribi.io *.linkedin.com *.doubleclick.net *.googleads.g.doubleclick.net ads-twitter.com ads-api.twitter.com analytics.twitter.com collector-52407.us.tvsquared.com *.mountain.com *.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com www.googletagmanager.com api.intentiq.com session-replay.browser-intake-datadoghq.com 848-iap-939.mktoresp.com bat.bing.net px.ads.linkedin.com snap.licdn.com p.adsymptotic.com sjs.bizographics.com 848-iap-939.mktoresp.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com siteimproveanalytics.com wss://*.decibelinsight.com wss://*.decibelinsight.net *.taboola.com www.facebook.com www.fti.wallst.com wss://*.adobe.io ; img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net www.dianomi.com sync.intentiq.com connect.facebook.net t.co www.facebook.com ad.doubleclick.net analytics.twitter.com px.ads.linkedin.com analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms classify.gofurther.com collector-52407.us.tvsquared.com d21y75miwcfqoq.cloudfront.net di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ; font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ; style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ; worker-src blob: *.decibel.net ; frame-ancestors 'none'; 2 frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2 default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com h.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com abt.s3.yandex.net ajax.cloudflare.com mw2.breezyx.space test-halykid.homebank.kz;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com mw2.breezyx.space 2 default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://remitano.com 2 frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 2 default-src https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com https://*.netlify.app; img-src 'self' data: https://a-us.storyblok.com https://cdn.jwplayer.com https://prd.jwpltx.com https://ping-meta-prd.jwpltx.com https://assets-jpcust.jwpsrv.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'sha256-RmOHt8YQwKu/Tc/yB+HMnv3GRcmNkZj9iCJKm4zbB8Y=' 'sha256-+5vEKvyVBdJJM2VqkZQYvDHaEzVZPLGI7gXm+VEZJEw=' 'sha256-qKWJLJCDCVd/CbqvPfgxo5CZF0Tw+8A1M3IiyrjtR+c=' 'sha384-i4ZZAI3KNFyDWNJHwXDDVo+Q0C1VOv13uiIgaB2mqsL3szbmmhJgq9atq2RzoR17' 'sha384-iJwxttDyB/EW3f1s34A9706EoU6+FfLz8B5y0a/olsP6iRd2G/U0Kl1bgD6fisk/' 'sha384-nkEDn/kDgVKE8iOmI+WdyRtMrdUj980RbEc90loTphMmXBBw5l3yuV0HdvRsy9GX' 'sha384-ca7g2NR6sBP3ijiuhgakKSA+yT/mA++We4mEk/dWwRUVp6y9p/b58v+Xkbsn306I' 'sha384-GTuC7dFMPof2g4X65bsXq3zK4uuOhRkNuNEwmMsY50nfdr483FvrnrXwv5RRE/ab' 'sha384-HsEMqvkU/77Vo1U7NkRMTsMLS5TlocEPIWg/ALpjB9lOw7FpazuACMt5lriCiqOs' 'sha384-jxegn5Dy+ynoTbLUMrM+yyFjyomE0NKXFseW9qASEZDC7iw0tUTh4OoeY5EQARFe' 'sha384-RXFCcAHiAR93nqGI7fjeSlbMuC9wOMDfH6mBj07oczsFsHlRdCBLanEExgpJDPmh' 'sha384-si11lxQipGDuHsJvUHytfzZPBTAsRSLlbAlP00+P8EhHa8FZP/ZXONY4meMMR+m8' 'sha384-doWA4OinNVfSOLt2JkEaeY6vmwGm4pSlQZtsUtsR9PU+VTqFdntIKmKF3zASjBzL' 'sha384-9YZ/Pt0f3hOWhaTeS/HSN3l3DhGpGy529xky+TuUVE0mReUDDFRNWzIc+RvViKJv' 'sha384-m36HPKa2NQmpv6w+QCDTboGD+xSzITH7FnQxuHjN4WN+I0Y4vrAJgdnizuxOHGhu' 'sha384-oVJ9XWjFXUpVaL7f4o3YNKw0DvPPYiwC0aIcKOnhms2K95/STVFzFSfGupxkuhWG' 'sha384-yUr1qBglaNxI76bCXwpk1kG7+OY/AX0+BbAoxkIIHiUPUjficcgv4FgSAVcciOP+' 'sha384-GesbHkjdQitQAaHaLGvxqLi9tv+dHQWMcgRps6Fqh//iqk+VT2jHB/mEUukcNZGp' 'sha384-vdPbvbljWgL66gJ6aPlmBHIAhuyHv+P4bQy2nwaFwsnNo+sh8dsU+hccUeiF4Hpa' 'sha384-rsIGBTeUxwcb2hyUX/aKsGmiLLZ6f0HFdjHQ4kNmhbv6u2fW2DqA39OlscWgALbt' 'sha384-uLVLmxCca/ObyA98+o7xdB+Qrzo1eD/uE4qB603hHngnCDVky3jY9GLhP3ktrCjD' 'sha384-SrBWXc/WQwQ3LVYizeIpAfx9MpuTuXJgpu+dhxLaT1V5yqo0/e38CAOYuZRbxmy8' 'sha384-puijYoqdfS7YfjeQI8TPoHW0h5Jr/vwtfAEOOh69ynjZlJ1wxp5rRe9T7i6d1rU5' 'sha384-54uUk3LPfZJpqlpYqz/JI9kOx+Y1b/q5UH5ApHAxcVHMiWb8RlAS/l63A8WVrxKS' 'sha384-dR/z78fBj/tkUbGfmgBX0rLqB28P66/XNu0oFLKd3Q2V5SowdJF5DTt/bwSLvmQO' 'sha384-Vm3+7QTSvMAkQ33LFRUBLS30GkspaPUp3rZlCqlomGPcy67tk9Fkj36LaS/seaXS' 'sha384-oc+5iUTMnPdOj2bRyF97JUXspM+cz9lN/mxH1tJa/uOoR9vsvaGi93+Ig6DcZroc' 'sha384-fFaoVCYfF7443HOjrDszROgpedy7NrPDwGhsQDxSrXdVYD3IkEYUocA0cpAZkVLJ' 'sha384-tmqUt4mCty5ipXdK8WT8ZlcHV51QFBZSmj+g1Qw2BU/GVh4ForM8z4upP/Ac2uJa' 'sha384-w4qOlO4tSxObzpsl42f1zV4LJJ2GfM21aZHQg35qw9fgjSZUHHBpLCJT7TZP4dCL' 'sha384-iFJp6Wc/nnBLlfkODHD0NoTJVG1a5wVFpgHIuydvfljgzzT3zpZooKewW9sKDRFL' 'sha384-OhNTNXy4mCHF+apRJMFBk7cLMB/M4f/KuozG3lxOpuDbw74JlApNLREbfvyLdgq7' 'sha384-UTb96YMFJLVrG6Rs5JJmYl7kxpsO2MOgJ1C+NoYIX/Qp1vnSjVgw1X8tPCzMwyqO' 'sha384-h0Ln9oJlQByc2dziwewIol2TKPfpDWQTvexiiHicbUthaayt9fqWGDnN909qPNCo' 'sha384-5GA9CtfhbBXTtFoahuaeARyM3+VXTCsYcq5tpa7itbfCWudgP9i4Sx/pjSPHZNSP' 'sha384-qwcSLU4WG9de8hgmssULNl0OdqLj/GlPLRvkGJl9JsLqIGliSQI/jQCpqn19Vt5U' 'sha384-Hg6D7y+ykqpddYtPgMOUcGASpIj4qdlFgSNx+PYpp+65ybAawKPc/k+3RM7WOXj/' 'sha384-COkaSG49SRVzSEFLvcC8zmkFdeAKPthdS/YWHw34Gt3XrdBGR1RcmrQnj9CDTv9x' 'sha384-hg8RZJUy459F9NbrTLL8vHTLCGu2Jme0kRaXEt+DOY44gaQOVvRB4m/iUNmw9x4f' 'sha384-nfe//qFOP1CkwiWB5scTZOHmP1MSBRrYVEkIx/BBRTP7F0oCcekmYXHWylEf9MyK' 'sha384-MThXC9btj7YqgrK4Z2hdaC1Rs2o0lODN2HRTlXn0vnVF3lMNpQMmE1746arOtd70' 'sha384-ow2g/I3mVd1ScF24dn2dYXaTunU2mwi+L7P7nsf00+hdZn2DKLUptsF9h51MN6zu' 'sha384-eMgI1g+xYNpwNQNQvkDzyOtsN2LxdyVyhjlO9hSuht7enGtEBqhf/3HBbX1h4vZB' 'sha256-Gi/nYCICyD4LRGFj9MsNVvca6TNBdFh0D4/fdz2euRI='; upgrade-insecure-requests; frame-src 'self' *.wufoo.com app.netlify.com; 2 default-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; script-src 'self' 'unsafe-inline' https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; img-src 'self' https://c.ndtvimg.com https://www.carandbike.com https://i.ytimg.com https://images.carandbike.com https://img.youtube.com https://i.ndtvimg.com https://cdn.ndtv.com https://*.amazonaws.com https://media.mahindrafirstchoice.com https://uploads.carandbike.com https://media.stagemfc.com https://players.storyasset.link https://*.adtrafficquality.google https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.adtrafficquality.google https://*.securiti.ai https://*.storyasset.link https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://stage-images.carandbike.com https://images.carandbike.com https://vw-stage.s3.ap-south-1.amazonaws.com https://d1sf2i017gp2vt.cloudfront.net https://dev-car-s3.s3.us-east-2.amazonaws.com https://discuss.carandbike.com https://autofin-staging.s3.ap-south-1.amazonaws.com https://audi-project-stage.s3.ap-south-1.amazonaws.com https://ss.makestories.io https://stage-images.carandbike.comwms https://chnimgs3bkt.s3.ap-south-1.amazonaws.com https://locowiz.s3.ap-south-1.amazonaws.com https://cdn2.storyasset.link https://mfcwl-vehicle-images.s3.ap-south-1.amazonaws.com https://dqojbaipnk6zw.cloudfront.net https://dko949vgsquyj.cloudfront.net https://players.storyasset.link https://zekardo.s3.ap-south-1.amazonaws.com https://mahindra-nasik-images.s3.ap-south-1.amazonaws.com data:; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; frame-ancestors 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; frame-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; base-uri 'none'; connect-src 'self' wss: https://*.doubleclick.net https://*.googlesyndication.com https://*.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.carandbike.com https://*.adtrafficquality.google https://*.securiti.ai https://*.youtube.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.co.in https://*.googleoptimize.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://*.instagram.com https://s.ytimg.com https://*.ampproject.org; 2 report-to slardar-endpoint; upgrade-insecure-requests ; 2 frame-ancestors 'self' https://hunterdouglas-website-dev.sanity.studio https://hd.lightning.force.com 2 default-src 'self' 'unsafe-inline' *.tuxis.nl tools.tuxis.cloud tuxis.my3cx.nl object-src data: 'unsafe-eval' frame-ancestors: 'self' connect-src * ws: wss:; 2 frame-ancestors 'self' *.meutudo.app https://www.google.com https://meutudo.api.useinsider.com https://event.getblue.io https://s.amazon-adsystem.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://no-cdn.convertexperiments.com https://cdn.amplitude.com/libs/analytics-browser-2.4.1-min.js.gz https://app.varify.io https://editor.varify.io *.api.useinsider.com https://www.trustedsite.com/rpc/ajax *.amazon-adsystem.com *.gstatic.com https://cdn-4.convertexperiments.com/js/10041799-10042103.js https://dashboard.purplemetrics.com.br/widget/js/widget.js https://www.trustedsite.com/rpc/tmjs/meutudo.com.br/visit https://cdn.ywxi.net *.facebook.net https://event.getblue.io https://meutudo.api.useinsider.com https://api.useinsider.com/sw.js https://s1.kwai.net/ https://static.hotjar.com https://script.hotjar.com https://widget.getblue.io/event/ https://www.clarity.ms/ *.google.com https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com; 2 frame-ancestors 'self' *.katalon.com;; upgrade-insecure-requests 2 default-src self https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; worker-src blob: data: 2 frame-ancestors 'self' https://*.sanity.studio http://localhost:3333 2 frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com https://www.energiaxxi.com https://www.endesatarifasluzygas.com https://watlab.es https://*.watlab.es 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.odphp.health.gov odphp.health.gov health.gov https://cdn.jsdelivr.net https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://td.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 2 base-uri 'self'; object-src 'none'; frame-ancestors 'self' 2 frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com *.google.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 2 base-uri 'self'; frame-ancestors 'self' https://*.life.church https://*.lifechurch.io; upgrade-insecure-requests; 2 default-src 'self' https://use.typekit.net; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://view.ceros.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.cookielaw.org https://player.vimeo.com/ https://www.recaptcha.net; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net https://www.google-analytics.com https://*.googleapis.com https://i.vimeocdn.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.onelogin.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com https://view.ceros.com https://players.brightcove.net https://www.youtube.com https://www.youtube-nocookie.com https://www.recaptcha.net; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/;; font-src 'self' 'unsafe-inline' https://themes.googleusercontent.com use.typekit.net *.gstatic.com data:;; connect-src 'self' https://*.google-analytics.com *.algolia.net *.algolianet.com https://insights.algolia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com;; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors 'self' https://builder.drinkag1.com; 2 frame-ancestors 'self' *dol.com.br *elitecs.gruporba.com.br 2 base-uri 'self';frame-ancestors 'self';object-src 'none' 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 2 connect-src 'self' https: ws: https://ww2-api.tigocloud.net https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net; img-src 'self' data: blob: https://ww2-cdn.tigocloud.net https://ww2-api.tigocloud.net https://www.millicom.com https://www.google.com.gt https://www.google-analytics.com https://cdn.cookielaw.org https://i.ytimg.com; media-src 'self' data: blob: https://ww2-cdn.tigocloud.net; default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' https: https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; 2 default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 2 default-src 'self' *.gotoassist.com *.dev-gotoassist.com fastsupport.com i1fastsupport.com stage.fastsupport.com 'unsafe-inline' 'unsafe-eval' data: *.getgo.com *.google.com *.google-analytics.com *.googleapis.com 2 style-src 'self' https: 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com cdn.jsdelivr.net www.googletagmanager.com https://www.netsurion.com; img-src 'self' https: data: https://bat.bing.com https://clients1.google.com https://px.ads.linkedin.com https://tribl.io https://www.google-analytics.com https://www.google.com https://www.netsurion.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.netsurion.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.calendly.com https://www.google.com https://cse.google.com https://clients1.google.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com/ https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://apis.google.com https://www.recaptcha.net https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com https://snap.licdn.com https://bat.bing.com https://ajax.googleapis.com https://ws.zoominfo.com https://www.netsurion.com https://www.google.co.uk https://www.google.nl https://www.google.de https://www.google.fr https://www.google.co.in https://www.google.pl https://www.google.com.au https://www.google.co.id https://www.google.it https://www.google.co.il https://www.google.com.ph https://www.google.ie https://www.google.be https://www.google.ru https://www.google.se https://www.google.co.nz https://www.google.com.co https://www.google.com.mx https://www.google.pt https://www.google.co.th https://www.google.com.ng https://www.google.ca https://www.google.es https://www.google.no https://www.google.dk https://www.google.com.bd https://www.google.ch https://www.google.com.my https://www.google.co.za https://www.google.cz https://www.google.com.pk https://www.google.co.ma https://www.google.si https://www.google.com.tr https://www.google.com.tw https://www.google.com.br https://www.google.bg https://www.google.co.kr https://www.google.com.ua https://www.google.co.cr https://www.google.com.pe https://www.google.fi https://www.google.lt https://www.google.ge https://www.google.com.ar https://www.google.com.pr https://www.google.com.sg https://www.google.gr https://www.google.lk https://www.google.co.jp https://www.google.ae https://www.google.com.eg https://www.google.com.sa https://www.google.com.do https://www.google.com.pa https://www.google.ro https://www.google.hu https://www.google.cl https://www.google.hr https://www.google.lv https://www.google.at https://www.google.com.ec https://www.google.com.vn https://www.google.cn https://www.google.com.hk https://www.google.rs https://www.google.com.cy https://www.google.al https://www.google.com.py https://www.google.co.ke https://www.google.ee https://www.google.com.sv https://www.google.com.np https://www.google.co.ug https://www.google.kz https://www.google.com.jm https://www.google.lu https://www.google.mu https://www.google.com.kw https://www.google.iq https://www.google.com.gh https://www.google.by https://www.google.mk https://www.google.co.mz https://www.google.com.uy https://www.google.sk https://www.google.md https://www.google.hn https://www.google.jo https://www.google.dz https://www.google.com.et https://www.google.am https://www.google.co.ve https://tribl.io https://scout-cdn.salesloft.com www.google.com/jsapi https://partner.googleadservices.com/gampad/cookie.js https://tags.clickagy.com/data.js https://pi.pardot.com https://info.netsurion.com https://j.6sc.co/6si.min.js; connect-src 'self' https://px.ads.linkedin.com/wa/ https://csp.withgoogle.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://adservice.google.com/ https://analytics.google.com/ https://www.netsurion.com https://scout.salesloft.com/ https://cdn.linkedin.oribi.io/ https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://ipv6.6sc.co/; frame-src 'self' blob: https://www.netsurion.com/latest-news https://www.netsurion.com/latest-news/news https://www.google.com/recaptcha/ https://cse.google.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://cdn.embedly.com/ https://tribl.io https://www.netsurion.com/ https://info.netsurion.com/ https://td.doubleclick.net/; child-src https://www.googletagmanager.com/ns.html; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self' https://www.netsurion.com; worker-src 'none';form-action 'self' https://www.netsurion.com/assessments/gap-analysis https://www.netsurion.com/campaigns/ppc-gap-analysis https://www.netsurion.com/campaigns/cmit-gap-analysis; 2 frame-ancestors 'none'; report-uri https://prod-th-csp-service.rbictg.com/csp; report-to csp-endpoint 2 default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors https://app.contentful.com; 2 frame-ancestors 'self'; object-src 'self' https://on-site.com https://*.on-site.com https://*.realpage.com; report-uri /pub/csp_reports 2 default-src form.gov.sg api-cdp.eu01.treasuredata.com *.treasuredata.com *.recaptcha.net *.bellustartokyo.jp *.net-fs.com *.matterport.com *.smartviewmedia.com.au *.sprinklr.com *.zencdn.net *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline'; script-src 'self' *.panpacific.com *.pphg.com *.opentable.com.au *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com *.googlesyndication.com messenger.myma.ai *.cookieyes.com cdn-cookieyes.com *.adobedtm.com form.gov.sg *.addtoany.com api-cdp.eu01.treasuredata.com *.treasuredata.com *.gstatic.cn *.cloudfront.net *.usabilla.com *.recaptcha.net *.sojern.com *.gstatic.com *.yimg.jp *.sevenrooms.com *.twitter.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.imenupro.com imenupro.com *.tablecheck.com *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.mynewsdesk.com *.opentable.co.uk *.jscache.com *.tripadvisor.com *.tripadvisor.com.au *.tacdn.com *.abtasty.com *.digicert.com *.titiqcdn.com *.tiqcdn.com *.google.com *.facebook.com *.facebook.net *.youtube.com *.googleapis.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com *.googletagmanager.com *.enzymic.co *.baidu.com *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com *.everestjs.net *.matomo.cloud *.adform.com *.adform.net *.googleadservices.com *.google.com.sg *.zencdn.net *.doubleclick.net *.clarity.ms *.addthisedge.com *.moatads.com *.contentsquare.net app.contentsquare.com 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com *.linkedin.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' *.panpacific.com *.panomatics.com *.cloudfront.net *.usabilla.com *.sprinklr.com *.sevenrooms.com *.sprinklr.com *.abtasty.com *.amazonaws.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.bootstrapcdn.com *.tacdn.com *.googleapis.com *.cloudfront.net *.cloudflare.com *.zencdn.net 'unsafe-inline'; font-src 'self' *.cloudfront.net *.usabilla.com *.sevenrooms.com *.abtasty.com *.sprinklr.com *.fontawesome.com *.amazonaws.com *.gstatic.com *.panpacific.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.contentsquare.net 'unsafe-inline' data: ; img-src 'self' blob: data: *.panpacific.com *.bookmebob.com *.affilired.com *.denomatic.com *.doubleclick.net *.panomatics.com https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com *.googlesyndication.com *.cookieyes.com cdn-cookieyes.com bmbuiassetsprod.blob.core.windows.net *.googletagmanager.com *.google.ca *.cloudfront.net *.usabilla.com *.tripadvisor.com *.travelmyth.com *.sojern.com *.sevenrooms.com *.sprinklr.com *.fbcdn.net *.twimg.com *.pphg.com *.google.co.id *.google.com.my *.abtasty.com http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org *.osm.org *.tile.osm.org *.googleadservices.com *.ghadiscovery.com *.nor1upgrades.com *.amazonaws.com *.adsymptotic.com *.demdex.net *.everesttech.net *.maxcdn.com *.tacdn.com *.tripadvisor.com.au *.facebook.com *.doubleclick.net *.linkedin.com *.bing.com *.google-analytics.com *.google.com *.google.com.sg *.gstatic.com *.googleapis.com *.digicert.com *.maxcdn.com *.baidu.com *.cloudfront.net *.usabilla.com *.clarity.ms *.derbysoftca.com *.contentsquare.net 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com 'unsafe-inline' ; frame-src 'self' *.affilired.com *.denomatic.com *.doubleclick.net *.sojern.com panomatics.com *.panomatics.com *.opentable.com.au *.thefork.com messenger.myma.ai *.net-fs.com *.addtoany.com *.cloudfront.net *.usabilla.com *.recaptcha.net *.hotelgroove.jp *.bellustartokyo.jp *.google.com *.dailymotion.com *.vimeo.com *.sevenrooms.com *.matterport.com *.adform.net tablecheck.com *.tablecheck.com *.smartviewmedia.com.au *.demdex.net *.instagram.com *.thefork.com.au thefork.com.au *.dimmi.com.au *.nowbookit.com *.facebook.com *.mynewsdesk.com *.opentable.co.uk *.doubleclick.net *.trustyou.com *.trustyou.co *.youtube.com *.lafourchette.com planet360bd.com *.abtasty.com *.contentsquare.net 360.theredmarker.com 'unsafe-inline' ; connect-src https: http: *.cloudfront.net *.usabilla.com *.abtasty.com *.contentsquare.net *.contentsquare.com 20.67.250.109 54.247.44.196 52.51.9.12 52.18.162.157 20.75.90.236 100.24.76.90 34.192.98.148 20.67.250.109 54.247.44.196 52.51.9.12 35.72.153.38 35.73.99.41 34.192.240.128 *.fullstory.com ; child-src blob: ; worker-src blob: ; 2 upgrade-insecure-requests; frame-ancestors 'self' *.wso2.com choreo.dev; 2 default-src 'self' 'unsafe-inline' data: https:; frame-ancestors 'self' 2 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ie *.interactivebrokers.hu *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io impact.interactivebrokers.com widgets.tipranks.com site.recognia.com worldtrader.hsbc.ae *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.greenwichcompliance.com; 2 script-src 'self' https://2checkout.com http://* https://* 'unsafe-inline' 'report-sample' disqus.com c.disquscdn.com platform.instagram.com cdnjs.cloudflare.com z.moatads.com tpcf.feedify.net cdn.feedify.net feedify.net www.google.com/ www.gstatic.com/ call.chatra.io code.jquery.com cdn.amcharts.com code.highcharts.com kenwheeler.github.io cdn.jsdelivr.net a.disquscdn.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com gist.github.com/ScottHelme/ static.cloudflareinsights.com js.stripe.com https://unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' 'report-sample' c.disquscdn.com a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.feedify.net feedify.net kenwheeler.github.io platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: www.gravatar.com cdn.feedify.net feedify.net links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com www.google-analytics.com stripe.com/ 2checkout.com/; frame-ancestors 'none'; report-uri https://cdn.feedify.net.report-uri.com/r/d/csp/enforce; report-to default 2 frame-ancestors 'self' https://timestation.uservoice.com; 2 frame-ancestors 'self' https://www.gesis.org https://lms.uni-kiel.de; 2 frame-ancestors 'self' *.pucv.cl; 2 frame-ancestors admin.shopify.com *.myshopify.com online-store-web.shopifyapps.com; 2 frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 2 frame-ancestors https://specialty-care-pavilion-latest.jefferson.edu https://specialty-care-pavilion.jefferson.edu https://specialty-care-pavilion-dev.jefferson.edu; 2 default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss: blob:; font-src https: data:; frame-src https:; img-src https: data: blob: 'self'; worker-src blob: https:; media-src data: blob: https:; frame-ancestors 'self' https://sccbko.puig.com 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com www.googletagmanager.com https://manage.hawksearch.com https://app-script.monsido.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stats.g.doubleclick.net/ https://cdn.usefathom.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ *.monsido.com/ 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://cdnjs.cloudflare.com/ https://manage.hawksearch.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com http://cuyahogacounty.us http://tracking.monsido.com https://cuyahogacms.blob.core.windows.net https://cdn.usefathom.com https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/ 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://tracking.monsido.com https://cdnjs.cloudflare.com https://manage.hawksearch.com https://www.googletagmanager.com/ https://cuyahogacms.blob.core.windows.net; frame-src 'self' https://player.vimeo.com https://www.google.com/ *.youtube.com/ forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.frontify.com *.cloudinary.com http://tracking.monsido.com https://stats.g.doubleclick.net *.monsido.com/ 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://cuyahogacms.blob.core.windows.net https://cdn.cuyahogacounty.us/ https://player.video.wowza.com/ https://s3.amazonaws.com/ https://prod-railsapp.s3.amazonaws.com/ https://latencytimer.azurewebsites.net/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.frontify.com cloudinary.com *.cloudinary.com 'self' web-chat.nativechat.com 2 block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa jp.securityscorecard.com securityscorecard.com securityscorecard.camp .cookiebot.com; default-src .crazyegg.com; object-src 'none'; img-src 'self' .crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' .heapanalytics.com .crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com .crazyegg.com https://*.qualified.com wss://*.qualified.com .auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com; 2 frame-ancestors 'self' https://good-game-network.com https://*.good-game-network.com https://*.ggpoker.co.uk https://ggpoker.com https://*.ggpoker.com https://ggpoker.kg https://*.ggpoker.kg https://ggpoker.eu https://*.ggpoker.eu https://*.ggpoker.ca https://ggpoker.ca https://*.olybet.ee https://*.olybet.lv https://*.olybet.eu; 2 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/ www.clarity.ms https://translations.signapsesolutions.com/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 2 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ frame-ancestors *.emarsys.net; 2 frame-ancestors *.comparasemplice.it *.enigaseluce.com *.eniplenitude.com *.ci360.sas.com design-prod.cidemo.sas.com *.roialty.net *.facebook.com 52.18.162.157 52.17.161.123 *.adobeaemcloud.com *.google.com *.apple.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru https://clientcd.kontur:3443 lh3.googleusercontent.com; img-src 'self' data: *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru; report-uri https://frontreport-relay.kontur.host/csp/ 2 default-src 'self'; script-src 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com/ https://*.analytics.google.com https://www.googletagmanager.com https://translate.google.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/; style-src 'unsafe-inline' 'self'; frame-src https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/ https://www.youtube.com/; child-src 'self'; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com; font-src data:; connect-src blob: https://api.textures.com/ https://api-v3.textures.com/ https://www.textures.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com/ https://*.analytics.google.com; worker-src 'self'; form-action 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/; upgrade-insecure-requests; media-src 'self'; prefetch-src 'self'; manifest-src 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 2 frame-ancestors 'self' gemsociety.org *.gemsociety.org ganoksin.com *.ganoksin.com; frame-src * 2 frame-ancestors *.vaimo.net *.istore.co.za *.istore.com 2 script-src 'unsafe-inline' https://abdm.gov.in http://localhost:3000 https://sandbox.abdm.gov.in/ https://sandbox.abdm.gov.in/api/sandbox/v1/dashboard https://connect.facebook.net/en_US/sdk.js http://www.youtube.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ 2 default-src *; child-src 'self' blob:; connect-src * blob: ws: wss:; frame-src 'self' www.googletagmanager.com api.foxentry.cz www.databreakers.com cdn.msgok.net www.mall.tv mall.fameplay.tv fameplay.tv www.google.com www.youtube.com creativecdn.com sketchfab.com socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com www.zbozi.cz cj.dotomi.com open.spotify.com payu.com secure.payu.com merch-prod.snd.payu.com cpx.smind.hr cpx.smind.si data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com *.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz ssl.heureka.cz ssl.heureka.sk http://localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ *.mczbf.com *.cj.com *.payu.com unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet.markercluster@1.4.1/dist/leaflet.markercluster.js *.smind.hr *.smind.si; style-src * 'unsafe-inline'; img-src * data:; object-src 'none' 2 default-src 'self' data: *.dv.socure.io *.adobedc.net *.googletagmanager.com *.trustarc.com *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self' *.googletagmanager.com *.trustarc.com; child-src 'self' ujet.co *.adobedc.net *.ujet.co *.truste.com *.trustarc.com *.googletagmanager.com blob:; script-src 'self' https://secure.walmartmoneycard.com 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms *.licdn.com *.adobedc.net *.dv.socure.io *.truste.com *.consent.trustarc.com *.googletagmanager.com *.trustarc.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.stackadapt.com *.tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com https://acdn.adnxs.com/dmp/up/pixie.js https://ib.adnxs.com/pixie; connect-src 'self' https://secure.walmartmoneycard.com *.linkedin.com https://pie-secure-gdrewardsdev.nextestate.com/ https://qa-secure-gdrewardsdev.nextestate.com *.adobedc.net *.googletagmanager.com *.dv.socure.io *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com kvicxs.walmartmoneycard.com https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms; img-src 'self' data: https://secure.walmartmoneycard.com https://arttrk.com https://trkn.us https://rdcdn.com *.linkedin.com p.alocdn.com *.dv.socure.io *.adobedc.net aa.trkn.us i.ytimg.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: blob: https://*.extole.io https://*.xtlo.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.adobedc.net *.dv.socure.io *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: *.dv.socure.io *.adobedc.net kampyle.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.dv.socure.io *.adobedc.net *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' *.dv.socure.io *.adobedc.net https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://c.ltmsphrcl.net http://c.ltmsphrcl.net c.ltmsphrcl.net https://data.stbuttons.click http://data.stbuttons.click data.stbuttons.click https://dev.visualwebsiteoptimizer.com http://dev.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://tag-logger.demandbase.com http://tag-logger.demandbase.com tag-logger.demandbase.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://www.google.de http://www.google.de www.google.de https://www.google.es http://www.google.es www.google.es https://www.google.mw http://www.google.mw www.google.mw https://www.google.pt http://www.google.pt www.google.pt https://www.google.tn http://www.google.tn www.google.tn https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://analytics.google.com http://analytics.google.com analytics.google.com https://www.convertcalculator.com http://www.convertcalculator.com www.convertcalculator.com https://get663.com http://get663.com get663.com https://bat.bing.com http://bat.bing.com bat.bing.com https://overbridgenet.com http://overbridgenet.com overbridgenet.com https://adtonus.com http://adtonus.com adtonus.com https://code.jquery.com http://code.jquery.com code.jquery.com https://rbtds.net http://rbtds.net rbtds.net https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://translate-pa.googleapis.com http://translate-pa.googleapis.com translate-pa.googleapis.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://sentry.io http://sentry.io sentry.io https://*.clarity.ms http://*.clarity.ms *.clarity.ms https://api.company-target.com http://api.company-target.com api.company-target.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com http://pouch-global-font-assets.s3.eu-central-1.amazonaws.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://at.alicdn.com http://at.alicdn.com at.alicdn.com https://static.hsappstatic.net http://static.hsappstatic.net static.hsappstatic.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://gateway.zscloud.net http://gateway.zscloud.net gateway.zscloud.net https://*.spotify.com http://*.spotify.com *.spotify.com https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.bilibili.com http://*.bilibili.com *.bilibili.com https://gateway.zscaler.net http://gateway.zscaler.net gateway.zscaler.net https://gateway.zscalerthree.net http://gateway.zscalerthree.net gateway.zscalerthree.net https://w.soundcloud.com http://w.soundcloud.com w.soundcloud.com https://indd.adobe.com http://indd.adobe.com indd.adobe.com https://interfaces.zapier.com http://interfaces.zapier.com interfaces.zapier.com https://zapbot-12acdb.zapier.app http://zapbot-12acdb.zapier.app zapbot-12acdb.zapier.app https://s.company-target.com http://s.company-target.com s.company-target.com; img-src 'self' https://* http://* * blob: data:; media-src 'self' https://youtube.com http://youtube.com youtube.com https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://download-video-ak.vimeocdn.com http://download-video-ak.vimeocdn.com download-video-ak.vimeocdn.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co https://www.youtube.com http://www.youtube.com www.youtube.com https://data1.yutrec.com http://data1.yutrec.com data1.yutrec.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com cdnjs.cloudflare.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://dev.visualwebsiteoptimizer.com http://dev.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com https://www.convertcalculator.com http://www.convertcalculator.com www.convertcalculator.com https://pagead2.googlesyndication.com http://pagead2.googlesyndication.com pagead2.googlesyndication.com https://get663.com http://get663.com get663.com https://sc-static.net http://sc-static.net sc-static.net https://3001.scriptcdn.net http://3001.scriptcdn.net 3001.scriptcdn.net https://cdn.adnwif.smt.docomo.ne.jp http://cdn.adnwif.smt.docomo.ne.jp cdn.adnwif.smt.docomo.ne.jp https://checkout-api.worldshopping.jp http://checkout-api.worldshopping.jp checkout-api.worldshopping.jp https://s.pinimg.com http://s.pinimg.com s.pinimg.com https://s.yimg.jp http://s.yimg.jp s.yimg.jp https://static.ads-twitter.com http://static.ads-twitter.com static.ads-twitter.com https://www.clarity.ms http://www.clarity.ms www.clarity.ms https://infird.com http://infird.com infird.com https://abfc-extension.com http://abfc-extension.com abfc-extension.com https://apis.google.com http://apis.google.com apis.google.com https://app.convertcalculator.co http://app.convertcalculator.co app.convertcalculator.co https://scripts.convertcalculator.com http://scripts.convertcalculator.com scripts.convertcalculator.com https://interfaces.zapier.com http://interfaces.zapier.com interfaces.zapier.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.scite.ai http://cdn.scite.ai cdn.scite.ai 'unsafe-inline'; worker-src blob: 2 upgrade-insecure-requests; default-src 'self' https://cdn.plaid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://platform.benefits.wexglobal.com/identityverification/v1/js/identityverificationwrapper.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net https://cdn.plaid.com; connect-src 'self' dpm.demdex.net https://production.plaid.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;frame-ancestors 'self';; 2 base-uri 'self'; frame-ancestors *;frame-src *;child-src 'self';block-all-mixed-content;object-src 'none'; prefetch-src 'self';worker-src 'self'; default-src https: data: ws:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-eu1.hs-scripts.com https://snippets.freshchat.com https://wchat.freshchat.com; 2 frame-ancestors *.trabajando.com *.trabajando.cl *.gpsrrhh.com wlogger.trabajando.com; 2 frame-ancestors 'none';upgrade-insecure-requests; 2 default-src 'self' *.capitaland.com *.capitastar.com *.adobedtm.com www.instagram.com api.instagram.com www.facebook.com twitter.com analytics.twitter.com www.linkedin.com px.ads.linkedin.com youtube.com www.youtube.com img.youtube.com *.trustarc.com *.mookie1.com www.googletagmanager.com googletagmanager.com www.googleadservices.com googleadservices.com www.adnxs.com adnxs.com ib.adnxs.com secure.adnxs.com *.nr-data.net www.newrelic.com newrelic.com de.blog.newrelic.com js-agent.newrelic.com www.addthis.com addthis.com m.addthis.com googleapis.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com *.moatads.com *.adobedtm.com *.stackla.com www.google.com maps.google.com play.google.com apis.google.com acounts.google.com analytics.google.com *.google.com.vn www.gstatic.com maps.gstatic.com fonts.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com api.map.baidu.com baidu.com www.youku.com youku.com player.youku.com api.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.tiqcdn.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.plavxml.com *.licdn.com doubleclick.net td.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com www.twimg.com twimg.com pbs.twimg.com cdn.syndication.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net *.force.com *.salesforce.com *.salesforceliveagent.com kuula.co *.outbrain.com unpkg.com ir.capitalandinvest.com *.stackadapt.com *.ttwstatic.com *.datawrkz.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cli-lfiaprogramme.vercel.app https://trk.ultraind.in capitaland.my.site.com *.spaceconnect.co cdn.linkedin.oribi.io addtoany.com *.addtoany.com *.hsforms.com *.hsforms.net js-na1.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.usemessages.com flow.botdistrikt.com static.botdistrikt.com gv.com.sg *.gv.com.sg snow-shaw-cdn.azureedge.net *.snow-shaw-cdn.azureedge.net widget.taggbox.com cloud.tagbox.com api.taggbox.com cdn.tagbox.com cdn.taggbox.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://www.clarity.ms https://c.bing.com data: 'unsafe-eval' 'unsafe-inline' blob:; frame-src 'self' *.capitaland.com *.capitastar.com *.adobedtm.com www.instagram.com api.instagram.com www.facebook.com twitter.com analytics.twitter.com www.linkedin.com px.ads.linkedin.com youtube.com www.youtube.com img.youtube.com *.trustarc.com *.mookie1.com www.googletagmanager.com googletagmanager.com www.googleadservices.com googleadservices.com www.adnxs.com adnxs.com ib.adnxs.com secure.adnxs.com *.nr-data.net www.newrelic.com newrelic.com de.blog.newrelic.com js-agent.newrelic.com www.addthis.com addthis.com m.addthis.com googleapis.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com *.moatads.com *.adobedtm.com *.stackla.com www.google.com maps.google.com play.google.com apis.google.com acounts.google.com analytics.google.com *.google.com.vn www.gstatic.com maps.gstatic.com fonts.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com api.map.baidu.com baidu.com www.youku.com youku.com player.youku.com api.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.tiqcdn.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.plavxml.com *.licdn.com doubleclick.net td.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com www.twimg.com twimg.com pbs.twimg.com cdn.syndication.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net *.force.com *.salesforce.com *.salesforceliveagent.com kuula.co *.outbrain.com unpkg.com ir.capitalandinvest.com *.stackadapt.com *.ttwstatic.com *.datawrkz.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cli-lfiaprogramme.vercel.app https://trk.ultraind.in capitaland.my.site.com *.spaceconnect.co cdn.linkedin.oribi.io addtoany.com *.addtoany.com *.hsforms.com *.hsforms.net js-na1.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.usemessages.com flow.botdistrikt.com static.botdistrikt.com gv.com.sg *.gv.com.sg snow-shaw-cdn.azureedge.net *.snow-shaw-cdn.azureedge.net widget.taggbox.com cloud.tagbox.com api.taggbox.com cdn.tagbox.com cdn.taggbox.com data: 'unsafe-eval' 'unsafe-inline' blob:; 2 default-src 'self'; script-src 'self' https://websdk.appsflyer.com https://main.storage-object.pscloud.io https://top-fwz1.mail.ru http://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://forte.overizon.io https://static.pay2u.ru https://apigw.forte.kz https://dev-apigw.fortebank.com 'unsafe-inline' https://c2d-livechat-v2.fortebank.com https://www.youtube.com https://analytics.tiktok.com https://vk.com https://forte.overizon.io https://static.pay2u.ru https://vpn-td-fo.technodom.kz https://apigw.forte.kz https://dev-apigw.fortebank.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' data: https:; media-src https://c2d-livechat-v2.fortebank.com; frame-ancestors 'self' https://forte-main-next.onedev.zone https://www.technodom.kz https://id.forte.kz https://f-business.forte.kz https://f-business.onedev.zone https://yandex-card-onboarding.forte.kz; frame-src 'self' https://www.technodom.kz https://apps.apple.com https://airbafresh1.prfl.me https://airbafresh.onelink.me https://prfl.me https://1fitapp.prfl.me https://1fit.onelink.me https://technodom1.prfl.me https://kz-kari.prfl.me https://ryadom1.prfl.me https://forte.overizon.io https://youtube.com https://cdn-europe2-forte-kz.marketjs-cloud2.com https://engamio.live https://dev-yandex-card-onboarding.fortebank.com https://d2pf7hnk4a8f75.cloudfront.net https://docs.google.com https://id.forte.kz https://qa-id.forte.kz https://youtu.be https://youtube.com http://10874069.fls.doubleclick.net https://f-business.forte.kz https://f-business.onedev.zone https://www.facebook.com https://formdesigner.ru https://www.youtube.com https://main.storage-object.pscloud.io https://static.pay2u.ru; connect-src * blob:; form-action 'self' https://www.facebook.com; base-uri 'self'; object-src 'self'; worker-src 'none'; upgrade-insecure-requests; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 2 default-src *.transactcampus.com *.doubleclick.net *.hubspot.com *.linkedin.com *.ads.linkedin.com *.googletagmanager.com 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js google.com *.google-analytics.com *.doubleclick.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com bat.bing.com snap.licdn.com www.clarity.ms *.clarity.ms cdn-cookieyes.com *.hotjar.com js.hsadspixel.net js.hs-banner.com analytics.tiktok.com js.hscollectedforms.net *.sharethis.com *.hsforms.net *.usemessages.com *.sc-static.net sc-static.net *.snapchat.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://www.ssa.gov tours.transactcampus.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com widgets.ziftsolutions.com static.ziftsolutions.com *.ziftsolutions.com analytics.ziftsolutions.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.googleadservices.com ka-p.fontawesome.com cdn2.hubspot.net https://www.ssa.gov tours.transactcampus.com *.ziftsolutions.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com devsitefinitystorage.blob.core.windows.net bat.bing.com www.google.com google.com px.ads.linkedin.com dev.transactcampus.com cdn-cookieyes.com *.clarity.ms *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.googleusercontent.com *.hotjar.com *.snapchat.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net dummyimage.com transactcampus.com https://www.ssa.gov/accessibility/andi/icons/reload.png https://www.ssa.gov *.transactcampus.com *.ads.linkedin.com px4.ads.linkedin.com cdn.jsdelivr.net *.ziftsolutions.com *.ziftone.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com ka-p.fontawesome.com *.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com; frame-src *.transactcampus.com 0ecf577fddb14f62ad2eaa098f4a5f08.svc.dynamics.com https://www.youtube.com https://player.vimeo.com https://devsitefinitystorage.blob.core.windows.net https://dev.transactcampus.com google.com *.hotjar.com *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.snapchat.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.monday.com *.doubleclick.net biteable.com *.googletagmanager.com hemsync.clickagy.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com stats.g.doubleclick.net log.cookieyes.com cdn-cookieyes.com google.com *.google.com *.clarity.ms *.cookieyes.com *.hubapi.com *.tiktok.com *.hubspot.com *.hsforms.com *.hsforms.net forms.hubspot.com *.hotjar.io *.hotjar.com *.sharethis.com *.hscollectedforms.net *.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.hscta.net *.hs-banner.com *.bitsighttech.com *.linkedin.com *.snapchat.com *.crwdcntrl.net aorta.clickagy.com hemsync.clickagy.com *.ziftsolutions.com *.zi-scripts.com *.zoominfo.com *.ziftmarcom.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://devsitefinitystorage.blob.core.windows.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com google.com www.clarity.ms *.google.com 'self' web-chat.nativechat.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.cloudflare.com *.facebook.net *.googletagmanager.com js.arcgis.com *.jsdelivr.net maps.googleapis.com *.newrelic.com *.recollect.net *.siteimprove.net siteimproveanalytics.com ui.customsearch.ai unpkg.com *.wisconsin.gov; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com js.arcgis.com *.jsdelivr.net recollect.a.ssl.fastly.net recollect-us.global.ssl.fastly.net unpkg.com *.windows.net; img-src 'self' data: *.arcgis.com *.google-analytics.com *.googletagmanager.com maps.googleapis.com maps.gstatic.com recollect.a.ssl.fastly.net recollect-images.global.ssl.fastly.net recollect-us.global.ssl.fastly.net *.recollect.net *.siteimproveanalytics.io *.windows.net; frame-src 'self' app.powerbigov.us bi.wisconsin.gov cityofmadison.maps.arcgis.com *.cityofmadison.com *.facebook.com google.com *.google.com *.publichealthmdc.com *.recollect.net storymaps.arcgis.com *.youtube.com *.siteimprove.com; frame-ancestors 'self' login.microsoftonline.com; child-src 'self' blob: app.powerbigov.us bi.wisconsin.gov cityofmadison.maps.arcgis.com *.cityofmadison.com *.facebook.com *.google.com *.publichealthmdc.com *.recollect.net storymaps.arcgis.com *.youtube.com; font-src 'self' fonts.gstatic.com recollect.a.ssl.fastly.net; connect-src 'self' *.arcgis.com *.arcgisonline.com *.google-analytics.com js.arcgis.com maps.cityofmadison.com maps.googleapis.com *.nr-data.net *.siteimprove.com *.siteimproveanalytics.com ui.customsearch.ai; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors *.mewatch.sg *.8world.com *.channelnewsasia.com *.mediacorp.sg *.melisten.sg *.teams.microsoft.com *.todayonline.com home.mediacorp.grp mediacorpteams.sharepoint.com teams.microsoft.com 2 frame-ancestors 'self' *.telekurier.at; 2 frame-ancestors 'self' http://*.vde.com; 2 frame-ancestors 'self' localhost:* https://*.doccle.be https://*.doccle.nl https://*.doccle-test.be 2 frame-ancestors 'self' *.westchestergov.com *.westchestercatalyst.com westchestercatalyst.com *.westchesterputnamonestop.com *.westchesterda.net westchesterda.net *.westchesterlegislators.com westchesterlegislators.com; 2 frame-ancestors 'none'; base-uri 'none'; form-action 'self'; block-all-mixed-content 2 frame-ancestors 'self' *.serviceminder.com ; 2 frame-ancestors 'self' https://assets.apilayer.com 2 frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.enboarder.com 2 frame-ancestors 'self' https://*.withsecure.com 2 frame-ancestors 'self' https://www.cartoonporno.xxx https://www.cartoonporno1cn.com https://www.cartoonporno.pro 2 style-src 'self' 'unsafe-inline' https://cmcmarketsinvest.com https://service.force.com *.salesforce.com https://static.lightning.force.com *.my.salesforce-sites.com *.salesforceliveagent.com https://trading.sharetrade.com.au https://fonts.googleapis.com https://*.google-analytics.com; font-src 'self' data: https://cmcmarketsinvest.com fonts.gstatic.com *.sfdcstatic.com cmcmarketsstockbroking.com.au https://*.qantas.com https://fonts.gstatic.com; object-src 'self'; frame-ancestors 'self' https://www.cmcmarketsstockbroking.com.au https://signup.invest.cmcmarkets.com.au https://trading.anzshareinvesting.com.au https://cmcmarketsinvest.com https://www.cmcmarketsinvest.com; report-uri https://report-uri.cmcmarkets.com.au/csp 2 base-uri 'self' https://*.adsrvr.org; child-src 'self' 'unsafe-eval' 'unsafe-inline' wss://ws.eu1.paradox.ai/; connect-src 'self' 'unsafe-eval' blob: data: *.redditstatic.com https://*.adnxs.com https://*.adsrvr.org https://*.aptrinsic.com https://*.basis.net https://*.bausch.com https://*.bing.com https://*.bing.net https://*.bl-ppd.com https://*.bluecava.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.businesswire.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consensu.org https://*.consentmanager.net https://*.consumerism.pressganey.com https://*.contextweb.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.investis.com https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mookie1.com https://*.paradox.ai https://*.pinimg.com https://*.pinterest.com https://*.powerapps.com https://*.pricespider.com https://*.prnewswire.com/ https://*.reddit.com https://*.redditstatic.com https://*.rubiconproject.com https://*.services.visualstudio.com https://*.serving-sys.com https://*.snapchat.com https://*.swaven.com https://*.tiktok.com https://*.tools.investis.com https://*.txttoi.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://google.com https://sc-static.net https://unpkg.com wss://ws.eu1.paradox.ai/ wss://wtbstream.pricespider.com/; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bausch.com https://*.investis.com https://*.paradox.ai https://*.tools.investis.com https://lumify-project-glimmer.netlify.app; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.adnxs.com https://*.bausch.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.cloudflare.com https://*.cloudfront.net https://*.consentmanager.net https://*.doctor.com/ https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gotolstoy.com https://*.gstatic.com https://*.jsdelivr.net/ https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.powerapps.com https://*.pricespider.com https://*.salesforceliveagent.com https://*.swaven.com https://*.tiktok.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com wss://ws.eu1.paradox.ai/; form-action 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsrvr.org https://*.bausch.com https://*.consentmanager.net https://*.doctor.com/ https://*.facebook.com https://copilotstudio.microsoft.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.redditstatic.com https://*.adnxs.com https://*.adsrvr.org https://*.basis.net https://*.bausch.com https://*.bl-ppd.com https://*.cloudfront.net https://*.consensu.org https://*.consentmanager.net https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.fingertipformulary.com https://*.fonts.net https://*.google.com https://*.google.ie https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.lumifyrewards.com https://*.mapbox.com https://*.marinsm.com https://*.mgr.consensu.org https://*.mookie1.com https://*.pinterest.com https://*.pricespider.com https://*.salesforceliveagent.com https://*.sightmatters.com https://*.sitescout.com https://*.snapchat.com https://*.swaven.com https://*.wistia.net https://*.youtube.com https://copilotstudio.microsoft.com https://irxcm.com https://lumify-project-glimmer.netlify.app https://www.juicer.io wss://ws.eu1.paradox.ai/; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.redditstatic.com https://*.adentifi.com https://*.adnxs.com https://*.adsrvr.org https://*.akamaihd.net https://*.app-us1.com https://*.basis.net https://*.bausch.com https://*.bauschsurgical.com https://*.bidswitch.net https://*.bing.com https://*.bing.net https://*.bl-ppd.com https://*.bluecava.com https://*.businesswire.com https://*.casalemedia.com https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.deepintent.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.fontawesome.com https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.google.ie https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.linkedin.com https://*.litix.io https://*.marinsm.com https://*.mathtag.com https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.placeholder.com https://*.powerapps.com https://*.pricespider.com https://*.prnewswire.com/ https://*.reddit.com https://*.rubiconproject.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.sharethis.com https://*.sitescout.com https://*.snapchat.com https://*.swaven.com https://*.tiktok.com https://*.turn.com https://*.twitter.com https://*.wistia.com https://*.wistia.net https://*.ytimg.com https://bauschvisioncare.secure.force.com https://c212.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://eyetube.net https://google.com https://sc-static.net https://t.co/ https://thrtle.com https://unpkg.com https://www.google.lu wss://ws.eu1.paradox.ai/; media-src 'self' 'unsafe-inline' blob: https://*.adsrvr.org https://*.bausch.com https://*.cloudfront.net https://*.consentmanager.net https://*.gotolstoy.com https://*.gstatic.com https://*.linkedin.com https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.wistia.com https://*.wistia.net wss://ws.eu1.paradox.ai/; object-src 'self' https://*.adsrvr.org https://*.bausch.com https://*.consentmanager.net https://*.litix.io https://*.marinsm.com https://*.mookie1.com https://*.powerapps.com https://*.wistia.net https://copilotstudio.microsoft.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com https://*.activehosted.com https://*.adnxs.com https://*.adsrvr.org https://*.aptrinsic.com https://*.bausch.com https://*.bing.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.collect.igodigital.com https://*.consentmanager.net https://*.contextweb.com https://*.doctor.com/ https://*.doubleclick.net https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.lassomarketing.io https://*.lhmos.com https://*.licdn.com https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.marketo.net https://*.mikmak.ai https://*.monitor.azure.com https://*.mookie1.com https://*.pinimg.com https://*.pinterest.com https://*.pmsrv.co https://*.powerapps.com https://*.pricespider.com https://*.prod.uidapi.com https://*.redditstatic.com https://*.salesforceliveagent.com https://*.sentry-cdn.com https://*.services.visualstudio.com https://*.serving-sys.com https://*.snapchat.com https://*.swaven.com https://*.tiktok.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://copilotstudio.microsoft.com https://irxcm.com https://lumify-project-glimmer.netlify.app https://sc-static.net https://static.ads-twitter.com https://tags.spider-mails.com https://unpkg.com wss://ws.eu1.paradox.ai/ ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.redditstatic.com https://*.adnxs.com https://*.aptrinsic.com https://*.bausch.com https://*.bl-ppd.com https://*.bootstrapcdn.com https://*.bunny.net/ https://*.cloudflare.com https://*.cloudfront.net https://*.consentmanager.net https://*.doctor.com/ https://*.eu1.paradox.ai https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.fonts.net https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gotolstoy.com https://*.gstatic.com https://*.jquery.com/ https://*.jsdelivr.net/ https://*.linkedin.com https://*.litix.io https://*.mapbox.com https://*.marinsm.com https://*.mookie1.com https://*.powerapps.com https://*.pricespider.com https://*.typekit.net https://*.wistia.com https://*.wistia.net https://cdn.fonts.net https://copilotstudio.microsoft.com https://unpkg.com wss://ws.eu1.paradox.ai/ ; worker-src 'self' blob: https://*.consentmanager.net https://*.powerapps.com; manifest-src https://*.adsrvr.org https://*.consentmanager.net; upgrade-insecure-requests;report-to stott-security-endpoint;report-uri https://www.lumifyeyes.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 default-src 'self' https://*.lifepointspanel.com https://*.clarity.ms; connect-src 'self' https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.ca https://www.google-analytics.com https://capig.lifepointspanel.com *.nr-data.net; font-src 'self' data: https://www.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://content.lifepointspanel.com; frame-src https://*.trustpilot.com https://consent.kantar.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10766450.fls.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; img-src 'self' data: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://adservice.google.com https://10766450.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.bing.com https://www.facebook.com https://s1.adform.net https://sb.scorecardresearch.com https://sb.voicefive.com https://secure.insightexpressai.com https://a.e-webtrack.net https://img.macromill.com https://www.insightexpressai.com https://www.rlcdn.com https://flextrack.msi-aci.com https://ads.e-webtrack.net https://*.nudatasecurity.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://redditstatic.com https://*.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tag.simpli.fi https://a.e-webtrack.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.lifepointspanel.com https://content.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://cdn.jsdelivr.net; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws https://wj-ccaas-dev.my.connect.aws https://webjet-ccaas-prod.my.connect.aws; report-to csp-report; report-uri https://services.webjet.com.au/api/logger/log/platform/policy-csp 2 frame-ancestors 'self' userecho.com *.userecho.com userecho.ru *.userecho.ru; report-uri /tools/csp/ 2 default-src 'none'; manifest-src https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net; connect-src 'self' https://data.stat.fi https://stat.matomo.cloud https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com https://data.reactandshare.com https://api.stat.fi/content/search; script-src 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.matomo.cloud https://cdn.reactandshare.com https://data.reactandshare.com https://stat.matomo.cloud https://public.flourish.studio; style-src 'self' 'unsafe-inline' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com; style-src-elem 'self' 'unsafe-inline' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com; img-src 'self' https://media.stat.fi https://media.graphcms.com https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://media.graphassets.com https://eu-central-1-statfi.graphassets.com https://cdn.reactandshare.com https://data.reactandshare.com https://i.ytimg.com data: blob:; font-src 'self' https://tkcdnd.azureedge.net https://tkcdnt.azureedge.net https://tkcdn.azureedge.net https://cdn.reactandshare.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com https://w.soundcloud.com https://flo.uri.sh https://kartta.paikkatietoikkuna.fi; upgrade-insecure-requests; 2 script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cloudfront.net *.cookielaw.org d10lpsik1i8c69.cloudfront.net secure.quantserve.com api.amnhealthcare.io bat.bing.com app.leadsrx.com *.americanmobile.com rules.quantcount.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com www.gstatic.com twin-iq.kickfire.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com ssl.luckyorange.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com tag.demandbase.com ct.pinterest.com *.formsite.com cdn.optimizely.com js.monitor.azure.com www.clarity.ms *.cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com app.optimizely.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 2 default-src 'self'; script-src 'nonce-M0Q2QTkwQjdDMjM5' 'strict-dynamic' https: 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.cookielaw.org *.cookiepro.com *.onetrust.com *.adobedtm.com *.googleapis.com; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; img-src 'self' https: data:; worker-src 'self'; media-src 'self' https://za5jzhla73.execute-api.us-east-1.amazonaws.com https://6zf7b56x55.execute-api.us-east-1.amazonaws.com https://c64djon8lb.execute-api.us-east-1.amazonaws.com https://netjets-dev-corp-site-us-east-1.s3.amazonaws.com https://netjets-qa-corp-site-us-east-1.s3.amazonaws.com https://netjets-prod-corp-site-us-east-1.s3.amazonaws.com; font-src https:; form-action 'self' https:; base-uri 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com assets.adobedtm.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com *.online-metrix.net blob: p11.techlab-cdn.com p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 2 frame-ancestors 'self' https://playground.mrf.io 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ro data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ro; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.ro data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; upgrade-insecure-requests; 2 default-src 'self' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.siigo.com https://*.bing.com https://snap.licdn.com https://cdn.onesignal.com https://www.clarity.ms https://www.gstatic.com https://googleads.g.doubleclick.net https://tags.srv.stackadapt.com https://www.facebook.com https://*.healthroundprince.com https://connect.facebook.net https://*.bing.com https://*.t.decidata.tv https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspot.com https://analytics.tiktok.com https://js.hs-analytics.net https://js.usemessages.com https://js.hsleadflows.net https://api.hubapi.com https://cta-service-cms2.hubspot.com https://track.hubspot.com https://perf-na1.hsforms.com https://services.siigo.com/strategy/api https://provisioningfunctionsapi.azurewebsites.net https://static.cloudflareinsights.com https://sapdcolsiigowebstatic.blob.core.windows.net https://js.hscta.net https://fonts.googleapis.com https://*.s.decidata.tv https://action.dstillery.com https://js.hs-scripts.com https://www.clarity.ms https://cdn.lr-intake.com https://*.visualwebsiteoptimizer.com https://www.googletagmanager.com https://www.google.com https://*.clarity.ms https://google.com http://jdgqm89u6pi63ovpo423i.t.decidata.tv https://cdn.jsdelivr.net https://www.googleadservices.com https://js.hsforms.net https://siigocontrols.azureedge.net https://ajax.cloudflare.com https://forms.hsforms.com https://2353964.hs-sites.com; img-src 'self' https://*.siigo.com blob: data: https://sapdcolsiigowebstatic.blob.core.windows.net https://*.bing.com https://www.google.com https://px.ads.linkedin.com https://www.google.com.co https://*.healthroundprince.com https://www.facebook.com https://www.googletagmanager.com https://sapdcolsiigowebstatic.blob.core.windows.net https://asset-latam-co-pd-acdqdgdseze4arh4.a03.azurefd.net https://no-cache.hubspot.com https://*.visualwebsiteoptimizer.com https://blogmx.siigolatam.com https://www.aspel.com.mx https://forms.hsforms.com https://*.youtube.com https://i.ytimg.com https://perf-na1.hsforms.com https://forms-na1.hsforms.com https://perf.hsforms.com https://track.hubspot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://cms.siigo.com https://2353964.fs1.hubspotusercontent-na1.net https://asset-latam-co-pd-acdqdgdseze4arh4.a03.azurefd.net https://asset-latam-co-dhhtahbmebceehcy.a03.azurefd.net https://saqacolsiigowebstatic.blob.core.windows.net https://2353964.hs-sites.com; connect-src 'self' data: https://*.siigo.com https://analytics.google.com https://px.ads.linkedin.com https://www.google.com https://*.healthroundprince.com https://tags.srv.stackadapt.com https://td.doubleclick.net https://stats.g.doubleclick.net https://api.bigdatacloud.net/data/reverse-geocode-client https://*.bing.com https://www.google.com.co https://r.lr-intake.com https://*.visualwebsiteoptimizer.com https://www.clarity.ms https://r.lr-intake.com https://open.spotify.com https://*.clarity.ms https://google.com https://blogmx.siigolatam.com https://forms.hscollectedforms.net https://forms.hubspot.com/ https://r.lr-intake.com https://js.hsforms.net https://js.hscollectedforms.net https://analytics.tiktok.com https://r.lr-ingest.com http://jdgqm89u6pi63ovpo423i.t.decidata.tv http://jdgqm89u6pi63ovpo423i.s.decidata.tv https://*.hubspot.com https://analytics-ipv6.tiktokw.us https://forms.hsforms.com https://api.bigdatacloud.net https://api.hubapi.com https://www.google-analytics.com https://api.ipify.org https://services.cloud.mongodb.com https://eastus2.azure.services.cloud.mongodb.com https://www.facebook.com https://www.googleadservices.com https://2353964.hs-sites.com; style-src 'self' 'unsafe-inline' https://siigocontrols.azureedge.net https://tags.srv.stackadapt.com https://siigocontrols.azureedge.net https://fonts.googleapis.com https://*.googleapis.com; font-src 'self' * data: https://fonts.googleapis.com https://2353964.hs-sites.com; frame-ancestors 'self' https://monolithqa.siigo.com; frame-src 'self' https://www.youtube.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://open.spotify.com https://www.facebook.com https://app.hubspot.com https://forms.hsforms.com https://asset-latam-co-pd-acdqdgdseze4arh4.a03.azurefd.net https://asset-latam-co-dhhtahbmebceehcy.a03.azurefd.net https://2353964.hs-sites.com; report-uri /mx/api/report/csp/; worker-src 'self' blob:; object-src 'none' data:; base-uri 'self' https://www.siigo.com https://cms.siigo.com https://cms.siigo.com https://siigonube.siigo.com https://blog.siigo.com/api/wp/v2 https://cms.siigo.com; form-action 'self' https://www.facebook.com https://forms.hsforms.com https://asset-latam-co-pd-acdqdgdseze4arh4.a03.azurefd.net https://asset-latam-co-dhhtahbmebceehcy.a03.azurefd.net https://2353964.hs-sites.com; style-src-elem 'self' 'unsafe-inline' https://siigocontrols.azureedge.net https://tags.srv.stackadapt.com https://siigocontrols.azureedge.net https://fonts.googleapis.com https://*.googleapis.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://statuspal.io https://www.googletagmanager.com https://consent.cookiebot.com https://connect.facebook.net https://bat.bing.com https://googleads.g.doubleclick.net https://widget.intercom.io https://static.hotjar.com https://js.intercomcdn.com https://vercel.live https://cdn.redoc.ly https://script.hotjar.com https://cdn.redocly.com https://www.clarity.ms; connect-src 'self' https://statuspal.io https://www.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://metrics.hotjar.io https://vercel.live wss://ws-us3.pusher.com https://pagead2.googlesyndication.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://vercel.live https://fonts.googleapis.com; img-src 'self' blob: data: https://zzj.fuu.mybluehost.me https://www.gravatar.com https://bat.bing.com https://www.google.com https://www.facebook.com https://vercel.com https://www.googletagmanager.com https://cdn.redoc.ly https://static.intercomassets.com https://js.intercomcdn.com https://statuspal.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://vercel.live; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com https://vercel.live; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; connect-src wss: https: 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://embed.tawk.to https://cdn.jsdelivr.net https://cdn.cookielaw.org/ https://open.spotify.com/ https://resources.digital-cloud-west.medallia.com https://tawk.to/chat/5e9845ff69e9320caac42d5b/default http://resources.digital-cloud-west.medallia.com https://cdn.equalweb.com/ https://access.equalweb.com/ https://privacyportal-br-cdn.onetrust.com https://plugin.handtalk.me/ https://translation-v3.handtalk.me/ https://md-scp.kampyle.com/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com *.youtube-nocookie.com *.ytimg.com page.hec.edu; font-src 'self' data:; report-uri /hec-report-csp-violation 2 frame-ancestors 'self' http://localhost:3000 2 frame-ancestors 'self'; object-src 'none'; base-uri 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://smartcaptcha.yandexcloud.net https://www.google.com https://www.gstatic.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net nonce-OyGAnHWb_T3KqdSo1s6Xhg; font-src 'self' https://www.ipeye.com.tr https://ipeye.ru https://www.ipeye.ru; frame-src 'self' ipeye.ru docs.google.com https://www.youtube.com https://www.youtube-nocookie.com/ mc.yandex.ru mc.yandex.com https://www.google.com https://smartcaptcha.yandexcloud.net; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yandex.ru mc.yandex.ru mc.yandex.com; 2 frame-ancestors 'self' https://*.build.com/ https://*.fergusonhome.com https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://bcom.my.salesforce-sites.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 2 default-src 'self'; script-src 'self' data: blob: * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src data: * ; style-src 'self' * 'unsafe-inline'; font-src data: *; connect-src *; frame-src *; media-src 'self' data: blob: * 'unsafe-inline' 'unsafe-hashes'; 2 default-src * blob: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2 frame-ancestors 'self' http://app.reskyt.com/ ; 2 default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org 2 default-src 'self' assets-next.mattersprotocol.io; script-src 'self' assets-next.mattersprotocol.io 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com challenges.cloudflare.com *.google-analytics.com *.analytics.google.com js.stripe.com *.cloudflareinsights.com pagead2.googlesyndication.com *.adtrafficquality.google *.doubleclick.net tpc.googlesyndication.com adservice.google.com; style-src 'self' 'unsafe-inline' assets-next.mattersprotocol.io fonts.googleapis.com; img-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; font-src 'self' fonts.gstatic.com; media-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; connect-src 'self' ws: wss: assets-next.mattersprotocol.io https://server.matters.town/graphql https://server.matters.news/graphql upload.imagedelivery.net *.google-analytics.com firebase.googleapis.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com api.stripe.com *.walletconnect.org *.walletconnect.com *.web3modal.org *.alchemyapi.io *.alchemy.com cloudflare-ipfs.com/ipfs/ ipfs.io/ipfs/ ipfs-gateway.matters.town/ipfs/ ipfs.w3s.link *.ingest.us.sentry.io *.adtrafficquality.google adservice.google.com *.doubleclick.net; frame-src 'self' button.like.co www.youtube.com player.vimeo.com player.bilibili.com www.bilibili.com www.instagram.com jsfiddle.net codepen.io challenges.cloudflare.com js.stripe.com hooks.stripe.com *.walletconnect.com *.walletconnect.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com *.adtrafficquality.google; prefetch-src 'self' assets-next.mattersprotocol.io; report-uri https://o1089931.ingest.us.sentry.io/api/6153512/security/?sentry_key=5af839b6d42044548d8ec70f00af8c10; report-to csp-endpoint 2 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.hk *.interactivebrokers.ch *.interactivebrokers.eu *.interactivebrokers.ie *.interactivebrokers.lu *.interactivebrokers.hu *.interactivebrokers.com.sg *.ibkr.com.sg *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.lynxbroker.com impact.interactivebrokers.com widgets.tipranks.com site.recognia.com *.portfolioanalyst.com portfolioanalyst.com www.portfolioanalyst.com www.interactivebrokers.com https://www.interactivebrokers.com/ ibkr.paxosclients.com worldtrader.hsbc.ae *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.greenwichcompliance.com; 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; style-src 'self' https: 'unsafe-inline' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; font-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; connect-src 'self' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; frame-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; frame-ancestors 'self' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; object-src data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; media-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184; worker-src 'self' data: blob: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com cihbank.ma p.adsymptotic.com sjs.bizographics.com t.co d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 212.55.0.184 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.heureka.sk https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://app.creaition.cz https://awin1.com https://cloud.mail.lidl.sk https://cloud.news.lidl.sk https://creaition.b-cdn.net https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://fonts.gstatic.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://p.biano.sk https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.sk https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.sk https://*.lidl-shop.cz https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.smartclip.net https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://app.creaition.cz https://awin1.com https://cloud.news.lidl.sk https://content.odj.cloud https://contextual.media.net https://creaition.b-cdn.net https://criteo-sync.teads.tv https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://i.liadm.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://lidl.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://match.sharethrough.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://www.dwin1.com https://www.edge-cdn.net https://www.glami.sk https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://app.creaition.cz https://awin1.com https://cloud.mail.lidl.sk https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://p.biano.sk https://partners.webmasterplan.com https://pixel.biano.sk https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://app.creaition.cz https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://webidprovera-p.yettel.rs https://idprovera-p.yettel.rs https://webidprovera-t.yettel.rs https://idprovera-t.yettel.rs 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://gofulllidl.ie https://*.adyen.com https://*.abettertomorrow-lidl.ie https://*.lidl.ie data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://gofulllidl.ie https://*.adyen.com https://*.abettertomorrow-lidl.ie https://*.lidl.ie; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.ie data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors https://*.famety.net 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://corp.sertifi.com https://campaigns.sertifi.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://s3-us-west-2.amazonaws.com https://b-code.liadm.com https://js.zi-scripts.com https://widget.surveymonkey.com https://ajax.googleapis.com https://anjt6a9l0k.execute-api.us-west-1.amazonaws.com https://app.jazz.co https://cdn.dreamdata.cloud https://cdn.jsdelivr.net https://connect.facebook.net https://diffuser-cdn.app-us1.com https://dyv6f9ner1ir9.cloudfront.net https://embed.typeform.com https://cdn-asset.optimonk.com https://front.optimonk.com https://googleads.g.doubleclick.net https://gs-cdn.optimonk.com https://js.intercomcdn.com https://kit.fontawesome.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com https://onsite.optimonk.com https://onsite2.optimonk.com https://player.vimeo.com https://prism.app-us1.com https://script.hotjar.com https://sertifi.activehosted.com https://snap.licdn.com https://static.cloudflareinsights.com https://static.hotjar.com https://trackcmp.net https://widget.intercom.io https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn-asset.optimonk.com https://cdn.jsdelivr.net https://embed.typeform.com https://fonts.bunny.net https://fonts.googleapis.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://pro.ip-api.com https://alocdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://stats.g.doubleclick.net https://analytics.google.com https://ws.zoominfo.com https://js.zi-scripts.com https://tracking.chilipiper.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://api-iam.intercom.io https://api.typeform.com https://cdn-limit.optimonk.com https://cdn-account.optimonk.com https://cdn-renderer.optimonk.com https://cdn-content.optimonk.com https://cdn.dreamdata.cloud https://content.hotjar.io https://vc.hotjar.io https://front.optimonk.com https://jfapiprod.optimonk.com https://metrics.hotjar.io https://pixel-config.reddit.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.redditstatic.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' data: https://cdn-custom.optimonk.com https://fonts.bunny.net https://fonts.gstatic.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com; frame-src 'self' https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://www.tfaforms.com https://www.typeform.com https://www.surveymonkey.com https://sertifi818.outgrow.us https://form.typeform.com https://player.vimeo.com https://td.doubleclick.net https://www.youtube.com; img-src 'self' data: https://testsertifiumbstorage.blob.core.windows.net https://prodsertifiumbstorage.blob.core.windows.net https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://prod.smassets.net https://www.facebook.com https://alb.reddit.com https://app.jazz.co https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.intercomcdn.com https://px.ads.linkedin.com https://static.intercomassets.com https://ucarecdn.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://corp.sertifi.com https://js.intercomcdn.com; worker-src 'none'; 2 frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com *.dynamics.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://platform.twitter.com/ https://twitter.com/ https://ir.oms.no/ https://kongsberg.easycruit.com https://tools.eurolandir.com https://asia.tools.euroland.com https://tools.euroland.com https://gamma.euroland.com https://jirango.com https://dashboard.find.episerver.net/; frame-ancestors 'self' 2 frame-ancestors https://sbgi.net; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.cashconverters.es https://www.pccomponentes.com https://production-eu01-cashconverters.demandware.net https://*.cashconverters.pt; 2 frame-ancestors 'self' *.ag2rlamondiale.fr *.ppalm.fr; report-uri /csp-rapport; 2 default-src 'self' 'unsafe-inline' https://documentcloud.adobe.com https://*.brand-portal.adobe.com https://viewlicense.adobe.io https://lionbridge.data.adobedc.net https://lionbridge-stage.adobemsbasic.com/ https://px.ads.linkedin.com/ https://*.clarity.ms https://region1.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://*.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info1.lionbridge.com/ https://ajax.googleapis.com/ https://ws-assets.zoominfo.com/ https://schedule.zoominfo.com https://*.brand-portal.adobe.com https://www.lionbridge.com blob: https://lionbridge-stage.adobemsbasic.com https://documentcloud.adobe.com https://s.go-mpulse.net https://www.clarity.ms https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://bat.bing.com/bat.js https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=gggwzf https://bat.bing.com/p/action/343159921.js https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; script-src-elem 'self' data: 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://js.zi-scripts.com/zi-tag.js https://googleads.g.doubleclick.net/* https://ws-assets.zoominfo.com/formcomplete.js https://*.brand-portal.adobe.com https://documentcloud.adobe.com https://s.go-mpulse.net https://www.clarity.ms https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://bat.bing.com/bat.js https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=gggwzf https://bat.bing.com/p/action/343159921.js https://wec-assets.terminus.services https://chat-snippet.terminusplatform.com https://*.webexperiences.com https://*.getsmartcontent.com; script-src-attr https://*.brand-portal.adobe.com https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://assets.adobedtm.com; style-src * 'self' https://*.brand-portal.adobe.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://*.brand-portal.adobe.com; style-src-attr 'self' 'unsafe-inline' https://*.brand-portal.adobe.com; img-src 'self' data: https://www.lionbridge.com https://play.vidyard.com https://five.fourtimessmelly.com https://cdn.cookielaw.org https://cdn.vidyard.com https://*.brand-portal.adobe.com https://b.6sc.co/ https://www.facebook.com https://trackingapi.trendemon.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google.com https://www.google.ie https://cm.everesttech.net https://pic.trendemon.com/ https://lionbridge.data.adobedc.net https://dpm.demdex.net/ https://a.mktgcdn.com https://t.co https://analytics.twitter.com https://dpm.demdex.net https://www.google-analytics.com https://*.clarity.ms https://*.bing.com https://*.linkedin.com https://www.googleadservices.com https://www.google.co.in https://lionbridgeallstage.112.2o7.net https://smetrics.lionbridge.com https://*.google.com.br https://*.google.com.ch https://*.terminus.services https://*.adsrvr.org https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; connect-src 'self' https://server.gametester.gg/ https://ws.zoominfo.com https://api.schedule.zoominfo.com https://c.go-mpulse.net https://five.fourtimessmelly.com/mon https://*.lionbridge.com https://cdn.cookielaw.org https://answersstatus.pagescdn.com https://liveapi-cached.yext.com https://ipv6.6sc.co https://geolocation.onetrust.com https://five.fourtimessmelly.com https://dpm.demdex.net https://js.zi-scripts.com https://epsilon.6sense.com https://*.brand-portal.adobe.com https://cdn.linkedin.oribi.io https://lionbridge.tt.omtrdc.net https://dayintegrationintern.tt.omtrdc.net https://viewlicense.adobe.io https://liveapi.yext.com https://answers.yext-pixel.com https://privacyportal-de.onetrust.com https://c.6sc.co https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://secure.adnxs.com https://px.ads.linkedin.com https://www.google.ie https://*.clarity.ms https://*.go-mpulse.net https://pagead2.googlesyndication.com https://www.google.com https://*.doubleclick.net https://analytics.google.com https://*.on24.com https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=66a3d5b3ccc0bf01b27a0116 https://*.google-analytics.com https://google.com https://google.ch https://*.terminus.services wss://*.amazonaws.com; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com https://td.doubleclick.net https://*.prod.mplat-ppcprotect.com https://*.mplat-ppcprotect.com https://mplat-ppcprotect.com https://*.googletagmanager.com/ https://*.webexperiences.com https://*.bound360.com https://*.getsmartcontent.com; frame-ancestors 'self' http://lionbridge.com:8000 https://*.brand-portal.adobe.com; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*/vnd.ms-fontobject https://*/octet-stream https://*/font-woff https://*/x-font-ttf https://*/svg+xml https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://livesystemssrl.germany-2.evergage.com/ 'self' data: https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.cloudflare.com my.adabra.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testeps.netswgroup.it eps.netswgroup.it *.facebook.com finanziamenti.agosweb.it secure.findomestic.it test-securepay.eupayglobe.com securepay.eupayglobe.com *.cetelem.es 'self' 'unsafe-inline'; frame-ancestors 'self' *.force.com 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.braintreegateway.com *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net/ https://ct.pinterest.com *.youtube-nocookie.com https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.hotjar.com *.adabra.com *.intervieweb.it finanziamenti.agosweb.it *.force.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.online-metrix.net https://*.mondoconv.it https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net https://*.valueservice.cloud https://n.clarity.ms *.clarity.ms https://image.mondoconvenienza.eu *.mondoconvenienza.eu https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com media.mondoconv.it media.mondoconv.es *.mondoconv.es *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com *.signifyd.com *.e.aa.online-metrix.net *.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.googletagmanager.com *.adabra.com track.adabra.com *.flix360.com *.pinterest.com *.swogo.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://*.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://*.vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://*.cloudflareinsights.com *.googletagmanager.com *.facebook.net *.hotjar.com https://*.clearsale.com.br https://*.online-metrix.net https://api.psma.com.au https://*.ewaypayments.com https://*.clearpay.co.uk https://*.afterpay.com https://*.adobedtm.com https://*.adobe.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net js-agent.newrelic.com *.eu01.nr-data.net https://*.cardinalcommerce.com https://*.ccdc02.com https://*.paypal.com https://*.paypalobjects.com https://*.ytimg.com *.googleapis.com https://*.vimeocdn.com *.gstatic.com https://*.typekit.net https://*.omtrdc.net https://*.magento-ds.com *.chimpstatic.com https://*.mailchimp.com https://*.list-manage.com https://*.braintreegateway.com https://*.googleoptimize.com https://*.polyfill.io *.iubenda.com mondoconv.it mondoconv.es https://*.evgnet.com https://*.site.com https://*.noibu.com https://*.googlesyndication.com https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://dynamic.criteo.com https://ct.pinterest.com https://is-cdn.dynatrace.com *.dynatrace.com *.clarity.ms widget.pinterest.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com *.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com chimpstatic.com *.cloudflare.com *.doofinder.com *.signifyd.com *.livechatinc.com *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.jsdelivr.net *.moatads.com *.addthisedge.com *.genteroma.com smct.co *.smct.co smct.io *.smct.io *.adabra.com widget-mediator.zopim.com *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.swogo.net *.intervieweb.it pushpad.xyz *.mondoconv.it *.mondoconv.es *.force.com *.pinimg.com https://www.clarity.ms https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.site.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.adabra.com *.force.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.cloudflareinsights.com https://cloudflareinsights.com https://api.psma.com.au https://*.salesforce-scrt.com https://*.mondoconv.it https://*.googlesyndication.com https://*.cookielaw.org https://*.onetrust.com https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://cdn.noibu.com https://bat.bing.net https://n.clarity.ms *.clarity.ms *.dynatrace.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com https://media.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.google-analytics.com *.livechatinc.com *.addthis.com dpm.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com widget-mediator.zopim.com wss://widget-mediator.zopim.com bat.bing.com *.hotjar.com *.adabra.com pushpad.xyz *.igodigital.com http://510001710.collect.igodigital.com *.eu01.nr-data.net *.pinterest.com *.swogo.net ws: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com flightbookings.airnewzealand.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au static.hotjar.com script.hotjar.com yourir.info t.a3cloud.net ib.adnxs.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js cdn-au.onetrust.com; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data: *.cdn.office.net; media-src 'self' p-airnz.com video.cdnvue.com data:; frame-src 'self' *.google.com auth.identity.airnewzealand.com identity.airnewzealand.com au-connect.authsignal.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com airnz-cargo.chooose.today airnz-corporate.chooose.today; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2 frame-ancestors 'self'; report-uri https://o28929.ingest.us.sentry.io/api/676675/security/?sentry_key=ece733f80e4d4958a8c9cfc1f5a6a5db 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://my.thevivestia.com https://*.lidl-hellas.gr data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://my.thevivestia.com https://*.lidl-hellas.gr; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl-hellas.gr data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.doubleclick.net api.mapbox.com consentcdn.cookiebot.com consent.cookiebot.com 'self'; object-src 'none'; worker-src blob: ; child-src www.google.com consentcdn.cookiebot.com assist.zoho.eu blob: 'self' ; img-src imgsct.cookiebot.com data: blob: 'self' www.google.ch www.google.com www.google-analytics.com; connect-src 'self' *.tiles.mapbox.com consentcdn.cookiebot.com api.mapbox.com events.mapbox.com www.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; frame-ancestors 'self' 2 report-uri /opnsense-report-csp-violation 2 default-src https://*.hubapi.com https://*.hubspot.com https://*.rollbar.com https://*.bulkreefsupply.com https://*.nr-data.net https://*.bing.com https://*.pinterest.com https://*.zdassets.com https://*.hsforms.com https://*.braintree-api.com https://*.affirm.com https://*.kaptcha.com https://*.google-analytics.com https://*.gstatic.com wss://*.zopim.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.facebook.com https://*.google.com https://*.bootstrapcdn.com https://*.paypalobjects.com https://*.googletagmanager.com https://s.pinimg.com https://*.hsforms.net https://*.facebook.net https://*.newrelic.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsleadflows.net https://*.algolia.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://cdn.jsdelivr.net/ https://*.convertize.io https://*.youtube.com https://*.amazonaws.com https://*.sjv.io https://*.loggly.com https://*.ojrq.net https://google.com/ https://*.attentivemobile.com/ https://*.attn.tv/ https://*.googleadservices.com https://*.impactcdn.com/ https://media2.cdn.apetlife.com/ https://bulkreefsupply.zendesk.com/ https://ecotechmarine.zendesk.com/ https://widget-mediator.zopim.com/ https://*.zdusercontent.com/ https://brsredir.com/ https://ipv4.jsonip.com/ https://secure.nmi.com/token/ https://collectcheckout.com/ https://applepay.cdn-apple.com/ 'unsafe-eval' data: 'unsafe-inline'; report-uri https://brsredir.com/url/csp 2 default-src 'self' *.1mp.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.amazonaws.com *.walkmeusercontent.com *.vimeo.com *.google.com *.googleapis.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com *.onemedicalpassport.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com www.gstatic.com www.google-analytics.com translate.google.com *.googleapis.com *.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com *.onemedicalpassport.com; style-src 'self' 'unsafe-inline' *.googleapis.com www.gstatic.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com cdn.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com *.onemedicalpassport.com; font-src 'self' data:; worker-src 'self' blob:; frame-src 'self' *.1mp.com www.screencast.com www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.walkmeusercontent.com *.vimeo.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com *.onemedicalpassport.com 2 default-src 'self'; frame-src 'self' www.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; connect-src *.google-analytics.com 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.redoc.ly data:; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline'; worker-src 'self' blob: 2 frame-ancestors https://cruiser.cloud.capitalone.com 2 frame-ancestors 'self' *.thetoyshop.com *.elc.co.uk 2 script-src * 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' https: data: blob:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; frame-ancestors 'self' https:; base-uri 'self'; form-action 'self' https:; 2 frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 https://*.bodi.com https://*.vercel.app 2 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://www.googletagservices.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://cdn.jsdelivr.net/npm/feather-icons/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/ https://js.monitor.azure.com/ https://cdn.cookielaw.org/ https://www.dwin1.com/ https://assets.soreto.com/ https://lantern.roeyecdn.com/ https://googleads.g.doubleclick.net/ https://cm.g.doubleclick.net/ https://ad.doubleclick.net/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://s.pinimg.com/ https://ct.pinterest.com/ https://siteimproveanalytics.com/ https://connect.facebook.net/ https://acdn.adnxs.com/ https://script.infinity-tracking.com/ https://ict.infinity-tracking.net/ https://d1igp3oop3iho5.cloudfront.net/ https://api.smooch.io/ https://static.zdassets.com/ https://chat-loader.smartagent.app https://www.uqd.io/ promotionx.io https://www.clarity.ms https://bat.bing.com/ https://www.jscache.com/ https://www.tripadvisor.com/ https://65dafbfo.micpn-eu.com/ https://*.abtasty.com https://static.tacdn.com/ https://www.tripadvisor.co.uk/ https://www.upsellit.com/ https://track.uniqodo.com/ https://*.crazyegg.com/ https://*.myma.ai/ https://*.bookmebob.com/ https://*.bookmebob.co.nz https://*.adalyser.com https://cdn.jsdelivr.net/npm/markdown-it@14.1.0/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/ https://chat-loader.smartagent.app https://*.abtasty.com/ https://static.tacdn.com/ https://*.crazyegg.com/ fonts.googleapis.com https://*.myma.ai/ https://*.bookmebob.com/ https://*.bookmebob.co.nz; img-src 'self' data: https://www.warnerhotels.co.uk/ https://www.warnerleisurehotels.co.uk/ https://www.googletagmanager.com/ https://adservice.google.com/ https://www.google.com/ https://www.google.co.uk/ https://lantern.roeye.com/ https://secure.adnxs.com/ https://ib.adnxs.com/ https://ad.doubleclick.net/ https://cdn.cookielaw.org/ https://ct.pinterest.com/ https://www.facebook.com/ https://pixel.quantserve.com/ https://*.odp.optimizely.com/ https://warnersupport.zendesk.com/ https://static.zdassets.com/ https://cdn-12059162352.s3.eu-west-2.amazonaws.com promotionx.io https://*.abtasty.com https://*.clarity.ms/ https://*.editor-assets.abtasty.com https://www.tripadvisor.co.uk/ https://www.tripadvisor.com https://*.micpn-eu.com https://bat.bing.com https://*.crazyegg.com/ https://assets.bookmebob.com https://*.adalyser.com; connect-src 'self' https://www.google.com https://www.google-analytics.com https://region1.analytics.google.com https://*.doubleclick.net https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com wss://api.smooch.io https://dc.services.visualstudio.com https://routes.soreto.com https://pixel.quantcount.com https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://ct.pinterest.com https://metacb.digitaldevs.co.uk https://connect.facebook.net https://www.facebook.com https://ekr.zdassets.com https://warnersupport.zendesk.com https://zendesk-eu.my.sentry.io https://services.smartagent.app uniqodo.com https://vimeo.com *.abtasty.com https://geolocation.onetrust.com https://*.clarity.ms https://*.crazyegg.com https://*.myma.ai https://*.bookmebob.com https://*.bookmebob.co.nz; font-src 'self' https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/ https://fonts.gstatic.com/s/poppins/ *.abtasty.com https://static.tacdn.com/ fonts.gstatic.com; object-src 'none'; ; media-src 'self' https://cdn-12059162352.s3.eu-west-2.amazonaws.com https://prod-cdn-12059162352.s3.eu-west-2.amazonaws.com; frame-src 'self' https://*.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ https://servedby.flashtalking.com/ https://ct.pinterest.com/ https://chat.smartagent.app/ https://player.vimeo.com/ https://qa-assistant.abtasty.com/ https://*.crazyegg.com/ https://*.uniqodo.com https://*.uqd.io https://*.promotionx.io https://*.myma.ai/ https://*.bookmebob.com/ https://*.bookmebob.co.nz; manifest-src 'self' ; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com *.linkedin.com *.cloudfront.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com vimeo.com *.vimeocdn.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com *.userback.io tag.demandbase.com js.hsadspixel.net js.hubspot.com www.clarity.ms cdn.jsdelivr.net *.hsforms.net static.hsappstatic.net app.hubspot.com;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net *.userback.io cdn.jsdelivr.net;img-src 'self' data: blob: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io *.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com id.rlcdn.com *.company-target.com c.clarity.ms *.hsforms.com *.hsforms.net placekitten.com;frame-src www.googletagmanager.com *.flipsnack.com *.crazyegg.com *.aciworldwide.com player.vimeo.com *.libsyn.com *.cloudfront.net *.company-target.com *.doubleclick.net app.hubspot.com *.hsforms.com *.hsforms.net blob:;worker-src 'self' blob:;object-src 'none'; 2 frame-ancestors https://app.storyblok.com/ https://web.ruttl.com/ https://www.wingsforlifeworldrun.com 2 frame-ancestors https://*.jow.fr https://*.jow.com https://*.jow.tech 2 img-src 'self' data: https: ; object-src 'none'; 2 object-src 'none'; script-src 'self' 'unsafe-inline' addtocalendar.com https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com https://universe-static.elfsightcdn.com https://app.tintup.com addtocalendar.com https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://idrc-crdi.ca/en/report-uri/enforce 2 frame-ancestors 'self' manyavar--dev.sandbox.lightning.force.com manyavar--uat.sandbox.lightning.force.com manyavar.lightning.force.com 2 frame-ancestors 'self' https://umbraco-prod-tivoli.noaignite.tech; 2 object-src 'none'; frame-ancestors 'self' script-src 'self' 'nonce-6c2fcd1cd7939c2c844c965cae94af511398bc54fd629b3982c0dd86983e934e' *.hdbfs.com *.hdbfs.com/branch/ *.google-analytics.com *.google.com *.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.googletagmanager.com *.hdbfs.com hdbfs.com *.fontawesome.com *.gstatic.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' data: *.hdbfs.com *.google.co.in *.google.com *.googletagmanager.com *.maggiesadler.com *.google-analytics.com *.gstatic.com *.googleapis.com *.hdbfs.com *.fontawesome.com css.page-source.com; 2 object-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.bg data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.bg; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.bg data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://www.ujizz.xxx https://www.ujizzxxxcn.com https://www.ujizz4cn.com 2 default-src 'self' *; img-src * 'self' data: https: blob:; worker-src 'self' blob:; child-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.com *.youtube.com *.vimeo.com *.gstatic.com *.googletagmanager.com *.onetrust.com *.cookiebot.com *.cookielaw.org *.clarity.ms *.visitorqueue.com *.detailsdata7.com *.euroland.com; *.eurolandir.com; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; frame-src *; 2 frame-ancestors 'self' https://www.xxxvideor.com https://www.xxxvideor2cn.com https://www.xxxvideorindia.pro 2 default-src 'self' *.toutemonannee.com s1.toutemonannee.com *.s3.toutemonannee.com balthazar.diedm.fr *.payplug.com secure-magenta.dalenys.com *.wlp-acs.com;worker-src 'self' blob:;media-src 'self' s1.toutemonannee.com *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;img-src 'self' data: blob: *.toutemonannee.com s1.toutemonannee.com *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;frame-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org *.payplug.com secure-magenta.dalenys.com *.wlp-acs.com;child-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org *.payplug.com secure-magenta.dalenys.com *.wlp-acs.com;base-uri 'none';object-src 'none';style-src 'self' 'unsafe-inline' s1.toutemonannee.com balthazar.diedm.fr *.payplug.com secure-magenta.dalenys.com *.wlp-acs.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' s1.toutemonannee.com balthazar.diedm.fr *.payplug.com secure-magenta.dalenys.com *.wlp-acs.com;font-src 'self' data: fonts.googleapis.com s1.toutemonannee.com 2 default-src 'self' *.oda.com;img-src 'self' *.oda.com blob: data: bilder.kolonial.no cdn.sanity.io *.vimeocdn.com translate.googleapis.com api.mapbox.com ct.pinterest.com log.pinterest.com www.facebook.com connect.facebook.net *.google-analytics.com www.google.no *.google.com *.g.doubleclick.net 11208031.fls.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com ade.googlesyndication.com *.ads.linkedin.com www.linked.com www.google.de www.google.fi www.google.no www.google.se *.googletagmanager.com oda.com storage.googleapis.com *.snapchat.com bat.bing.com analytics.pangle-ads.com log.adtraction.fail checkoutshopper-live.cdn.adyen.com;style-src 'unsafe-inline' 'self' *.oda.com translate.googleapis.com;script-src 'self' 'unsafe-eval' *.oda.com 'sha256-QLN4/tVmbx4rIRUIwpoTvMI9PyCLdP+V6RSDfQMVEfM=' 'sha256-6xYRXGTve/VTSs6Rki/dNOaYbQbQscqyCpbKFoaO/QA=' 'sha256-N4/5hGfx8xkPtfVswEIqYnX0T8THpCSI4Z57gINwoUw=' 'sha256-pp9UFJ03BIMVR5GHQfjyQtsqEXj1PXOGAHmMKwG3Ld0=' js.sentry-cdn.com browser.sentry-cdn.com messenger.dixa.io connect.facebook.net s.pinimg.com ct.pinterest.com www.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com *.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com snap.licdn.com sc-static.net *.snapchat.com bat.bing.com analytics.tiktok.com gtm.adt313.net tagmanager.google.com polyfill-fastly.io;connect-src 'self' *.oda.com *.sentry.io 1teetjp9.apicdn.sanity.io 1teetjp9.api.sanity.io cdn.sanity.io translate.googleapis.com messenger.dixa.io messenger-edge.dixa.io www.facebook.com ct.pinterest.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.de www.google.fi www.google.no pagead2.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net cdn.linkedin.oribi.io px.ads.linkedin.com *.snapchat.com bat.bing.com analytics.tiktok.com analytics.pangle-ads.com bat.bing.com log.adtraction.fail gtm-sst-se.mathem.se api.mapbox.com events.mapbox.com *.tiles.mapbox.com vimeo.com checkoutshopper-live.adyen.com checkoutshopper-live.cdn.adyen.com;frame-src 'self' acs.3dsecure.no player.vimeo.com www.youtube.com messenger.dixa.io ct.pinterest.com www.facebook.com *.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net tpc.googlesyndication.com *.snapchat.com https://www.googletagmanager.com checkoutshopper-live.adyen.com;frame-ancestors 'self';font-src 'self' *.oda.com;base-uri 'none';object-src 'none';child-src 'self' *.oda.com blob:; 2 frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 2 default-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; img-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/ data: https://api.mapbox.com https://dgalywyr863hv.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com; connect-src 'self' https://dayone.me https://pbcms.dayone.me https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current https://publish.dayone.app/support/SupportFormConfig.json https://api.mapbox.com https://dgalywyr863hv.cloudfront.net https://api.openai.com; frame-src https://accounts.google.com/gsi/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data: blob:; frame-ancestors 'self' 2 default-src 'self' http://multimediaext.sergas.gal http://multimediaext.sergas.es https://multimediaext.sergas.gal https://multimediaext.sergas.es *.sergas.gal *.sergas.es *.gstatic.com *.googleapis.com *.googletagmanager.com *.readspeaker.com *.google.com *.google-analytics.com https://datawrapper.dwcdn.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com; font-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com 2 frame-ancestors 'self' https://marchedufilm.online 2 frame-ancestors 'self' https://meet.morphcast.com https://demo.morphcast.com https://zoom.morphcast.com https://app.morphcast.com 2 base-uri 'self'; connect-src 'self' data: https://insight.adsrvr.org/ https://www.googleadservices.com/ https://ohpo.maps.arcgis.com/ https://js.arcgis.com/ https://www.google.com https://google.com https://fresnel.vimeocdn.com https://www.google-analytics.com https://maps.googleapis.com https://us01.records.in.treasuredata.com; default-src 'self'; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' data: https://2026naamccartofsoul.artcall.org/ https://www.googletagmanager.com/ https://ohpo.maps.arcgis.com/ https://maps.google.com https://www.google.com https://td.doubleclick.net https://e.issuu.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://graph.facebook.com https://*.fbcdn.net https://i.vimeocdn.com https://maps.google.com https://maps.gstatic.com https://dpm.demdex.net https://secure.adnxs.com https://match.adsrvr.org https://maps.googleapis.com https://www.googletagmanager.com https://winstar-110-adswizz.attribution.adswizz.com/fire https://di.rlcdn.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://pixel.tapad.com https://www.facebook.com https://www.google.com https://secure.gravatar.com https://s3.amazonaws.com/gravityforms https://cdn.socialgoodsoftware.com; manifest-src 'self'; media-src 'self' https://www.youtube.com https://youtu.be; object-src 'none'; report-uri https://667c396fd528e3ceb6b0e079.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.arcgis.com/ https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://www.youtube.com https://maps.google.com https://s7.addthis.com https://www.googletagmanager.com https://maps.googleapis.com https://tags-cdn.clarivoy.com https://connect.facebook.net https://js.adsrvr.org https://googleads.g.doubleclick.net https://in.treasuredata.com https://www.googleadservices.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://cdn.datatables.net/v/bs4/dt-1.10.18/r-2.2.2/datatables.min.js https://cdn.socialgoodsoftware.com https://www.gstatic.com https://www.google.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://js.arcgis.com/ https://cdn.datatables.net/ https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdn.socialgoodsoftware.com; worker-src blob:; 2 default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.inviewuclab.com static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com blob: ; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com api.mapbox.com *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' api.mapbox.com fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com data: blob: 127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' https://fonts.gstatic.com data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' https://google.com *.google.com https://maps.googleapis.com https://maps.gstatic.com ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com *.inviewuclab.com ; worker-src 'self' blob: ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self'; report-uri https://csp-reports.apis.cuf.pt/_csp 2 frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io https://portal.decibel.com 2 frame-ancestors 'self'; default-src https: data: blob: wss:; object-src 'none'; upgrade-insecure-requests; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; worker-src 'self' blob:; 2 default-src 'self' data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.milliman.com https://www.googletagmanager.com https://www.google-analytics.com https://www.buzzsprout.com https://bat.bing.com https://js.driftt.com https://js.adsrvr.org https://solutions.invocacdn.com https://milliman.aiproxies.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://analytics.cdn.aimediagroup.com https://pnapi.invoca.net https://googleads.g.doubleclick.net https://analytics.aimediagroup.com https://maps.googleapis.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://public.tableau.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://static.hotjar.com https://script.hotjar.com https://*.6sc.co https://static.cloud.coveo.com https://siteimproveanalytics.com https://www.clarity.ms https://players.brightcove.net https://vjs.zencdn.net https://tagassistant.google.com; img-src 'self' data: https://*.milliman.com https://assets.buzzsprout.com https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://cf-images.us-east-1.prod.boltdns.net https://analytics.aimediagroup.com https://milliman.aiproxies.com https://www.google.com https://www.google.ca https://match.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com *.googleapis.com *.ggpht https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://public.tableau.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.6sc.co https://*.siteimproveanalytics.io https://metrics.brightcove.com https://edge.sitecorecloud.io https://fonts.gstatic.com https://px4.ads.linkedin.com https://dashboard.aidps.xyz; style-src 'self' 'unsafe-inline' https://*.milliman.com https://fonts.googleapis.com https://cloud.typenetwork.com https://assets.buzzsprout.com https://platform.twitter.com https://ton.twimg.com https://edge-platform.sitecorecloud.io https://www.googletagmanager.com; font-src 'self' 'unsafe-inline' data: https://*.milliman.com https://fonts.gstatic.com https://cloud.typenetwork.com https://ton.twimg.com https://fastly-cloud.typenetwork.com; frame-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://www.arcgis.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://insight.adsrvr.org https://app.powerbi.com https://js.driftt.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://td.doubleclick.net/ https://twitter.com https://platform.twitter.com https://html5-player.libsyn.com https://bid.g.doubleclick.net https://www.youtube.com https://public.tableau.com https://vars.hotjar.com https://syndication.twitter.com https://milliman.aiproxies.com https://*.vimeo.com https://app.netlify.com/ https://www.googletagmanager.com; child-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://www.twitter.com html5-player.libsyn.com https://bid.g.doubleclick.net blob:; connect-src 'self' https://millimanproductionmo4t0l69.org.coveo.com https://*.milliman.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://assets5.lottiefiles.com https://*.analytics.org.coveo.com https://*.clarity.ms https://lottie.host https://assets9.lottiefiles.com https://millimannonproduction1gm81sp5s.org.coveo.com https://millimannonproduction1gm81sp5s.analytics.org.coveo.com https://millimanproductionmo4t0l69.org.coveo.com https://millimanproductionmo4t0l69.analytics.org.coveo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://pnapi.invoca.net https://bam.nr-data.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://usageanalytics.coveo.com https://platform.cloud.coveo.com https://www.milliman.com https://us.milliman.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://milliman.aiproxies.com https://*.6sc.co https://geolocation.onetrust.com https://secure.adnxs.com https://edge-platform.sitecorecloud.io https://edge.api.brightcove.com https://*.boltdns.net https://*.akamaihd.net https://edge.sitecorecloud.io https://www.google.com https://*.brightcovecdn.com; media-src 'self' https://*.milliman.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net blob:; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' https://*.medbridge.io https://*.medbridge.com https://*.medbridgeeducation.com https://*.xealth.io; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.pt data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.pt; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.pt data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' *.strumentimusicali.net; 2 object-src 'none'; base-uri 'none';frame-ancestors 'self' *.myscheme.gov.in *.myscheme.in https://dashboard.dl6.in; 2 frame-ancestors 'self' https://sacsbi.z13.web.core.windows.net 2 frame-ancestors 'self' https://dbrand.sanity.studio 2 img-src 'self' *.foodwatch.org googleads.g.doubleclick.net www.google.com www.google.de *.fundraisingbox.com *.ytimg.com *.facebook.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.foodwatch.org *.foodwatch.nl www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com *.podigee-cdn.net *.facebook.net *.instagram.com foodwatch.spendenwidget.com blob:; frame-src 'self' *.foodwatch.org *.foodwatch.nl *.google.com *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com *.podigee-cdn.net *.instagram.com; connect-src 'self' *.foodwatch.org *.foodwatch.nl *.fundraisingbox.com *.eventjet.at *.klantsite.net *.doubleclick.net *.procurios.site *.podigee-cdn.net *.google.com *.google.de www.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com *.facebook.net foodwatch.spendenwidget.com data: blob:; font-src 'self' *.podigee-cdn.net; style-src 'self' 'unsafe-inline' *.podigee-cdn.net foodwatch.spendenwidget.com; worker-src blob:; form-action 'self'; object-src 'none'; frame-ancestors 'self' localhost *.foodwatch.org reseauactionclimat.org www.federationdesdiabetiques.org www.france-assos-sante.org www.la-csf.org cnao.fr www.unaf.fr pourdessupermarchesdurables.org; 2 frame-ancestors 'self' www.baby.ru postila.ru www.neboleem.net www.beautyinsider.ru yandex.com.tr yandex.com yandex.net yandex.uz yandex.fr yandex.kz yandex.ru yandex.by yandex.ua *.yandex.com.tr *.yandex.com *.yandex.net *.yandex.uz *.yandex.fr *.yandex.kz *.yandex.ru *.yandex.by *.yandex.ua *.turbopages.org 2 script-src *.website-solution.net *.googletagmanager.com *.facebook.net *.google.com *.gstatic.com www.recaptcha.net *.doubleclick.net 'unsafe-inline' 2 frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th smart.amway.co.th admin.smart.amway.co.th bodykeychallenge.amway.co.th amway-th.ada.support bodykeymentor.amway.co.th creatorschallenge.amway.co.th challenge.amway.co.th privilege.amway.co.th 2 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.ringcentral.com wss://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://*.ringcentral.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com www.googleadservices.com *.cookiebot.com *.cookiebox.ro *.linkedin.com *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.cookiebot.com *.linkedin.com *.googlesyndication.com *.googletagmanager.com *.google.com www.googleadservices.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 2 default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline'; img-src * data: blob:; font-src * data: blob:; frame-src *; 2 object-src 'none'; base-uri 'none'; default-src https://isnic.is https://www.isnic.is/; style-src https://isnic.is https://www.isnic.is/; font-src https://isnic.is https://www.isnic.is/; script-src https://isnic.is https://www.isnic.is/; img-src https://isnic.is https://www.isnic.is/ https://www.rix.is; connect-src https://isnic.is https://www.isnic.is/; frame-ancestors 'none'; report-uri /default/csp; 2 default-src 'self' https://downloads.ctfassets.net/ *.gstatic.com *.proteccion.com assets.ctfassets.net d10o2ofpymhfmh.cloudfront.net *.wufoo.com contenidos-proteccion.s3.amazonaws.com *.proteccion.com.co cdnjs.cloudflare.com *.api.ipify.org videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com/uwt.js parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud script.crazyegg.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net *.clarity.ms/ *.googleoptimize.com partner.googleadservices.com *.ipdialbox.com *.wolkvox.com kit.fontawesome.com widget.spreaker.com connect.facebook.net *.youtube.com *.proteccion.com *.gstatic.com www.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com cdnjs.cloudflare.com pratech-chatbot-cdn-proteccion.mybluemix.net static.ads-twitter.com cdn.perfdrive.com client.rum.us-east-1.amazonaws.com; img-src * 'self' data: *.proteccion.com; style-src 'self' 'unsafe-inline' parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud *.proteccion.com cdnjs.cloudflare.com d10o2ofpymhfmh.cloudfront.net *.google.com *.googleapis.com cdn.botframework.com pratech-chatbot-cdn-proteccion.mybluemix.net use.fontawesome.com; object-src 'self' *.proteccion.com; font-src 'self' *.proteccion.com fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com use.fontawesome.com fonts.googleapis.com data:; child-src *.spotify.com forms.office.com *.google.com *.ipdialbox.com *.wolkvox.com widget.spreaker.com *.core.windows.net *.youtube.com *.wufoo.com *.proteccion.com blob:; connect-src 'self' kit.fontawesome.com parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud https://noembed.com/ https://js.hs-banner.com https://forms.hscollectedforms.net *.clarity.ms wss://directline.botframework.com https://directline.botframework.com ka-p.fontawesome.com pratech-chatbot-cdn-proteccion.mybluemix.net cdn.contentful.com images.ctfassets.net stats.g.doubleclick.net *.googleapis.com *.proteccion.com.co *.proteccion.com *.google-analytics.com api.ipify.org analytics.google.com; frame-ancestors 'self' www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com; frame-src www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com *.facebook.com open.spotify.com widget.spreaker.com docs.google.com cse.google.com *.wolkvox.com https://youtube.com/ *.youtube.com *.google.com https://app.nati.ai 2 upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2 default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com ; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net ; upgrade-insecure-requests 2 frame-ancestors 'self' https://portalgentedesucesso.lg.com.br https://www.lg.com.br; base-uri https://portalgentedesucesso.lg.com.br https://www.lg.com.br; form-action https://portalgentedesucesso.lg.com.br https://www.lg.com.br; object-src https://portalgentedesucesso.lg.com.br; 2 default-src 'self' https://content.dionglobal.in/ https://prod-web.ltfinance.com https://prod-app.ltfinance.com/ https://www.ltfinance.com/ https://twphonepeuat.ltfs.com/ ; script-src http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://ltfs.allincall.in https://ltfs.allincall.in/chat/get-bot-image https://maps.googleapis.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://content.dionglobal.in/ 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * https://ltfs-sf.idealake.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com; font-src 'self' * fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' * data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://content.dionglobal.in/;child-src 'self' https://www.google.com https://maps.google.com https://content.dionglobal.in https://cx.camsonline.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://maps.googleapis.com data: blob:; frame-src 'self' *; 2 font-src 'self' data: https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://icon.widen.net *.prod.acquia-sites.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.facebook.com https://ade.googlesyndication.com https://*.widencdn.net https://www.iconplc.com https://metrics.brightcove.com https://www.google-analytics.com https://*.boltdns.net https://www.googletagmanager.com https://tracking.monsido.com https://hostedseal.trustarc.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com apis.google.com js-agent.newrelic.com https://cdn.cookielaw.org gtm.js www.tagassistant.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://pi.pardot.com js-agent.newrelic.com https://www.google-analytics.com www.google.com apis.google.com https://connect.facebook.net https://cdn.cookielaw.org https://www2.iconplc.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://s.go-mpulse.net https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js https://www.gstatic.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://googleads.g.doubleclick.net; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fast.fonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' 2 frame-ancestors 'self' *.wrike.com 2 frame-ancestors 'none'; report-uri https://prod-fhs-rn-csp-service.rbictg.com/csp; report-to csp-endpoint 2 block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com https://*.niceincontact.com https://*.uplynk.com https://pactsafe.io; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com https://*.niceincontact.com https://webapps.msanet.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/ https://*.niceincontact.com https://*.instagram.com https://jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com https://*.googletagmanager.com https://content.uplynk.com https://msasafety700.outgrow.us; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com https://curator-assets.b-cdn.net https://*.curator.io https://*.niceincontact.com/ https://dummyimage.com https://*.placeholder.com https://placehold.it https://*.uplynk.com https://media.msasafety.com.cn https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/ https://*.curator.io https://curator-assets.b-cdn.net/ https://*.shutterstock.com https://*.uplynk.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co https://*.niceincontact.com https://*.instagram.com https://webapps.msanet.com https://webapps.msasafety.com https://*.uplynk.net https://*.uplynk.com https://pactsafe.io https://*.pactsafe.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net https://*.curator.io/ https://*.niceincontact.com https://*.uplynk.com; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 2 default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 2 default-src 'self' 'unsafe-inline' *.googleusercontent.com https://unpkg.com https://www.firstbus.co.uk *.gstatic.com *.google.co.uk *.facebook.com *.googleapis.com *.hotjar.com *.unpkg.com *.tiktok.com *.googleadservices.com *.twitter.com *.youtube.com *.google-analytics.com *.google.com *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.cloudflare.com *.t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veritonic.com *.cardinalcommerce.com *.paypalobjects.com *.paypal.com *.comcarde.com *.vimeo.com https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://unpkg.com/@googlemaps/markerclustererplus@1.2.10/dist/index.min.js *.unpkg.com https://unkpkg.com https://www.google.co.uk *.gstatic.com *.googleapis.com *.hotjar.com *.ads-twitter.com *.unpkg.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.google.com *.jsdelivr.net *.googletagmanager.com *.cookiepro.com cdn.cookielaw.org *.onetrust.com *.doubleclick.net *.cloudflare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com api.braintreegateway.com www.paypalobjects.com client-analytics.braintreegateway.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.unpkg.com *.jquery.com assets.braintreegateway.com *.hotjar.com; img-src 'self' 'unsafe-inline' data: *.paypalobjects.com https://adservice.google.com *.google.com https://www.google.com *.gstatic.com *.google.gg *.google.bs *.google.tn *.google.hn *.google.com.om *.google.com.ag *.google.com.ng *.googleusercontent.com *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.is *.google.me *.google.com.co *.google.com.ec *.firstbus.co.uk *.googletagmanager.com *.google.ad *.google.hu *.google.gy *.google.co.bw *.google.com.lb *.google.ca *.google.com.hk *.google.mg *.google.co.ma *.google.jo *.google.com.qa *.google.com.pr *.google.im *.google.fr *.facebook.com *.google.cz *.google.cl *.google.co.in *.google.com.sa *.google.com.bd *.google.pt *.google.nl *.google-analytics.com *.google.co.th *.google.lv *.google.com.ph *.cookiepro.com *.firstgroup.com *.google.no *.google.co.id *.google.be *.google.com.sg *.google.co.kr *.google.sk *.google.gr *.google.com.tr *.google.co.tz *.google.com.au *.google.lk *.google.com.my *.google.kg *.ytimg.com *.google.kz *.google.rs *.google.lu *.google.com.eg *.google.pl *.google.com.mt *.google.com.cy *.google.mv *.google.com.jm *.google.cv *.twitter.com *.google.bg *.google.fi *.google.com.ar *.google.ee *.google.com.gh *.google.co.jp *.doubleclick.net *.google.cn *.google.ae *.google.com.et *.google.ru *.google.com.bo *.google.je *.google.com.pe *.google.ch *.google.se *.google.ro *.google.co.nz *.plusbus.info *.google.co.uk *.google.hr *.google.com.tw *.google.it *.paypal.com *.google.com.np *.googleapis.com *.google.cm *.google.com.br *.google.co.za *.google.dm *.google.com.kw *.google.mk *.google.com.pk *.google.tt *.google.co.ke *.google.com.bh *.google.lt *.google.com.bn *.google.at *.google.ie *.google.de *.t.co *.google.si *.google.lv assets.braintreegateway.com checkout.paypal.com *.thisisdax.com *.hotjar.com; style-src-elem 'self' 'unsafe-inline' assets.braintreegateway.com cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.gstatic.com; frame-src * 'self' 'unsafe-inline'; font-src * 'self' 'unsafe-inline' https://*.hotjar.com; connect-src 'self' 'unsafe-inline' *.veritonicmetrics.com *.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com *.google-analytics.com https://region1.google-analytics.com *.google-analytics.com *.google.co.uk *.cardinalcommerce.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.comcarde.com *.cookiepro.com cdn.cookielaw.org *.onetrust.com https://www.facebook.com *.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com *.google.rs *.google.be *.google.ae *.google.gg *.google.com.om *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.com.co *.googletagmanager.com *.google.hu *.google.co.bw *.google.ca *.google.com.hk *.google.im *.google.fr *.linkedin.com api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; upgrade-insecure-requests; base-uri 'self'; 2 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.ringcentral.com wss://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.thehut.com https://analytics.tiktok.com https://*.abtasty.com https://sgtm.thehut.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://*.ringcentral.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://google.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com blob: https://*.abtasty.com https://sgtm.thehut.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 2 frame-ancestors 'self' https://www.blender.co.il; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https:; 2 frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net https://s3.rdbuz.com https://*.doubleclick.net https://graph.facebook.com https://*.redbus.in https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.lacmp.net cdn.branch.io cdn.moengage.com https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: img.youtube.com niubizqr.pagoefectivo.pe img.riskified.com moe-email-campaigns.s3.amazonaws.com image.moengage.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com maps.gstatic.com maps.googleapis.com rb-plus.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in origin-st.redbus.in www.redbus.in www.redbus.in *.google.com www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' st.redbus.in payment.pagoefectivo.pe *.firebaseapp.com *.firebaseio.com www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' www.lacmp.net wss://rbpub.redbus.com s3-ap-southeast-1.amazonaws.com *.moengage.com analytics.google.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com graph.facebook.com accounts.google.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; style-src 'self' 'unsafe-inline' https: data: https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; media-src 'self' https: blob: data:; frame-src 'self' https: blob: data: https://www.google.com https://*.auglio.com https://*.virtooal.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://www.paypal.com https://virtooal.us7.list-manage.com https://www.facebook.com/tr/; 2 "frame-ancestors 'none';" 2 default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self'; 2 object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self' https://*.hygraph.com; manifest-src 'self'; worker-src 'none'; report-to default; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://c.clarity.ms https://c.bing.com *.clarity.ms *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; media-src self data: *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; script-src 'self' 'unsafe-inline' https://www.clarity.ms *.clarity.ms https://www.googletagmanager.com;connect-src 'self' https://*.betufa.com https://staging-api.ufabet.sh https://ufshseo-content.mybet789.com https://content.ufanews.com https://api.staging.myufa.com https://ajax-login-portal.mybet789.com https://one.one.one.one/cdn-cgi/trace https://www.googletagmanager.com https://www.clarity.ms *.clarity.ms https://www.google-analytics.com https://j.clarity.ms; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ruvoip.net https://counter.yadro.ru https://mc.yandex.ru https://d31j93rd8oukbv.cloudfront.net https://www.acint.net https://ssp-rtb.sape.ru https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://*.wp.com https://*.gravatar.com https://cdnjs.cloudflare.com https://telegram.org; style-src 'self' 'unsafe-inline' https://ruvoip.net https://fonts.googleapis.com *.wp.com https://*.gravatar.com https://telegram.org; font-src 'self' 'unsafe-inline' https://ruvoip.net data: https://fonts.gstatic.com https://fonts.googleapis.com https://wordpress.com *.wp.com 2 frame-ancestors 'self' cooper.fastcommand.com cooperhealth.org cooperhealth.edu *.cooperhealth.org *.cooperhealth.edu 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.teads.tv https://*.lidl.si data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.escapebox.si https://*.brainylab.io https://sveze-sadje-zelenjava.si https://view.genially.com https://*.lidl.si https://a-lidl.vev.site/ https://*.playbrandgames.com; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://www.google.si https://*.lidl.si data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com https://*.teads.tv; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io http://m.dolenjskilist.si https://*.metropolitan.si https://*.slo-podnapisi.eu https://*.svet24.si https://bivanje.si https://creatives.sascdn.com https://dijaski.net https://e-vozila.si https://enspot.si https://fokuspokus.si https://jejzdravo.si https://kosarka.info https://megasvet.si https://moderna-zenska.si https://nascas.si https://necenzurirano.si https://nogomania.si https://nt-rc.si https://pravi-moski.si https://radio80.si https://reporter.si https://revijazeleniraj.si https://rock-celje.si https://rockmaribor.si https://rokomet.net https://smart-ad.com https://snportal.si https://spletnicasopis.eu https://sprosti.se https://studentski.net https://vecer.com https://velenje.com https://www.angleskaliga.com https://www.bambino.si https://www.bodieko.si https://www.dnevnik.si https://www.dolenjskilist.si https://www.domacebranje.com https://www.ekohisastil.si https://www.lepdan.si https://www.megasvet.si https://www.mojaozimnica.com https://www.moji-recepti.net https://www.monitor.si https://www.pomurec.com https://www.portalplus.si https://www.portalplus.si https://www.prlekija-on.net https://www.razlagasanj.com https://www.sanjskaknjiga.com https://www.slovenskenovice.si https://www.studentarija.net https://www.velenje.com https://www.vemkajjem.si https://www.vemkajjem.si https://www.vrtnarica.si https://www.zenskisvet.si https://zastarse.si https://zdravstvena.info https://zimski-sporti.si; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net https://*.google-analytics.com https://*.analytics.google.com https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://pagead2.googlesyndication.com/ccm/ https://consent.studio/api/v1/public/site/space.net https://consent.studio/api/v1/public/site/space.net/; style-src 'self' 'unsafe-inline' https://marketing.space.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://marketing.space.net/ https://*.vimeocdn.com/ https://*.google-analytics.com https://*.googletagmanager.com https://snap.licdn.com/li.lms-analytics/ https://consent.studio/www.space.net/ https://consent.studio/api/v1/public/site/www.space.net/ https://consent.studio/space.net/ https://consent.studio/api/v1/public/site/space.net/ https://*.lfeeder.com/ https://googleads.g.doubleclick.net/; form-action 'self' https://www.facebook.com/ *.space.net/; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://marketing.space.net/ https://*.googletagmanager.com https://td.doubleclick.net/; img-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net/ data: https://*.google-analytics.com https://*.googletagmanager.com https://px.ads.linkedin.com/ https://www.google.de/ads/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.de/ https://*.lfeeder.com/; object-src 'none'; font-src 'self'; 2 default-src 'self'; frame-ancestors 'self' https://*.sachsen.de; frame-src 'self' https://*.sachsen.de https://e.issuu.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://e.issuu.com https://www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' data: https://*.sachsen.de https://i.ytimg.com https://syndication.twitter.com https://vrweb15.linguatec.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sachsen.de https://connect.facebook.net https://platform.twitter.com https://e.issuu.com https://vrweb15.linguatec.org https://*.etracker.com https://*.etracker.de; style-src 'self' 'unsafe-inline' https://*.sachsen.de https://vrweb15.linguatec.org; connect-src 'self' https://*.sachsen.de https://vrweb15.linguatec.org https://www.etracker.de; media-src 'self' https://vrweb15.linguatec.org; upgrade-insecure-requests; 2 default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com localhost:; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com connect.facebook.net translate.googleapis.com api.usercentrics.eu ib.adnxs.com consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu cdn.dynamicyield.com st-eu.dynamicyield.com aggregator.service.usercentrics.eu graphql.usercentrics.eu ws://localhost:12387/ data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com fonts.gstatic.com app.usercentrics.eu uct.service.usercentrics.eu privacy-proxy-server.usercentrics.eu www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de blob:; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com app.usercentrics.eu; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 2 upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; 2 frame-ancestors 'self' https://egypt-now.net https://alarabnow.net https://saudi-now.com/; 2 default-src 'self' www.nsinternational.com;connect-src 'self' www.nsinternational.com *.nsinternational.com browser-intake-datadoghq.eu www.datadoghq-browser-agent.com *.enterprisebot.co ws://*.enterprisebot.co www.google-analytics.com region1.google-analytics.com www.google.com www.google.nl stats.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net *.ns.nl *.blueconic.net *.optimizely.com o71339.ingest.sentry.io maps.googleapis.com www.googleapis.com www.googletagmanager.com www.googleadservices.com adservice.google.com api-prd.kpn.com www.facebook.com edge.api.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com ts.tradetracker.net t.co analytics.twitter.com bat.bing.com mail.nsinternational.nl region1.analytics.google.com *.qualtrics.com *.cognigy.cloud wss://*.cognigy.cloud *.amplitude.com data:;frame-src 'self' www.nsinternational.com www.google.com www.googletagmanager.com recaptcha.google.com a7779470749.cdn.optimizely.com ezvr.nl roundme.com translate.googleapis.com translate.google.com *.qualtrics.com;font-src 'self' www.nsinternational.com *.ns.nl *.enterprisebot.co fonts.gstatic.com data:;worker-src 'self' www.nsinternational.com blob:;img-src 'self' www.nsinternational.com ocptst.ns.nl fonts.gstatic.com www.googletagmanager.com *.enterprisebot.co ad.doubleclick.net images.ctfassets.net googleads.g.doubleclick.net b339.nsinternational.com nshispeed.blueconic.net www.facebook.com *.google-analytics.com www.google.com www.google.nl www.google.be www.google.de www.google.fr www.google.co.uk www.google.ie www.googleadservices.com maps.gstatic.com maps.googleapis.com adservice.google.com adservice.google.nl adservice.google.be analytics.twitter.com t.co ts.tradetracker.net bat.bing.com *.boltdns.net plugins.blueconic.net translate.google.com static-ns-nl-data.fep-p.cla.ns.nl *.qualtrics.com data:;media-src 'self' www.nsinternational.com manifest.prod.boltdns.net *.brightcovecdn.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.nsinternational.com www.google.com www.gstatic.com www.datadoghq-browser-agent.com *.enterprisebot.co cdn.blueconic.net/nshispeed.js b339.nsinternational.com nshispeed.blueconic.net plugins.blueconic.net cdn.optimizely.com/js/12346740180.js www.google-analytics.com www.googletagmanager.com maps.googleapis.com code.jquery.com players.brightcove.net vjs.zencdn.net translate.googleapis.com translate.google.com static-ns-nl-data.fep-p.cla.ns.nl *.qualtrics.com *.amplitude.com;style-src 'self' 'unsafe-inline' www.nsinternational.com www.googletagmanager.com *.enterprisebot.co fonts.googleapis.com b339.nsinternational.com plugins.blueconic.net static-ns-nl-data.fep-p.cla.ns.nl;object-src 'none';form-action 'self' ns.qualtrics.com;frame-ancestors 'self' b339.nsinternational.com nshispeed.blueconic.net app.contentful.com;upgrade-insecure-requests 2 default-src blob: https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https:;font-src 'self' data: https:;worker-src blob: https:;frame-ancestors 'self' 2 frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp *.ncvgames.com *.game.daum.net *.daum.net 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: maxcdn.bootstrapcdn.com *.klaviyo.com smsapi.7-s.si *.googleapis.com *.gstatic.com www.google.com googletagmanager.com *.googletagmanager.com www.facebook.com connect.facebook.net *.mass.si *.mass-shoes.com *.mass-shoes.at mass-shoes.at bat.bing.com www.google.si assets.adobedtm.com *.cloudfront.net liveupdate.pimcore.org www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net td.doubleclick.net api.instacloud.io business.facebook.com *.paypalobjects.com *.cookiebot.com *.hotjar.com *.hotjar.io creativecdn.com *.google-analytics.com *.pusher.com sessions.bugsnag.com www.youtube.com *.gls-hungary.com *.gls-slovenia.com *.openstreetmap.org *.elfsight.com *.elfsightcdn.com api-js.datadome.co *.analytics.google.com pagead2.googlesyndication.com *.paypal.com *.posta.si *.boxnow.hr x.klarnacdn.net *.klarnaevt.com *.klarna.com; 2 default-src 'self' * script-src 'self' 'unsafe-eval' style-src * 'unsafe-inline' data: 2 script-src 'self' 'unsafe-inline' *.cookiebot.com *.hacon.de 2 frame-ancestors 'self' localhost:9002 https://*.corona.co 2 form-action https:; upgrade-insecure-requests 2 default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com *.google.fr *.google.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.facebook.com *.sc-static.net snap.licdn.com insight.adsrvr.org googleads.g.doubleclick.net www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app https://ecb.qualquantsignals.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com snap.licdn.com https://api.smalk.ai https://www.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ws.facil-iti.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.fr https://www.google.com https://ecb.qualquantsignals.com https://ws.facil-iti.com https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://tiles.stadiamaps.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/ https://www.googletagmanager.com/ https://orano.kantree.io/ https://td.doubleclick.net https://lookerstudio.google.com/ https://reservation.orano.group/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group https://reservation.orano.group/ blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://web-service.facil-iti.app https://dhllvtr.pa-cd.com wss://ws.hotjar.com https://content.hotjar.io https://px.ads.linkedin.com https://*.clarity.ms; 2 default-src 'self' *.aimatch.com *.kbps.cz kbps.cz *.googleapis.com *.kbcloud *.youtube.com *.googlesyndication.com *.kb.cz *.kbinfo.cz *.google.com *.google.cz *.googleadservices.com *.linkedin.com *.google-analytics.com *.aimatch.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.luigisbox.com *.adform.net *.seadform.net *.platform.twitter.com *.seznam.cz *.static.ads-twitter.com *.licdn.com *.linkedin.oribi.io data 'unsafe-inline'; img-src 'self' *.aimatch.com *.kbcloud *.kbinfo.cz *.youtube.com *.googletagmanager.com *.adform.net *.seadform.net *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.google.cz *.seznam.cz *.gstatic.com analytics.twitter.com t.co *.i.ytimg.com *.facebook.com *.google.com *.google-analytics.com *.linkedin.com maps.gstatic.com maps.googleapis.com *.kb.cz data:; script-src 'self' *.aimatch.com *.luigisbox.com *.kbps.cz kbps.cz *.facebook.net *.static.ads-twitter.com https://static.ads-twitter.com/uwt.js https://analytics.tiktok.com *.googlesyndication.com housing-calculation-fe.fat.hfd.kbcloud *.facebook.com *.doubleclick.net *.googleadservices.com *.seznam.cz https://www.google.com *.google.cz *.googletagmanager.com *.licdn.com *.adform.net *.seadform.net *.platform.twitter.com *.demogram.cz *.kbcloud *.googleapis.com rtp.persoo.ai scripts.persoo.cz *.youtube.com *.kb.cz *.kbinfo.cz *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.aimatch.com *.kbcloud *.cloudflare.com 'unsafe-inline'; worker-src 'self' *.youtube.com *.google.com *.kb.cz blob:; font-src 'self' *.youtube.com *.google.com *.gstatic.com *.kb.cz data:; frame-src 'self' *.youtube.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.adform.net *.seadform.net *.kb.cz; object-src 'none'; 2 script-src *.buckaroo.io https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsadspixel.net/ https://*.hs-banner.com/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-eval' 'unsafe-inline';img-src *.buckaroo.io *.clarity.ms *.googlesyndication.com *.gstatic.com data: https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://*.usercentrics.eu/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://px.ads.linkedin.com https://via.placeholder.com/ https://www.facebook.com/ https://www.google.nl https://www.google-analytics.com/ https://www.googletagmanager.com/ 'self';script-src-elem *.clarity.ms *.googleadservices.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hotjar.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hscta.net/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://*.leadinfo.net/ https://*.marketingautomation.services/ https://*.usemessages.com/ https://connect.facebook.net/ https://snap.licdn.com https://unpkg.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-inline';connect-src *.clarity.ms *.googlesyndication.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.google-analytics.com https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com/ https://*.leadinfo.com/ https://*.leadinfo.net/ https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/ https://lottie.host https://px.ads.linkedin.com https://www.facebook.com/ https://www.google.nl 'self';frame-src *.hsforms.net https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.youtube.com/ 'self';font-src data: https://designlibrary.tres.nl/ https://fonts.gstatic.com/ 'self';style-src https://*.formstack.io/ https://fonts.googleapis.com/ 'self' 'unsafe-inline';base-uri 'self';default-src 'self';manifest-src 'self';media-src 'self';report-uri https://buckaroo.report-uri.com/r/t/csp/reportOnly 2 frame-ancestors 'self' lhg.hubwoo.com; 2 frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com cdn.realescort.com 2 child-src 'self' blob:;default-src 'self';connect-src 'self' wss:;font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;object-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' 2 object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: * 2 default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://cdnmon.cfigroup.com https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap@2.0.4/ https://cdn.knightlab.com https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://unpkg.com/chartjs-plugin-datalabels@2.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://search.usa.gov;; 2 default-src 'self' data: ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com *.demandbase.com *.intercom.io *.intercomcdn.com https://play.vidyard.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.hsforms.net https://*.usercentrics.eu *.6sc.co *.6sense.com https://scripts.simpleanalyticscdn.com https://js.qualified.com *.mouseflow.com; img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com *.mouseflow.com; connect-src * 'self' data: *.hubspot.com https://optimize.google.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://*.qualified.com wss://*.qualified.com *.mouseflow.com; frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net https://play.vidyard.com *.hsforms.com https://*.qualified.com *.mouseflow.com; style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com https://*.qualified.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com *.intercomcdn.com *.mouseflow.com; media-src 'self' data: www.qualia.com js.driftt.com *.intercomcdn.com *.hubspotusercontent00.net mediastream: https://*.qualified.com; manifest-src 'self' data: *.google.com; prefetch-src 'self' data: https://play.vidyard.com; child-src 'self' data: https://*.qualified.com *.mouseflow.com; object-src 'none'; upgrade-insecure-requests 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; connect-src 'self' wss: https: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 2 default-src https:; img-src 'self' data: cdn.cookielaw.org cookie-cdn.cookiepro.com i.vimeocdn.com maps.gstatic.com *.googleapis.com *.ggpht.com *.linkedin.com *.google.com *.google.co.in *.crazyegg.com *.google.ca; script-src 'self' admin.ceros.com *.preview.ceros.com sharejs.ceros.com 104.18.33.58 172.64.154.198 172.64.144.4 104.18.43.252 view.ceros.com *.googleadservices.com *.google.com *.googleapis.com *.gstatic.com vimeo.com *.vimeo.com *.worley.com snap.licdn.com *.pardot.com *.googletagmanager.com *.doubleclick.net *.crazyegg.com cdn.cookielaw.org cookie-cdn.cookiepro.com 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' fonts.googleapis.com *.typekit.net *.crazyegg.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net; media-src i.vimeocdn.com *.crazyegg.com; object-src i.vimeocdn.com; upgrade-insecure-requests; block-all-mixed-content; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: fonts.googleapis.com *.hotjar.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.alphaecommerce.gr *.cardlink.gr *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.boxnow.gr *.boxnow.cy *.klarna.com js.mollie.com *.weltpixel.com *.cookiebot.com *.facebook.com *.facebook.net *.addtoany.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.mollie.com *.facebook.com *.userway.org *.cookiefirst.com *.cookiebot.com *.1rx.io *.cookielaw.org *.windows.net *.google.com *.google.gr *.contactpigeon.com *.klarnaservices.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.id5-sync.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.attrattivo.com *.alethenonusualcasual.com *.ale.cy *.attrattivo.cy *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.adman.gr trustmark.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com js.mollie.com *.alphaecommerce.gr *.cardlink.gr *.cookiebot.com cdn.simpler.so sdk.local.simpler.so https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.facebook.com *.userway.org *.addtoany.com *.cookielaw.org *.cookiefirst.com *.doubleclick.net *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.contactpigeon.com *.linkwi.se *.tiktok.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.onecode.gr blob: *.google.gr *.cloudflareinsights.com *.adman.gr trustmark.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net tagmanager.google.com *.userway.org *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.cookiefirst.com *.contactpigeon.com assets.braintreegateway.com *.googletagmanager.com *.adman.gr *.trustmark.gr 'self' 'unsafe-inline'; object-src *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.cookiebot.com button.simpler.so analytics.simpler.so button.local.simpler.so *.facebook.net *.userway.org *.tiktok.com *.facebook.com *.cookielaw.org *.doubleclick.net *.criteo.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.datatrics.com *.cookiefirst.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.contactpigeon.com *.youtube.com *.google.gr *.youtube-nocookie.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.adman.gr *.grxchange.gr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' file: https://*.toyota.eu https://*.toyota.pl https://*.toyota.cz https://*.toyota.hu https://*.toyota.sk https://*.toyota-europe.com https://player.adobescreens.com https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com https://localhost:24502 http://localhost:24502 https://127.0.0.1:24502 http://127.0.0.1:24502 2 child-src 'self' *.optimizely.com *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidoluat.com *.theidolprod.com *.landginvestments.com *.videomarketingplatform.co landgmya.ctc.uk.com view.ceros.com apps.euw2.pure.cloud flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.optimizely.com *.dynatrace.com *.lgnet.co.uk *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net edge.adobedc.net wss://webmessaging.euw2.pure.cloud pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com api.euw2.pure.cloud api.shelf-eu.com api-cdn.euw2.pure.cloud brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net cdn.jsdelivr.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com *.legalandgeneralre.com *.lgima.com *.longevitypanel.co.uk *.landg.com *.lgim.com; img-src 'self' data: https: blob:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.optimizely.com *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.landg.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com www.redditstatic.com cdn.jsdelivr.net view.ceros.com apps.euw2.pure.cloud public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net 2 default-src data: 'self' blob: accounts.google.com www.googleapis.com ; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com ; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com *.youtube.com *.googletagmanager.com; img-src 'self' *.youtube.com *.bankneo.co.id *.ytimg.com *.wooz.in *.google.com *.googleapis.com; connect-src 'self' https://noembed.com *.bankneo.co.id *.google.com; worker-src blob: 'self'; form-action 'self' *.bankneo.co.id; frame-src *.google.com *.googleapis.com *.youtube.com; 2 frame-ancestors https://*.x-cart.com 2 img-src hm.vostok.zone35.net *.b-ite.com *.hm.edu flockler.com fl-1.cdn.flockler.com media-api.flockler.com media.licdn.com scontent.cdninstagram.com *.xx.fbcdn.net 'self' data:; font-src *.assisto.beranet.de formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu data:; script-src *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu assets.hm.edu mediapool.hm.edu cloud.ccm19.de 'unsafe-inline'; script-src-elem *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu cloud.ccm19.de 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline'; connect-src wss://hm.vostok.zone35.net cdn.jsdelivr.net hm.vostok.zone35.net *.beranet.de hm-edu-search-api.e-spirit.cloud *.b-ite.com stats-api.flockler.app api.flockler.app *.hm.edu cloud.ccm19.de matomo.hm.edu; style-src *.assisto.beranet.de *.b-ite.com assets.hm.edu mediapool.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-elem *.assisto.beranet.de *.b-ite.com formulare.hm.edu formulare-test.hm.edu mediapool.hm.edu assets.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-attr 'unsafe-inline'; default-src 'self' matomo.hm.edu search.hm.edu formulare.hm.edu formulare-test.hm.edu cloud.ccm19.de assets.hm.edu mediapool.hm.edu 'unsafe-inline'; media-src 'self' dms.licdn.com media-api.flockler.com data:; frame-src 'self' cloud.ccm19.de mstream.hm.edu www.youtube.com cc.art180.de; child-src 'self'; frame-ancestors 'none'; base-uri 'self'; worker-src 'none'; manifest-src 'none'; report-to https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; report-uri https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; 2 frame-ancestors 'self' https://nobudget.media/ 2 frame-ancestors *.jllt.com journeys.jll.com; 2 default-src 'self'; font-src 'self' https://cdn.plyr.io https://fonts.gstatic.com data: https://js.arcgis.com; img-src 'self' https://f.info.nantesmetropole.fr https://tiles.arcgis.com https://api-infonantes.nantesmetropole.fr https://vkjdfnn.pa-cd.com https://metropole.nantes.fr https://js.arcgis.com data: https://scontent.xx.fbcdn.net https://static.cdninstagram.com https://image.ausha.co https://media.licdn.com https://scontent-cdg4-2.cdninstagram.com https://yt3.ggpht.com https://calameo-beacon.global.ssl.fastly.net https://syndication.twitter.com https://nte-prod-toolbox-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com https://cdn.arcgis.com https://basemaps.arcgis.com https://cdn.openagenda.com https://metropole-fas.nantes.fr https://nte-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com https://media-infonantes.nantesmetropole.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://welkom-editor.io https://tag.aticdn.net https://tarteaucitron.io https://js.arcgis.com https://unpkg.com https://v.calameo.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://platform.twitter.com https://player.ausha.co https://static.cdninstagram.com https://static.licdn.com https://static.xx.fbcdn.net https://www.facebook.com https://www.instagram.com https://www.youtube.com https://cdn.jsdelivr.net https://platform.linkedin.com https://www.calameo.com; style-src 'self' 'unsafe-inline' https://tarteaucitron.io https://js.arcgis.com https://cdn.jsdelivr.net https://v.calameo.com https://fonts.googleapis.com https://player.ausha.co https://static.cdninstagram.com https://static.licdn.com https://static.xx.fbcdn.net https://www.youtube.com https://www.calameo.com; object-src 'none'; connect-src 'self' https://tiles.arcgis.com https://v.calameo.com https://cdn.jsdelivr.net https://platform.twitter.com https://www.youtube.com https://www.instagram.com https://vkjdfnn.pa-cd.com https://jnn-pa.googleapis.com https://www.googleapis.com https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://services.arcgisonline.com https://server.arcgisonline.com https://static.arcgis.com https://cdn.arcgis.com; frame-src *; media-src 'self' https://nte-prod-drupalfiles.oos.cloudgouv-eu-west-1.outscale.com ; frame-ancestors 'self' https://metropole-fas.nantes.fr https://metropole.nantes.fr https://toolbox-metropole.nantes.fr https://v.calameo.com https://www.calameo.com https://cartographie-internationale.nantesmetropole.fr; form-action 'self' https://authcm.nantesmetropole.fr https://auth-v2.nantesmetropole.fr; base-uri 'self'; manifest-src 'self'; worker-src 'self' blob: https://v.calameo.com; upgrade-insecure-requests; 2 default-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071 www.ounass.ae ar.ounass.ae en-saudi.ounass.com saudi.ounass.com oman.ounass.com ar-oman.ounass.com kuwait.ounass.com ar-kuwait.ounass.com bahrain.ounass.com ar-bahrain.ounass.com www.ounass.qa ar.ounass.qa;frame-src 'self' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;font-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;img-src * 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;script-src 'self' 'unsafe-inline' 'unsafe-eval' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071;style-src 'self' 'unsafe-inline' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com clarity.ms *.clarity.ms s.pinimg.com *.s.pinimg.com ct.pinterest.com *.ct.pinterest.com mc.yango.com *.mc.yango.com eu.asas.yango.com *.eu.asas.yango.com beacon.ounass.com *.beacon.ounass.com wss://*.hotjar.com wss://*.ounass.ae:7071 2 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' s7.addthis.com static.hotjar.com script.hotjar.com members.ahcancal.org www.google.com www.gstatic.com www.youtube.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com ajax.googleapis.com safebrowsing.googleapis.com analytics.google.com connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com edge.addthis.com polo.feathr.co cdn.feathr.co widget.surveymonkey.com banman.providermagazine.com banman.ahcancal.org platform.twitter.com cdn.syndication.twimg.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' s7.addthis.com www.google.com www.youtube.com fonts.googleapis.com tagmanager.google.com platform.twitter.com ton.twimg.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.com www.facebook.com marco.feathr.co polo.feathr.co *.feathr.co www.googletagmanager.com banman.providermagazine.com banman.ahcancal.org match.adsrvr.org pbs.twimg.com abs.twimg.com platform.twitter.com ton.twimg.com syndication.twitter.com; media-src 'self' data: www.youtube.com app.powerbi.com www.surveymonkey.com; frame-src 'self' data: www.google.com datawrapper.dwcdn.net *.hotjar.com td.doubleclick.net ahca-ncal-convention-2023-map.web.app ahcancal.wufoo.com custom.statenet.com s7.addthis.com www.youtube.com app.powerbi.com edge.addthis.com www.facebook.com www.surveymonkey.com bid.g.doubleclick.net platform.twitter.com syndication.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' data: www.google-analytics.com https://www.google-analytics.com in.hotjar.com ws7.hotjar.com ws35.hotjar.com vc.hotjar.io content.hotjar.io ws.hotjar.com polo.feathr.co analytics.tiktok.com members.ahcancal.org 2 frame-ancestors 'self'; report-to https://r4com.report-uri.io/r/default/csp/enforce 2 default-src dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net 2 frame-ancestors 'self' https://www.steris.com https://ww1.steris.com https://archportal.steris.com https://gateway.steris.com https://sitecore-healthcare-xm-centralus-prod-cd.azurewebsites.net/; 2 script-src http: https: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' https://*.wistia.com https://*.wistia.net; child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net aorta.clickagy.com hemsync.clickagy.com https://www2.ttec.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://px.ads.linkedin.com https://js.zi-scripts.com https://ws.zoominfo.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fbo-b.flippingbook.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://*.doubleclick.net https://pi.pardot.com https://www.google.com https://google.com https://www.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net https://cdnjs.cloudflare.com; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://js.driftt.com https://widget.drift.com https://fast.wistia.com https://fast.wistia.net hemsync.clickagy.com https://insight.adsrvr.org https://www2.ttec.com https://online.flippingbook.com https://match.adsrvr.org; img-src 'self' data: https://www.ttec.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://www.google.com https://google.com https://*.wistia.com https://*.wistia.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://ade.googlesyndication.com https://www.linkedin.com https://fonts.gstatic.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' 'strict-dynamic' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-FaSXPbpj8oTiQ8WJRUC7rg'; script-src-elem 'self' https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://js.driftt.com https://widget.drift.com https://*.wistia.com https://*.wistia.net https://src.litix.io js.zi-scripts.com tags.clickagy.com https://www2.ttec.com https://snap.licdn.com/ https://www.gstatic.com https://ws-assets.zoominfo.com https://pagead2.googlesyndication.com https://js.adsrvr.org/ https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://js.sentry-cdn.com https://pi.pardot.com https://googleads.g.doubleclick.net https://connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-FaSXPbpj8oTiQ8WJRUC7rg'; style-src 'self' 'unsafe-inline' blob: https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.wistia.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 default-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/; connect-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/ https://www.google-analytics.com; font-src 'self' data: https:; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://www.youtube-nocookie.com https://*.google.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://app.powerbigov.us https://*.recollect.net https://visualping.io https://www.youtube.com https://w3.mp.lura.live https://player.vimeo.com https://*.apptoto.com https://cityeconomy.org https://cityoftampa-my.sharepoint.com https://*.arcgis.com/ https://*.opengov.com/ https://api-us.one.network https://vimeo.com https://acrobatservices.adobe.com https://tip411.com; img-src 'self' about: data: https: http://www.tampa.gov http://www.tampagov.net blob:; media-src 'self' https://*.livestream.com https://curator-assets.b-cdn.net https://video.twimg.com https://*.s3.amazonaws.com https://*.vimeo.com; object-src 'self' http://www.tampa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.windows.net https://maps.floridadisaster.org https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://bam.nr-data.net https://*.surveymonkey.com browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://*.list-manage.com https://*.google.com https://*.recollect.net https://pagecorrect.monsido.com https://spark.adobe.com https://cdn.apptoto.com blob: https://*.arcgis.com/ https://*.amazonaws.com/downloads.mailchimp.com/ https://kendo.cdn.telerik.com https://use.fontawesome.com/* https://*.vimeo.com https://connect.facebook.net/en_US/sdk.js acrobatservices.adobe.com cdn.jsdelivr.net https://app-script.monsido.com https://cdn.curator.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://controlpanel.opengov.com https://kit.fontawesome.com https://maps.googleapis.com https://polyfill-fastly.io https://translate.google.com https://unpkg.com https://use.fontawesome.com https://www.google.com maps.googleapis.com mdbootstrap.com; style-src 'self' 'unsafe-inline' cdn.curator.io translate.googleapis.com vuetampaservices2.z13.web.core.windows.net https://*.mailchimp.com https://recollect.a.ssl.fastly.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://apps.tampagov.net https://kendo.cdn.telerik.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://static2.sharepointonline.com https://unpkg.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' https://*.opengov.com; upgrade-insecure-requests 2 default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; 2 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-m-KDi1rDCJ6Jgw' 'unsafe-hashes' 'sha256-xPFQMZneoRxFljeMIHQ4vPKPyDPgoABR+GFcO5aEhCg=' 'sha256-vJtl2RfhRVeaVjHri3h9zh+irblwCgC8O+2KO5SwjUE=' 'sha256-0YvrqKbbMt2EskJYz2VCrMp2hLAw5SnvKXcZiZNADEs=' 'sha256-ZzU+qOmZERkwCUIxTe7nDzk1ThNaLGel+/J1iWx+nSU=' 'sha256-7PR+0/+ZmUwb4JADPqIYhsBV5VPhfdB2IYp2W4Nc8Xo=' https://static.hotjar.com https://script.hotjar.com https://bot.leadoo.com https://tracker.metricool.com https://repositorio.lemlaboratorios.cl https://sofire.baidu.com https://affim.baidu.com https://safe.cdn.bcebos.com https://sofire.bdstatic.com https://aifanfan.baidu.com https://dmpstatic.cdn.bcebos.com https://aiff.cdn.bcebos.com https://goutong.baidu.com https://hm.baidu.com https://aff-im.cdn.bcebos.com *.azureedge.net *.calltrk.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js tagmanager.google.com *.bdimg.com *.bookeo.com applus.media data cdn.usefathom.com code.jquery.com docs.google.com https://v.qq.com m.youtube.com *.baidu.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://*.openstreetmap.org https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://aff-im.cdn.bcebos.com https://aff-im.bj.bcebos.com https://tracker.metricool.com *.ytimg.com www.google.es *.svc.dynamics.com https://res.leadoo.com https://tracker.metricool.com *.ytimg.com *.youtube.com www.google-analytics.com secure.papelaweb.com aidback.applus.solutions www.applus.com https://api.map.baidu.com *.bdimg.com *.baidu.com *.googleusercontent.com cdn.usefathom.com code.jquery.com maps.gstatic.com *.googleapis.com *.ggpht.com https://v.qq.com ssl.gstatic.com www.gstatic.com https://www.googletagmanager.com stats.g.doubleclick.net adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' https://repositorio2.lemlaboratorios.cl/ https://jobs.applus.com https://portal.r2docuo.com/ https://*.bookeo.com https://applus.media/ *.svc.dynamics.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com player.vimeo.com *.youtube.com www.youtube-nocookie.com docs.google.com https://v.qq.com accounts.google.com; child-src 'self' *.doubleclick.net www.youtube.com docs.google.com https://v.qq.com *.bookeo.com; style-src 'unsafe-inline' 'self' https://static.hotjar.com https://script.hotjar.com https://res.leadoo.com https://bot.leadoo.com https://aff-im.cdn.bcebos.com code.jquery.com tagmanager.google.com fonts.googleapis.com https://wappass.baidu.com; font-src 'self' data: fonts.gstatic.com https://script.hotjar.com https://res.leadoo.com; manifest-src 'self'; frame-ancestors 'self' https://docs.google.com; connect-src 'self' https://nominatim.openstreetmap.org https://photon.komoot.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://res.leadoo.com https://anl.leadoo.com https://bot.leadoo.com https://aifanfan.baidu.com https://sofire.baidu.com https://sfp.safe.baidu.com https://fclog.baidu.com https://hm.baidu.com *.svc.dynamics.com https://www.google-analytics.com https://apps-cal.applus.com https://region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com httpbin.org maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net aidback-test.applus.solutions aidback.applus.solutions aid-public.applus.solutions apps.applus.com apps.applus.solutions api.ipify.org applus-test.applus.solutions analytics.google.com adservice.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.baidu.com; form-action 'self' https://apps.applus.com; media-src 'self' https://applus.media https://aifanfan.baidu.com 2 frame-ancestors 'self' https://* http://* 2 default-src 'self'; script-src 'self' https://stats.allenai.org/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google-analytics.com/ https://*.mux.com/ https://inferred.litix.io/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ https://www.datocms-assets.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://i.ytimg.com/ https://i3.ytimg.com/ https://allenai-web.stats.allenai.org/ https://www.datocms-assets.com/ https://image.mux.com/ data:; media-src 'self' https://*.mux.com/ blob:; object-src 'self' https://www.datocms-assets.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://www.datocms-assets.com/; frame-ancestors 'none'; upgrade-insecure-requests; 2 frame-ancestors 'self' https://app.storyblok.com http://app.storyblok.com/; font-src 'self' https://*.hotjar.com data: https://fast.wistia.net/; 2 default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2 connect-src 'self' widget.datablocks.se https://publish.ne.cision.com https://ssm.teliacompany.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com wss://collection.decibelinsight.net *.decibelinsight.net https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google.com https://www.google.se; default-src 'self' https://www.googletagmanager.com; font-src 'self' https://cdn.voca.teliacompany.com https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net https://cdn-assets-eu.frontify.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.voca.teliacompany.com https://mb.cision.com data: https://ssm.teliacompany.com blob: https://px.ads.linkedin.com https://www.googletagmanager.com; media-src 'self' https://cdn-assets-eu.frontify.com; script-src 'self' 'unsafe-eval' blob: 'nonce-datablocks/widget' https://ssm.teliacompany.com https://cdn.cookielaw.org https://cdn.decibelinsight.net https://www.google.com https://www.gstatic.com https://snap.licdn.com https://stats.g.doubleclick.net https://tools.euroland.com; style-src 'unsafe-inline' 'self' widget.datablocks.se https://fonts.googleapis.com; frame-src 'self' https://maps.google.com widget.datablocks.se https://telia-external.videomarketingplatform.co https://tools.eurolandir.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://telia.videosync.fi https://telia-company.videosync.fi https://ssm.teliacompany.com; object-src 'none' 2 default-src *; script-src * 'unsafe-inline' blob:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-ancestors 'self'; connect-src * blob:; report-uri /report-csp-violation 2 frame-ancestors 'self' https://*.bod.de https://*.bod.ch https://*.bod.dk https://*.bod.fi https://*.bod.fr https://*.bod.se https://*.bod.com.es https://*.bod.no; 2 default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk www.googletagmanager.com *.google-analytics.com cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 2 default-src 'self' https://*.oreillyauto.com https://*.firstcallonline.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com *.lpsnmedia.net; img-src 'self' data: https://*.firstcallonline.com https://*.oreillyauto.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com https://*.google-analytics.com https://www.google.com https://*.zmags.com https://*.browser-update.org https://maps.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://www.googletagmanager.com *.lpsnmedia.net https://rs.fullstory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.firstcallonline.com https://*.oreillyauto.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com https://secure.api.viewer.zmags.com https://online.finance.vyze.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.zmags.com https://*.youtube.com https://*.ytimg.com https://*.directcapital.com https://*.akamaihd.net https://*.go-mpulse.net https://*.oraclecloud.com https://*.custhelp.com https://*.rightnowtech.com https://*.rnengage.com *.liveperson.net *.lpsnmedia.net https://edge.fullstory.com https://rs.fullstory.com; font-src data: https://*.firstcallonline.com https://*.oreillyauto.com https://fonts.gstatic.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.firstcallonline.com https://tagmanager.google.com https://*.googletagmanager.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com https://fonts.googleapis.com https://*.googleapis.com *.lpsnmedia.net *.liveperson.net; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com wss://*.foresee.com wss://*.verint-cdn.com https://*.zmags.com https://*.vyze.com https://*.firstcallonline.com https://stats.g.doubleclick.net https://*.directcapital.com https://dotcms.mtn-prod-fco.oreillyauto.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://*.oraclecloud.com https://*.custhelp.com https://*.rightnowtech.com https://*.rnengage.com wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net https://edge.fullstory.com https://rs.fullstory.com; worker-src 'self' blob: https://*.firstcallonline.com https://*.oreillyauto.com; frame-src 'self' https://*.zmags.com https://images.firstcallonline.com https://*.youtube.com https://*.foresee.com https://*.vovici.com https://*.firstcitizensef.com https://*.verint-cdn.com https://*.ocs.oraclecloud.com *.liveperson.net *.lpsnmedia.net; child-src 'self'; frame-ancestors 'self'; media-src 'self' blob: *.lpsnmedia.net; 2 default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;child-src 'self' * 2 frame-ancestors 'self' https://rtsports.com https://www.rtsports.com; 2 font-src *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.gstatic.com fonts.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.google.com *.hotjar.com https://uat.tormach.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://js.hsforms.net https://js.klevu.com/core/v2/klevu.js https://js.klevu.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://static.elfsight.com *.elfsight.com td.doubleclick.net www.googletagmanager.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.hubapi.com *.pinterest.com youtube.com https://www.youtube.com/ *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png *.meetanshi.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.gstatic.com https://forms-na1.hsforms.com/embed https://no-cache.hubspot.com *.hubspot.com https://perf.hsforms.com *.hsforms.com *.elfsight.com *.linkedin.com www.google.al *.bing.com bing.com *.facebook.com www.facebook.com *.ytimg.com ytimg.com connect.facebook.net stats.g.doubleclick.net *.doubleclick.net www.xtento.com cdn.xtento.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com *.meetanshi.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com https://js.klevu.com youtube.com *.pcapredict.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net connect.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.hsforms.net https://js.klevu.com/ js.hsforms.net www.google.com www.gstatic.com https://static.elfsight.com *.elfsight.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.pinterest.com *.googletagmanager.com *.taboola.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.googleapis.com www.gstatic.com *.hsforms.com https://js.hscta.net tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: https://tormach.com https://forms-na1.hsforms.com/embed *.linkedin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klevu.com *.ksearchnet.com api.addressy.com *.meetanshi.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://forms.hsforms.com https://js.klevu.com/core/v2/klevu.js https://hubspot-forms-static-embed.s3.amazonaws.com statsjs.klevu.com forms.hsforms.com www.google.com https://cta-service-cms2.hubspot.com *.elfsight.com core.service.elfsight.com *.linkedin.com *.hubspot.com *.hscollectedforms.net td.doubleclick.net https://js.hsforms.net https://js.klevu.com https://static.elfsight.com *.googletagmanager.com *.hotjar.com wss://ws.hotjar.com hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net *.hubapi.com *.pinterest.com *.taboola.com *.hotjar.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 "default-src 'self' 'unsafe-inline'" 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com; style-src 'self' http: 'unsafe-inline' *.googleapis.com; img-src 'self' data: *; frame-src mailto: *.doubleclick.net *.vimeo.com *.youtube.com *.arri.com *.facebook.com *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: *.licdn.com *.doubleclick.net *.pingdom.net *.6sc.co *.crazyegg.com *.facebook.net *.gstatic.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.googleapis.com unpkg.com *.arri.com *.youtube.com; connect-src 'self' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.usercentrics.eu *.6sc.co *.ads.linkedin.com *.crazyegg.com *.6sense.com *.doubleclick.net *.pingdom.net *.googleapis.com *.arri.com *.facebook.com *.facebook.net *.vimeocdn.com *.google-analytics.com; worker-src 'self' blob: 2 frame-ancestors 'self'; 2 frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://*.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu https://lawpe.c0xl.velocity.cloud https://lawde.c0xl.velocity.cloud https://lawdf.c0xl.velocity.cloud https://hilsapp50.qiagen.ads:8403 https://hilsapp50.qiagen.ads https://*.uni-bonn.de 2 default-src 'self'; connect-src 'self' sentry.io https://*.sentry.io *.sentry.io https://apikeys.civiccomputing.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.webtrends-optimize.com https://*.azurewebsites.net https://*.wtopt.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.youtube.com https://vimeo.com https://www.google.com https://*.trussell.org.uk https://analytics.tiktok.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://browser.sentry-cdn.com https://js.sentry-cdn.com https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://s3.amazonaws.com https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://*.list-manage.com https://*.turn2us.org.uk https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.webtrends-optimize.com https://*.azurewebsites.net https://*.wtopt.io https://*.sentry.io https://*.hotjar.com https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.trussell.org.uk https://analytics.tiktok.com https://*.tfaforms.com https://*.tfaforms.net; style-src 'self' 'unsafe-inline' https://at.alicdn.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://*.hotjar.com; style-src-elem 'self' 'unsafe-inline' https://at.alicdn.com https://*.webtrends-optimize.com; worker-src 'self' blob:; img-src 'self' data: blob: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://digitalasset.intuit.com https://*.webtrends-optimize.com https://www.facebook.com https://*.vimeocdn.com https://i.ytimg.com https://*.hotjar.com; font-src 'self' https://at.alicdn.com https://fonts.gstatic.com https://*.hotjar.com; object-src 'self' data:; base-uri 'self'; form-action 'self' https://*.list-manage.com;; frame-src 'self' data: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.youtube.com https://www.turn2us.org.uk https://player.vimeo.com https://www.google.com https://*.turn2us.org.uk https://www.googletagmanager.com https://*.issuu.com https://*.tfaforms.com https://*.tfaforms.net; frame-ancestors 'self' https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com; upgrade-insecure-requests; 2 frame-ancestors 'self', frame-ancestors 'self' 2 default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com;connect-src 'self' *.cognitoforms.com *.amazonaws.com *.linkedin.com *.visualstudio.com stats.g.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: *.linkedin.com *.cookiebot.com *.lfeeder.com www.gravatar.com www.googletagmanager.com umbraco.tv www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' *.cognitoforms.com fonts.googleapis.com data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cognitoforms.com fonts.googleapis.com;form-action 'self' *.flutter.com *.ddlnk.net;frame-src 'self' vimeo.com player.vimeo.com *.youtube.com ir.design-portfolio.co.uk *.q4web.com platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com *.vimeocdn.com vod-progressive.akamaized.net download-video-ak.vimeocdn.com download-video.akamaized.net; 2 default-src 'self' privacy-policy.truste.com truste.com cdn.mouseflow.com *.mouseflow.com pi.pardot.com leapevent.tech go.leapevent.tech static.cloudflareinsights.com *.cloudflareinsights.com *.google-analytics.com api.marker.io/ fonts.gstatic.com *.gravatar.com browser.sentry-cdn.com player.vimeo.com ajax.cloudflare.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com edge.marker.io huemor.rocks *.googleapis.com *.jsdelivr.net *.floridapanthers.com http://www..exacttarget.com/* 'unsafe-inline' 'unsafe-eval' data: blob:; 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2 default-src 'self'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://snap.licdn.com https://dam.santander.co.uk https://t.contentsquare.net https://app.contentsquare.com https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk https://rum.hlx.page/ https://www.redditstatic.com; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://ad.doubleclick.net https://conversions-config.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://www.facebook.com https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://*.contentsquare.net https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://*.bf.dynatrace.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://*.santander.co.uk https://analytics-fe.digital-cloud-uk.medallia.eu; img-src 'self' https://*.contentsquare.net https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net https://vimeo.com; object-src 'self'; media-src https://player.vimeo.com https://vimeo.com https://www.youtube.com https://lpcdn.lpsnmedia.net; worker-src blob:; 2 frame-ancestors 'self' *.3bb.co.th, font-src 'self' *.3bb.co.th *.ais.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com data: 2 object-src 'none'; frame-ancestors 'self'; report-uri http://www.securite-routiere.gouv.fr/report-uri/enforce 2 default-src 'self'; script-src 'self' https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; frame-src 'self' https://www.youtube.com; object-src 'none'; 2 frame-ancestors https://emias.info https://*.emias.info https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr https://emias.mos.ru 2 frame-ancestors 'self' https://*.listreports.com https://listreports.com https://*.mbshighway.com 2 frame-ancestors deny 2 img-src *.analytics.google.com/ *.bing.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercomcdn.com/ *.vimeocdn.com/ data: https://*.clarity.ms https://*.google-analytics.com/ https://d17lvj5xn8sco6.cloudfront.net https://downloads.intercomcdn.com https://i.ytimg.com/ https://logws1309.ati-host.net/ https://o.twimg.com https://pbs.twimg.com/ https://px.ads.linkedin.com https://ssl.gstatic.com https://static.intercomassets.com/ https://syndication.twitter.com https://www.buzzsprout.com/ https://www.google.co.uk https://www.google.com/ 'self' www.googletagmanager.com www.linkedin.com;connect-src *.analytics.google.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.googlesyndication.com/ apikeys.civiccomputing.com data: https://*.clarity.ms https://*.google-analytics.com/ https://*.in.applicationinsights.azure.com https://adservice.google.com/ https://api-iam.intercom.io/ https://cdn.linkedin.oribi.io https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://nexus-websocket-a.intercom.io/ https://nexus-websocket-b.intercom.io/ https://px.ads.linkedin.com https://ws.zoominfo.com/ https://www.google.co.uk https://www.google.com/ 'self' wss://nexus-websocket-a.intercom.io/ wss://nexus-websocket-b.intercom.io/;script-src *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercom.io *.vimeo.com *.youtube.com *.youtube-nocookie.com cdn.jsdelivr.net cdnjs.cloudflare.com https://*.clarity.ms https://*.google-analytics.com/ https://ajax.googleapis.com https://apis.google.com https://cc.cdn.civiccomputing.com https://d33i2vgywgme2s.cloudfront.net https://js.intercomcdn.com/ https://js.monitor.azure.com https://js.zi-scripts.com/zi-tag.js https://logws1309.ati-host.net/ https://platform.twitter.com https://snap.licdn.com/li.lms-analytics/ https://syndication.twitter.com https://vimeo.com/ https://www.google.com/recaptcha/ https://www.gstatic.com pi.pardot.com 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com;frame-src *.doubleclick.net/ *.flippingbook.com *.youtube-nocookie.com https://*.nccgroup.com/ https://export.highcharts.com/ https://intercom-sheets.com/ https://nccgroup.wavecast.io/ https://platform.twitter.com https://player.vimeo.com/ https://polaris.brighterir.com/ https://syndication.twitter.com https://videopress.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/ 'self' www.googletagmanager.com;default-src *.intercom.io *.vimeo.com *.vimeocdn.com/ *.youtube.com *.youtube-nocookie.com https://*.google-analytics.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';font-src *.intercomcdn.com/ cdn.jsdelivr.net https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://js.intercomcdn.com/ 'self';frame-ancestors explore.tanium.com https://*.nccgroup.com/;style-src https://fonts.googleapis.com/ https://platform.twitter.com 'self' 'unsafe-inline';media-src https://js.intercomcdn.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';object-src 'self' 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: *.crazyegg.com; upgrade-insecure-requests 2 frame-ancestors 'self' arthrex.com *.arthrex.com orthoillustrated.com *.jointpreservation.com *.orthoillustrated.com surgicaloutcomesystem.com *.surgicaloutcomesystem.com arthrex-celltherapy.com *.arthrex-celltherapy.com arthrex.xyz *.arthrex.xyz arthrex.io *.mwprod.arthrex.io *.arthrex.io orthopedia.com *.orthopedia.com anklesprain.com *.anklesprain.com arthrex.virtualevents-hub.com arthrexemea.sharepoint.com arthrex.sharepoint.com myarthrex.sharepoint.com arthrexapac.sharepoint.com bunionpain.com *.bunionpain.com shoulderreplacement.com *.shoulderreplacement.com acltear.com *.acltear.com arthrex-russia.ru arthrex.at arthrex.be arthrex.co.jp arthrex.co.uk arthrex.com.au arthrex.cz arthrex.dk arthrex.fr arthrex.it arthrex.mx arthrex.nl arthrex.pl arthrex.pt arthrex.se *.arthrex-russia.ru *.arthrex.at *.arthrex.be *.arthrex.co.jp *.arthrex.co.uk *.arthrex.com.au *.arthrex.cz *.arthrex.dk *.arthrex.fr *.arthrex.it *.arthrex.mx *.arthrex.nl *.arthrex.pl *.arthrex.pt *.arthrex.se hallux-valgus-behandlung.de *.hallux-valgus-behandlung.de mis-bunion-patient-site.webflow.io arthroplasty-narrative-home.webflow.io discover.acp-therapie.de mis-bunion-patient-site.webflow.io mis-bunion-surgeon-site-c07373b5fb6b0bc.webflow.io arthrex-design-system-4dd8ae96a06c10be9.webflow.io anklesprain.webflow.io srlp.webflow.io arthroplasty-narrative-home.webflow.io korea-global-landing-page.webflow.io global-landingpage-mexico.webflow.io inc-acltear-patient-en-working.webflow.io arthrex-jobs-site.webflow.io marketingintakeportal.webflow.io orthopedia-landing-page1.webflow.io arthrex-history.webflow.io arthrex-design-system.webflow.io arthrex-design-system-de8e093c0a3bf70d8.webflow.io arthrex-endoscopy.webflow.io case-reports.webflow.io synergy-integrated-or.de *.synergy-integrated-or.de arthrex.kr *.arthrex.kr gmbh-pct.webflow.io *.gmbh-pct.webflow.io sis-preview-03-809ae25532a090913a51d7a6.webflow.io *.sis-preview-03-809ae25532a090913a51d7a6.webflow.io arthrex-technical-support-services.webflow.io *.arthrex-technical-support-services.webflow.io digital-agenda-emea.webflow.io *.digital-agenda-emea.webflow.io thenanoexperience.com *.thenanoexperience.com arthrexmexico.webflow.io arthrexbrazil.webflow.io arthrex-australia.webflow.io arthrex.com.br *.arthrex.com.br arthrex-joint-pres.webflow.io jointpreservation.arthrex.com arthrex-synergy-staging-bdaff93973d3e28.webflow.io jointpreservation.com synergynew.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosure.arthrex.com.s3-website-us-east-1.amazonaws.com synergynewdev.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosuredev.arthrex.com.s3-website-us-east-1.amazonaws.com s3.amazonaws.com/synergynewdev.arthrex.com s3.amazonaws.com/sternalclosuredev.arthrex.com s3.amazonaws.com/synergynew.arthrex.com s3.amazonaws.com/sternalclosure.arthrex.com arthrex-synergy.webflow.io synergy.arthrex.com *.arthrexendoscopicspine.com arthrex-spine.webflow.io arthrexendoscopicspine.com shoulder-replacement.webflow.io aesthetics.arthrex.com case-reports.arthrex.com arthrex-emea-joint-preservation-surgeon.webflow.io *.arthrex-emea-joint-preservation-surgeon.webflow.io joint-preservation.de *.joint-preservation.de gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.case-reports.webflow.io; 2 default-src 'self' *.sulzer.com; img-src * data: blob: 'unsafe-inline' 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com http://sulzer.com *.google-analytics.com *.analytics.google.com; font-src 'self' data: https://fonts.gstatic.com; style-src 'unsafe-inline' 'self' https://fast.fonts.net https://s93ds-prod.app-platform.tech/index.css https://s93lc-int.app-platform.tech/index.css https://s93ln-int.app-platform.tech/index.css; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://pi.pardot.com/analytics https://go.sulzer.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnjBBxk/www-widgetapi.js https://s.ytimg.com https://cdn.cookielaw.org *.hotjar.com *.hotjar.io *.callrail.com https://go.sulzer.com/pd.js https://s93ds-prod.app-platform.tech/contact-finder.js https://s93ds-prod.app-platform.tech/index.js https://s93lc-int.app-platform.tech/locator.js https://s93lc-int.app-platform.tech/index.js https://s93ln-int.app-platform.tech/location.js https://s93ln-int.app-platform.tech/index.js; connect-src 'self' https://www.google-analytics.com https://mybusiness.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://maps.googleapis.com *.google-analytics.com *.analytics.google.com https://geolocation.onetrust.com https://privacyportal-ch.onetrust.com https://www.google.ch *.hotjar.io https://s93ds-prod.app-platform.tech https://api.country.is https://s93lc-int.app-platform.tech https://s93ln-int.app-platform.tech; child-src 'self' https://www.platform-viewer.v-ex.com https://www.google.com https://sulzer.us6.list-manage.com http://www.sulzerpumpsmexico.com https://app.xtremelocator.com https://ir.tools.investis.com https://www.youtube.com http://8826991.fls.doubleclick.net/ https://sulzer-pump-types.v-ex.app/ https://app.xtremelocator.com/ *.doubleclick.net; media-src 'self' https://youtu.be https://www.youtube.com 2 media-src blob: * 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors 'self'; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 frame-ancestors www.wheels.com www2.wheels.com auth.wheels.com 2 frame-ancestors 'self' https://www.werkhaus.cc; 2 frame-src * https://bid.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; default-src 'self' https://sentry-prod.cryptology.com/; script-src 'self' blob: 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://*.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.firebaseio.com wss://*.firebaseio.com https://connect.facebook.net https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com https://s.adroll.com https://d.adroll.com https://*.cookiebot.com/ https://wchat.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://sentry-prod.cryptology.com/api/embed/error-page/ https://pay.google.com ; style-src 'self' blob: https://*.cryptology.com https://*.tothemoon.com 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://fonts.googleapis.com https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com; worker-src 'self' blob:; connect-src 'self' blob: https://*.cryptology.com https://cryptology.com https://*.tothemoon.com https://tothemoon.com wss://*.cryptology.com https://*.cryptology.com:2083 https://*.tothemoon.com:2083 https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://*.firebaseio.com wss://*.firebaseio.com https://www.facebook.com/tr/ https://api.coinmarketcap.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://d.adroll.com https://content.hotjar.io https://*.cookiebot.com/ https://wchat.freshchat.com/js/ https://wchat.freshchat.com/widget/js/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://api.devnet.solana.com/ wss://api.devnet.solana.com/ https://api.stakewiz.com/validator/ https://damp-black-sponge.solana-mainnet.quiknode.pro/69433c197b4e2d1457a73eb519722e05dd7eed53/ wss://damp-black-sponge.solana-mainnet.quiknode.pro/69433c197b4e2d1457a73eb519722e05dd7eed53/ https://hcaptcha.com https://*.hcaptcha.com https://locales.dev.tothemoon.com/ https://locales.prod.tothemoon.com/ https://locales.staging.tothemoon.com/ https://pay.google.com localhost:*; object-src 'none'; child-src 'self' https://cryptology-9a846.firebaseapp.com https://cryptology-9a846.firebaseio.com https://cryptology-dev.firebaseapp.com https://cryptology-dev.firebaseio.com https://cryptology-prod.firebaseapp.com https://cryptology-prod.firebaseio.com https://www.facebook.com/ https://staticxx.facebook.com/; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.prod.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.staging.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/gamification-files.staging.gamification.cryptology.com/ https://s3.eu-central-1.amazonaws.com/gamification-files.prod.gamification.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.prod.reward-center-admin.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.staging.reward-center-admin.cryptology.com/ https://s3.eu-central-1.amazonaws.com/reward-center-files.dev.reward-center-admin.cryptology.com/ https://*.cryptology.com https://cryptology.com https://*.tothemoon.com https://tothemoon.com https://t.co https://analytics.twitter.com https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.gstatic.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/ https://d.adroll.com https://*.cookiebot.com/ https://downloads.intercomcdn.com https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/; font-src data: https://cryptology.com https://*.cryptology.com https://tothemoon.com https://*.tothemoon.com https://fonts.gstatic.com https://script.hotjar.com localhost:*; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; report-uri https://sentry-prod.cryptology.com/api/5/security/?sentry_key=cdbfe589f11e4bff93578e39556691c6 2 default-src 'self'; font-src 'self' fonts.gstatic.com; frame-ancestors 'self'; img-src 'self' source.unsplash.com images.unsplash.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com; worker-src blob:; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_IHyOCLsWuex26NR4K6Sqd75F3rkhVb3yhxfH&env=production; 2 default-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cms.globalconnect.net https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://unpkg.com/axios/dist/ https://unpkg.com/vue@3/dist/ https://cdnjs.cloudflare.com/ajax/libs/vue/ https://cdnjs.cloudflare.com/ajax/libs/axios/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.de https://*.globalconnect.se https://bat.bing.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://apps.mypurecloud.de https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://*.adform.net https://s3.amazonaws.com/downloads.mailchimp.com/ https://globalconnect.us1.list-manage.com/ https://snippet.maze.co/maze-universal-loader.js https://snippet.maze.co/static/ https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/; style-src 'unsafe-inline' 'self' https://cms.globalconnect.net https://cdn-images.mailchimp.com; img-src 'self' data: blob: https://cms.globalconnect.net https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://secure.gravatar.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.se/ https://www.google.dk/ https://www.google.fi/ https://www.google.de/ https://www.google.no/ https://www.facebook.com/ https://bat.bing.com/ https://ade.googlesyndication.com https://googleads.g.doubleclick.net/ https://i.ytimg.com https://i.vimeocdn.com https://wp.gcweb.live https://imgsct.cookiebot.com https://ad.doubleclick.net https://static.kindlycdn.com/ https://api-downloads.mypurecloud.de/ https://bot.kindly.ai/ https://ui-avatars.com/ https://attachments.kindlycdn.com; connect-src 'self' https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://*.globalconnect.de https://*.globalconnect.se https://api.dataforsyningen.dk/ https://consentcdn.cookiebot.com/ https://yoast.com/ https://api.ip-only.net https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com https://bat.bing.com/ https://api-cdn.mypurecloud.de wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://api.mypurecloud.de wss://webmessaging.mypurecloud.de https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/ https://bot.kindly.ai/ wss://ws-eu.pusher.com/ https://sockjs-eu.pusher.com/ https://storage.googleapis.com/; frame-src 'self' data: blob: https://cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://globalconnect.bbvms.com/ https://player.vimeo.com/ https://response.questback.com/ https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://apps.mypurecloud.de https://www.youtube.com/ https://player.vimeo.com/ https://*.doubleclick.net/ https://c1.adform.net https://chat.kindlycdn.com/; media-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://globalconnect.bbvms.com/ https://www.youtube.com/ https://player.vimeo.com/; form-action 'self' https://cms.globalconnect.net; font-src 'self' data: blob: https://assets.ip-only.net/ https://chat.kindlycdn.com/ https://assets.globalconnect.net/; 2 connect-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com ingest.quantummetric.com rl.quantummetric.com www.greatamericaninsurancegroup.com p.typekit.net use.typekit.net maxcdn.bootstrapcdn.com play.vidyard.com www.linkedin.com px.ads.linkedin.com cdn.linkedin.oribi.io www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.com translate.googleapis.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self' gaigauthor.gaig.com login.gaig.com; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' www.recaptcha.net consent-pref.trustarc.com players.brightcove.net td.doubleclick.net fast.wistia.net cloud.specialtypc.gaig.com mcrs18s4jyq010hs26x1kpc87hk8.pub.sfmc-content.com creators.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm platform.twitter.com play.vidyard.com www.google.com www.youtube.com www.google-analytics.com region1.google-analytics.com; img-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent.truste.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' www.recaptcha.net consent.trustarc.com cdn.quantummetric.com code.jquery.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com platform.twitter.com play.vidyard.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' consent.trustarc.com www.recaptcha.net cdn.quantummetric.com code.jquery.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net www.googletagmanager.com use.typekit.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' www.recaptcha.net play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktacdn.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us;style-src 'self' 'unsafe-inline' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us;object-src 'self'; base-uri 'self'; connect-src 'self' wss: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us; img-src 'self' 'unsafe-inline' data: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.wpmudev.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us; manifest-src 'self'; media-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us;frame-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.powerbigov.us *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us; font-src 'self' *.gstatic.com *.doubleclick.net *.livehelpnow.net *.hotjar.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com *.powerbigov.us 2 base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'self' https://localhost:9002 https://*.interdiscount.ch; 2 default-src 'none'; object-src 'none'; script-src 'self' https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.chargebeestatic.com; img-src 'self' data: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com https://*.openproject.org https://openproject.org; media-src 'self' data: https://*.openproject.org https://openproject.org https://openproject-docs.s3.eu-central-1.amazonaws.com; frame-src 'self' https://js.chargebee.com https://www.youtube-nocookie.com https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud https://opf.github.io; font-src 'self'; connect-src 'self' https://api.github.com/repos/opf/openproject https://*.openproject.com https://*.openproject.org https://openproject.matomo.cloud 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net www.googletagmanager.com www.clarity.ms; frame-src 'self' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com *.facebook.com s-static.ak.facebook.com www.googletagmanager.com td.doubleclick.net blob:; object-src 'self'; worker-src 'self' blob:; 2 default-src 'self' https:; script-src 'self' 'nonce-PgzR4vVfu3io3LQ/Hr3IwA==' 'strict-dynamic' *.hs-scripts.com js.hs-analytics.net blob: *.hs-banner.com *.cookielaw.org *.hubspot.com js.hsadspixel.net pi.pardot.com tag.demandbase.com scripts.saltbox.tech player.vimeo.com go.rapidscale.net js.zi-scripts.com *.ads-twitter.com *.facebook.net *.licdn.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com edge.marker.io cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.gstatic.com; img-src 'self' https: data:; frame-src 'self' *.genially.com *.googletagmanager.com *.vimeo.com *.company-target.com pixel.sitescout.com *.facebook.com *.adsrvr.org *.liadm.com *.doubleclick.net *.hsforms.com *.hsforms.net *.youtube.com *.google.com *.youtube-nocookie.com; form-action 'self' *.facebook.com *.hsforms.net *.hsforms.com; base-uri 'self'; connect-src 'self' google.com *.google.com *.hsforms.com *.liadm.com *.adsrvr.org *.clickagy.com *.linkedin.com api.hubapi.com *.hubspot.com ws.zoominfo.com *.onetrust.com *.demandbase.com *.company-target.com cdn.cookielaw.org js.zi-scripts.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.licdn.com *.hsforms.net; frame-ancestors 'self'; object-src 'none'; media-src 'self' https:; manifest-src 'self' https:; 2 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com browser.events.data.microsoft.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google.co.uk https://www.google.com; font-src https: data:; img-src https: data:; style-src 'self' https: 'unsafe-inline'; base-uri 'none'; object-src 'none' 2 script-src http: https: bessonchaussures.script.admo.tv *.google.fr *.affilae.com *.pinimg.com *.bing.com *.bing.net *.criteo.net dqfw2hlp4tfww.cloudfront.net *.adnxs.com *.abtasty.com *.easydmp.net *.pinterest.com *.criteo.com *.onestock-retail.com *.easi.care *.easiwebforms.net s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com *.besson-chaussures.com https://www.besson-shoes.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.abtasty.com blob: https: 'unsafe-inline' https://www.besson-shoes.com/; img-src data: http: https: blob: *.abtasty.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com cdn.alma.com cdn.almapay.com *.abtasty.com cdnjs.cloudflare.com; frame-src bessonchaussures.script.admo.tv *.google.fr *.affilae.com *.pinimg.com *.bing.com *.bing.net *.criteo.net dqfw2hlp4tfww.cloudfront.net *.adnxs.com *.abtasty.com *.easydmp.net *.pinterest.com *.criteo.com *.onestock-retail.com *.easiwebforms.net *.besson-shoes.com *.besson-chaussures.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.youtube-nocookie.com s3s.fr measurement-api.criteo.com *.google-analytics.com tbs.tradedoubler.com; 2 upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://lottie.host 'self' ws:;object-src 'self' 2 upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; 2 frame-ancestors 'self' redbus.my.site.com partners.apnacomplex.com m-redbus-id.cdn.ampproject.org www.google.com www.google.co.id m.redbus.id m.redbus.my m.redbus.sg seocms.redbus.com seoplatform.redbus.com:3000; default-src 'self' firebasestorage.googleapis.com c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net s3.rdbuz.com *.doubleclick.net graph.facebook.com *.redbus.in *.redbus.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.google.com *.google.co.in *.facebook.net www.googleadservices.com www.facebook.com recorder.sessionstack.com o2.mouseflow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' dynamic.criteo.com *.newrelic.com *.sentry-cdn.com www.tiktok.com *.ttwstatic.com *.clarity.ms www.lacmp.net cdn.debugbear.com flackr.github.io redbus.my.site.com www.youtube.com stackpath.bootstrapcdn.com unpkg.com *.redbus.com *.moengage.com in.fw-cdn.com *.freshchat.com cdn.conveythis.com *.googleoptimize.com app.link cdn.branch.io beacon.riskified.com tags.tiqcdn.com cdn-akamai.mookie1.com *.firebaseio.com h.online-metrix.net *.twitter.com static.ads-twitter.com *.googletagservices.com bam.nr-data.net *.doubleclick.net maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net sslwidget.criteo.com static.criteo.net cdn.mouseflow.com bat.bing.com maps.googleapis.com sg-pl.vizury.com cdnjs.cloudflare.com adservice.google.co.in ssl.google-analytics.com pagead2.googlesyndication.com www.google-analytics.com cdn.sessionstack.com www.googletagmanager.com connect.facebook.net *.googleadservices.com *.rdbuz.com *.redbus.in www.gstatic.com; img-src 'self' data: blob: tiles.stadiamaps.com iconslib.rapyd.net rbdatum.s3.amazonaws.com *.clarity.ms bs.serving-sys.com product-image.globaltix.com img.youtube.com *.makemytrip.com moe-email-campaigns.s3.amazonaws.com *.moengage.com q.quora.com mmt.servedbyadbutler.com servedbyadbutler.com iconslib.rapyd.net *.twitter.com gos3.ibcdn.com lh3.googleusercontent.com i.ytimg.com img.riskified.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com *.gstatic.com maps.googleapis.com *.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in *.redbus.in *.google.com www.google-analytics.com ssl.google-analytics.com *.facebook.com *.rdbuz.com api.midtrans.com www.glassdoor.co.in; style-src 'self' 'unsafe-inline' *.ttwstatic.com redbus.my.site.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.freshchat.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com www.w3schools.com fonts.googleapis.com fonts.googleapis.com *.rdbuz.com st.redbus.in *.rdbuz.com; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.rdbuz.com st.redbus.in fonts.gstatic.com; frame-src 'self' gumi.criteo.com *.tiktok.com redbus.my.site.com partners.apnacomplex.com m.redbus.sg m.redbus.my *.moengage.com m.redbus.my *.freshchat.com payment.pagoefectivo.pe st.redbus.in *.twitter.com covid-19.riskline.com covid19-riskline.com www.youtube-nocookie.com *.firebaseapp.com *.firebaseio.com www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com www.googletagmanager.com *.redbus.com h.online-metrix.net *.doubleclick.net *.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' *.ingest.de.sentry.io www.tiktok.com *.clarity.ms data.debugbear.com www.lacmp.net *.redbus.my redbus.my.salesforce-scrt.com wss://tracking.yourbus.in:1031 barcode-latam.s3-ap-southeast-1.amazonaws.com cxselfhelp.s3-ap-southeast-1.amazonaws.com recorder.sessionstack.com *.moengage.com *.makemytrip.com pagead2.googlesyndication.com *.google.com *.conveythis.com api2.branch.io wss://rbpub.redbus.vn wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com *.facebook.com 2 frame-ancestors 'self' https://honeyfund.com https://*.honeyfund.com http://www-local.honeyfund.com http://hf2-local.honeyfund.com 2 default-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * javascript: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2 frame-ancestors 'self' https://*.hauts-de-seine.fr/ https://*.passmalin.fr/ https://*.akstat.io/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ipapi.co; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.bt.bt/wp-content/cache/; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://www.google-analytics.com https://bt.bt; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://geo.wpforms.com; frame-src 'self' https://maps.google.com https://www.google.com; object-src 'none'; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.wesalute.com https://*.wesaluteapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://performance.radar.cloudflare.com https://challenges.cloudflare.com https://cdn.kustomerapp.com https://browser.sentry-cdn.com https://connect.facebook.net https://cdn.segment.com https://cdn.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://www.google.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://www.redditstatic.com https://js.stripe.com https://cdn.sprig.com https://cdn.userleap.com https://embed.bookingvault.com https://secure.rezserver.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://assets.calendly.com; connect-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://cloudflareinsights.com https://adservice.google.com https://www.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://bat.bing.net https://*.kustomerapp.com https://*.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments https://cdn.jsdelivr.net https://sentry.io https://o287038.ingest.sentry.io https://api.segment.io https://cdn.segment.com https://*.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://telemetry.us.transcend.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://apis.google.com https://*.googleapis.com https://us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/ https://api.sprig.com https://api.bookingvault.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.reddit.com https://www.redditstatic.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' https://*.wesalute.com https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://embed.bookingvault.com https://transcend-cdn.com https://cdnjs.cloudflare.com https://assets.calendly.com; font-src 'self' data: https://*.wesalute.com https://cdn.honey.io https://cdn.ivaws.com https://cdn.kustomerapp.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://challenges.cloudflare.com https://*.kustomer.help https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.c-span.org/video/standalone/ https://www.googletagmanager.com https://www.google.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10165061.fls.doubleclick.net https://www.facebook.com https://js.stripe.com https://transcend-cdn.com https://calendly.com https://veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' https://*.wesalute.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 2 style-src smurfitkappa.concludis.de *.cookiebot.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 2 upgrade-insecure-requests; frame-src 'self' https://www3.mogroup.com https://www3.metso.com https://irs.tools.investis.com https://otp.tools.investis.com https://viz.tools.investis.com https://secure.flife.de https://browserapps.mogroup.com https://browserapps.metso.com https://service.force.com https://vars.hotjar.com https://www.google.com https://www.youtube.com https://player.youku.com https://www.facebook.com https://live.mogroup.com https://live.metso.com https://cloud.mc.metso.com *.doubleclick.net *.videosync.fi *.maze.co https://metso--dev.sandbox.my.salesforce.com https://metso--uat.sandbox.my.salesforce.com https://metso.my.salesforce.com 2 object-src 'none'; style-src * 'unsafe-inline'; script-src 'self' 'strict-dynamic' 'nonce-8SCsdxewa' https://embed.typeform.com https://cdn.oncehub.com/mergedjs/so.js https://dataart.my.site.com https://static.lightning.force.com https://d.la5-c1-ia4.salesforceliveagent.com https://dataart.my.salesforce.com https://js.zi-scripts.com/zi-tag.js scout-cdn.salesloft.com/sl.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/jquery.matchHeight-min.js https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://pi.pardot.com https://lp.dataart.com https://widget.clutch.co https://cdn.cookielaw.org https://www.youtube.com https://websitesapi.dataart.com https://widget.clutch.co/static/js/widget.js https://websitesapi.dataart.com https://d.clarity.ms/s/0.6.31/clarity.js https://bat.bing.com https://www.dataart.com/ https://*.clarity.ms https://www.google-analytics.com https://go.pardot.com/ https://snap.licdn.com/ https://www.google.com/pagead/conversion_async.js https://cdn.polyfill.io/v2/polyfill.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://optimize.google.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://bat.bing.com/bat.js https://code.jquery.com/jquery-3.3.1.min.js https://connect.facebook.net/en_US/fbevents.js https://a.quora.com/qevents.js https://www.gstatic.com https://salespanel.io https://analytics.twitter.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/* https://connect.facebook.net https://js.hs-scripts.com/5318857.js https://sc.lfeeder.com/lftracker_v1_bElvO73KyQb7ZMqj.js https://script.hotjar.com/ https://www.google-analytics.com/gtm/* https://js.hs-banner.com/5318857.js https://js.hs-analytics.net https://js.usemessages.com/conversations-embed.js https://js.hsadspixel.net/fb.js https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com/gtm/js https://maps.googleapis.com/; 2 default-src 'self'; connect-src 'self' https://*.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/ https://www.google-analytics.com/ https://api.hubapi.com/ https://csi.gstatic.com/ https://www.google.com/ccm/collect https://*.adtrafficquality.google/; frame-src 'self' data: https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://*.adtrafficquality.google/ https://www.instagram.com/ https://www.linkedin.com/; fenced-frame-src 'self' data:; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/ https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://*.adtrafficquality.google/ https://www.instagram.com/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/; img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com/ https://*.adtrafficquality.google/; font-src 'self' https://fonts.gstatic.com/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 2 frame-ancestors *; default-src 'self'; frame-src 'self' unicaja.webfg.com unicaja-uat.webfg.com www.liberbank.es www.tarjetaplaystation.com univia.unicaja.es univiapru.unicaja.es hola.unicajabanco.es 8020496.fls.doubleclick.net www.youtube.com www.google.com asp.quefondos.com unicajabanco-backend.flumotion.com player.vimeo.com www.facebook.com track.adform.net vars.hotjar.com optimize.google.com *.weborama.fr *.qualtrics.com; media-src *; img-src 'self' *.contentsquare.net *.qualtrics.com data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com www.gstatic.com 8020496.fls.doubleclick.net www.unicajabanco.es www.youtube.com www.google.com www.google-analytics.com maps.googleapis.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.unicajabanco.com unicaja-prod.adobecqms.net chat.kommunicate.io *.adform.net *.googletagmanager.com cdnjs.cloudflare.com widget.kommunicate.io www.unicajabanco.es.seg.js www.unicajabanco.com.seg.js cdn.kommunicate.io cdn.applozic.com cdn.cookielaw.org uimarketpro.com asp.quefondos.com storage.googleapis.com static.hotjar.com script.hotjar.com www.googleoptimize.com optimize.google.com tagmanager.google.com hercial-thurch.com t.contentsquare.net app.contentsquare.com *.weborama.fr *.visualwebsiteoptimizer.com *.qualtrics.com; child-src blob:; worker-src blob:; style-src * 'unsafe-inline'; font-src *; connect-src 'self' *.contentsquare.net *.qualtrics.com blob: data: * 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com 2 frame-ancestors 'self' https://*.pospal.cn https://*.pospal.ai 2 default-src 'self' data: blob: https://challenges.cloudflare.com https://tracking-api.g2.com https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-inline'; script-src https://r2.leadsy.ai https://cdn-app.pathfactory.com https://c.clarity.ms https://z.clarity.ms https://js.hsforms.net https://embed.typeform.com https://data.processwebsitedata.com https://rest.happierleads.com https://www.clarity.ms https://forms.hscollectedforms.net https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://tracking.g2crowd.com 'report-sample' 'self' https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspot.com https://maps.googleapis.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval' data: ; style-src https://cdn-app.pathfactory.com 'report-sample' 'self' https://embed.typeform.com https://forms.hscollectedforms.net https://www.gstatic.com https://fonts.googleapis.com data: 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src https://spcollector.pathfactory.com https://jukebox.pathfactory.com 'self' https://api.typeform.com https://m.clarity.ms https://tracking.happierleads.com https://forms.hscollectedforms.net https://tracking-api.g2.com https://*.google-analytics.com https://maps.googleapis.com https://px.ads.linkedin.com https://api.hubapi.com https://challenges.cloudflare.com https://cta-service-cms2.hubspot.com; font-src 'self' https://cdn-app.pathfactory.com data: https://fonts.gstatic.com; frame-src 'self' https://eu1.documents.adobe.com https://js.hsforms.net https://form.typeform.com https://challenges.cloudflare.com https://www.youtube.com https://embed.typeform.com https://www.clarity.ms https://rest.happierleads.com; img-src 'self' data: https://forms-na1.hsforms.com https://i.ytimg.com https://www.googletagmanager.com https://www.linkedin.com https://s.w.org https://kriesi.at https://ps.w.org https://px.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://secure.gravatar.com; manifest-src 'self'; media-src 'self' data:; worker-src blob: 'self' https://challenges.cloudflare.com; frame-ancestors 'self' http://libraesva.lookbookhq.com https://libraesva.lookbookhq.com http://libraesva.pathfactory.com https://libraesva.pathfactory.com http://hub.libraesva.com https://hub.libraesva.com; 2 default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 object-src 'self'; frame-ancestors 'self' http://*.publicissapient.com https://*.publicissapient.com www.publicissapient.fr publicissapient.fr sites-us.lumapps.com vox.publicissapient.com vox.publicis.sapient.com; 2 default-src 'self' *.fontawesome.com *.cloudflare.com https://www.youtube.com https://destinilocators.com *.typekit.net *.gstatic.com data:; frame-src 'self' https://* *.sitescout.com *.knotch.it *.adobedtm.com *.amazon-adsystem.com *.pinterest.com *.doubleclick.net *.addtoany.com *.addthis.com *.addthisedge.com *.adsrvr.org https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://destinilocators.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.linkedin.com *.sitescout.com *.tysonfoodservice.com *.tyson.com *.youtube.com www.facebook.com *.gstatic.com *.googleapis.com *.pinterest.com www.google.com www.google.com.mx www.googletagmanager.com www.google-analytics.com *.typekit.net i.ytimg.com data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.marketo.com https://www.googleoptimize.com *.cloudflare.com *.adobedtm.com *.pinimg.com *.hotjar.com *.amazonaws.com *.addtoany.com *.moatads.com https://connect.facebook.net https://assets.pinterest.com https://rawgit.com https://unpkg.com *.googleapis.com *.addthisedge.com *.addthis.com https://mpsnare.iesnare.com https://code.jquery.com *.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.typekit.net https://destinilocators.com data:; connect-src 'self' 'unsafe-inline' data: https://* *.swiftype.com *.demdex.net *.pinterest.com *.hotjar.io *.googleapis.com *.doubleclick.net *.amazonaws.com www.google-analytics.com; style-src 'self' 'unsafe-inline' blob: data: https://* *.fontawesome.com *.typekit.net *.jsdelivr.net *.typography.com *.cloudflare.com *.bootstrapcdn.com *.cloudfare.com *.myfonts.net *.googleapis.com; base-uri 'self'; form-action 'self'; 2 default-src 'self';script-src 'self' 'nonce-FKhsaYAOYF2gpFiKxBwvGQ==';script-src-elem 'self' *.cookielaw.org *.googleapis.com *.googletagmanager.com 'nonce-FKhsaYAOYF2gpFiKxBwvGQ==' https://cdn.jsdelivr.net;connect-src 'self' *.cookielaw.org *.google-analytics.com *.googleapis.com *.onetrust.com *.eqs.com;child-src 'self';style-src 'self' 'unsafe-inline' *.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: *.gstatic.com *.googleapis.com *.cookielaw.org *.eqs.com https://cdn.jsdelivr.net *.googleusercontent.com *.eqs.com *.marco.ch/;frame-src 'self' *.youtube.com *.vimeo.com https://challenges.cloudflare.com;base-uri 'none';object-src 'none';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2 frame-ancestors 'self' https://*.zbj.com https://*.tianpeng.com https://*.chatm.com https://*.mysipo.com https://*.zhubajie.la *.zbjdev.com hljcg.hlj.gov.cn *.qjzbj.com 2 frame-ancestors 'self' https://*.hana.ondemand.com; 2 frame-ancestors 'self' https://*.deuter.com https://*.gonso.de https://*.maier-sports.com https://*.ortovox.com https://*.arrabiata.de; 2 object-src 'none'; frame-ancestors 'self' https://*.docebo.com 2 frame-ancestors 'self' https://*.melissa.com 2 frame-ancestors canvas.mdu.se https://eu.smartsigncloud.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self'; connect-src *; font-src 'self' fonts.gstatic.com fonts.googleapis.com fonts.intercomcdn.com data:; frame-ancestors 'self' https://plugins-cdn.datocms.com https://intigriti.admin.datocms.com; frame-src *; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob:; script-src-elem 'self' 'unsafe-inline' * blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com tags.srv.stackadapt.com app.vwo.com; worker-src 'self' blob:; object-src 'none'; manifest-src 'self'; media-src 'self' https://www.datocms-assets.com https://image.mux.com https://*.mux.com blob:; 2 default-src 'self'; script-src 'self' https://static.cloudflareinsights.com https://static.elfsight.com https://www2.embraerexecutivejets.com https://pi.pardot.com/ https://siteintercept.qualtrics.com https://zn3efmsp28lzusdan-embraer.siteintercept.qualtrics.com/ https://tracker.sqreemtech.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net https://maps.googleapis.com embraer.com cdn.ckeditor.com rec.smartlook.com snap.licdn.com https://js.stripe.com www.googletagmanager.com www.youtube.com code.jquery.com kendo.cdn.telerik.com adservice.google.com static.hotjar.com script.hotjar.com doubleclick.net consent.cookiefirst.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src 'self' cdn.ckeditor.com fonts.googleapis.com cdnjs.cloudflare.com consent.cookiefirst.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; object-src 'none'; worker-src 'self' blob: https://m.stripe.network; media-src 'self' https://embraer.bynder.com/ 2 frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 2 default-src 'self' *.greenlight.com *.gl-tech.io web.cdn.greenlight.com web.cdn.staging.greenlight.com web.cdn.dev.greenlight.com;media-src videos.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.greenlight.com *.gl-tech.io *.optimizely.com cdn.segment.com cdn.segment.com/v1/projects/* cdn.segment.com/analytics-next/bundles/* cdn.segment.com/next-integrations/integrations/* *.vimeo.com graph.facebook.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.tiktok.com *.tiktokcdn-us.com *.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ iframely.net/files/ pay.google.com *.growsumo.com connect.facebook.net maps.googleapis.com app.link sc-static.net s.yimg.com bam.nr-data.net js-agent.newrelic.com cdn.mxpnl.com sp.analytics.yahoo.com cdn.plaid.com *.fullstory.com js.adsrvr.org bat.bing.com *.criteo.com acdn.adnxs.com js.braintreegateway.com assets.braintreegateway.com paypalobjects.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com getrockerbox.com conoret.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com *.bc0a.com googleadservices.com outgrow.us outgrow.co dyv6f9ner1ir9.cloudfront.net *.byspotify.com *.appsflyer.com platform.instagram.com www.instagram.com instagram.com analytics.tiktok.com/* googleadservices.com/* *.chatbase.co http://licdn.com/* linkedin.com cloudfront.net;connect-src data: 'self' *.greenlight.com *.gl-tech.io *.greenlight.me *.auth.us-east-1.amazoncognito.com api.lever.co *.vimeo.com graph.facebook.com facebook.com *.mixpanel.com api.segment.io api.segment.io/v1/p cdn.segment.com *.nr-data.net *.optimizely.com dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.amazonaws.com microk8s.gl *.microk8s.gl *.braintreegateway.com *.braintreegateway.co *.braintree-api.com detx.test-app.link bnc.lt *.plaid.com grsm.io s.yimg.com *.logs.datadoghq.com *.browser-intake-datadoghq.com maps.googleapis.com *.fullstory.com *.analytics.google.com *.g.doubleclick.net d1lu3pmaz2ilpx.cloudfront.net *.cardinalcommerce.com adservice.google.com analytics.google.com google.com/ measurement-api.criteo.com/ *.paypal.com/ ad.doubleclick.net bat.bing.com *.hubspot.com *.hubapi.com *.bc0a.com googleadservices.com pay.google.com https://www.google.com/pay *.byspotify.com api.gotolstoy.com assets.ctfassets.net www.instagram.com instagram.com *.telemetry.vaultdcr.com *.tiktok.com *.chatbase.co http://licdn.com/* linkedin.com cloudfront.net;img-src 'self' data: *.greenlight.com *.gl-tech.io greenlightcard.com images.ctfassets.net videos.ctfassets.net downloads.ctfassets.net *.tiktokcdn.com *.vimeocdn.com facebook.com *.facebook.com csi.gstatic.com google-analytics.com *.google-analytics.com maps.googleapis.com googletagmanager.com *.fullstory.com jadserve.postrelease.com exchange.mediavine.com *.bidr.io *.adnxs.com *.bing.com *.analytics.yahoo.com trends.revcontent.com *.ad.smaato.net tapestry.tapad.com criteo-partners.tremorhub.com ade.clmbtech.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com idsync.rlcdn.com x.bidswitch.net *.g.doubleclick.net partner.mediawallahscript.com r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com tg.socdm.com visitor.omnitagjs.com aa.agkn.com *.criteo.com data.adxcel-ec2.com nytrng.com tags.bluekai.com pt.ispot.tv tags.w55c.net dpm.demdex.net google.com assets.braintreegateway.com *.paypal.com gstatic.com matching.ivitrack.com i.liadm.com google.kz google.es google.com.pr google.co.uk google.ru google.co.jp adservice.google.com analytics.google.com i6.liadm.com csm.va.us.criteo.net csm.da.us.criteo.net sp.analytics.yahoo.com segment.prod.bidr.io e1.emxdgt.com *.hsforms.com *.hubspot.com greenlight-stage.s3-accelerate.amazonaws.com greenlightme.s3-accelerate.amazonaws.com ads.stickyadstv.com e.dlx.addthis.com cdn.filestackcontent.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg trkn.us videos.gotolstoy.com *.cdninstagram.com *.tiktok.com *.chatbase.co;child-src blob: assets.braintreegateway.com *.paypal.com;frame-src *;frame-ancestors none;object-src 'self' data: images.ctfassets.net videos.ctfassets.net downloads.ctfassets.net;style-src 'self' 'unsafe-inline' *.greenlight.com *.gl-tech.io *.greenlightcard.com greenlightcard.com greenlight.com cdnjs.cloudflare.com assets.braintreegateway.com dyv6f9ner1ir9.cloudfront.net fonts.googleapis.com *.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/ *.tiktokcdn-us.com;font-src 'self' data: *.greenlight.com *.gl-tech.io paypalobjects.com cdn.honey.io fonts.gstatic.com;worker-src blob:;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6740cfe27eae28719b3b2ce1f5bc35f2&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production%2Cservice:greenlight-website-next; 2 frame-ancestors 'self' *.oakgov.com *.okta.com *.g2gcloud.com; 2 frame-ancestors 'self' https://manage.buildings.com https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2 object-src 'none'; base-uri 'self'; 2 default-src 'self'; img-src * blob: data: https://*.google-analytics.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.usercentrics.eu https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.usercentrics.eu https://*.gstatic.com https://dialogflow.cloud.google.com; frame-src 'self'; object-src 'none'; 2 img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com *.google.com; object-src 2 frame-ancestors 'self' 2 default-src 'none' ; script-src 'self' 'unsafe-inline' https://partner-tools.moneyadviceservice.org.uk https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://static.hotjar.com https://script.hotjar.com https://cc.cdn.civiccomputing.com https://www.gstatic.com https://www.google.com https://kit.fontawesome.com https://princestrust.widget.custhelp.com https://js.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://snap.licdn.com https://s7.addthis.com https://static.hotjar.com https://static.hotjar.io https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.silktide.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://www.rnengage.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://princestrust.widget.custhelp.com; img-src 'self' data: https://www.fundraisingregulator.org.uk https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://www.linkedin.com https://downloads.ctfassets.net https://images.ctfassets.net https://downloads.ctfassets.net https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://www.google.co.uk https://www.google.co.in https://www.google.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.rnengage.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://fonts.gstatic.com; connect-src 'self' https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://metrics.hotjar.io https://surveystats.hotjar.io https://ask.hotjar.io https://static.hotjar.io https://static.hotjar.com https://www.google.com https://candidateportal.kingstrust.org.uk https://api.getthedata.com https://www.googleapis.com https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://candidateportal.princestrust.org.uk https://pagead2.googlesyndication.com https://graphql.contentful.com https://downloads.ctfassets.net https://images.ctfassets.net https://ka-p.fontawesome.com https://api.stripe.com https://drzyrklbmz-dsn.algolia.net https://drzyrklbmz-1.algolianet.com https://drzyrklbmz-2.algolianet.com https://drzyrklbmz-3.algolianet.com https://maps.googleapis.com https://fonts.gstatic.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://vc.hotjar.io https://a.eu.silktide.com wss://ws.hotjar.com https://content.hotjar.io https://princestrust-opa--uat.custhelp.com https://princestrust--uat.custhelp.com https://princestrust-opa.custhelp.com https://js.stripe.com https://px.ads.linkedin.com; frame-src https://partner-tools.moneyadviceservice.org.uk https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://www.googletagmanager.com https://www.google.com https://princestrust-opa--uat.custhelp.com https://princestrust-opa.custhelp.com https://princes-trust-digital.co.uk https://js.stripe.com https://hooks.stripe.com https://partner-tools.moneyadviceservice.org.uk https://r1.dotdigital-pages.com https://www.youtube.com https://*.doubleclick.net https://www.getmyfirstjob.co.uk https://www.facebook.com/ *.google.com; 2 connect-src 'self' https://* http://* wss://* 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov http://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'unsafe-inline' blob: https:; 2 frame-ancestors 'self' *.amplience.net www.europaweg.ch www.randa.ch 2 default-src * ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rienergy.com https://*.pplelectric.com https://admin.sparkflow.net https://js-cdn.dynatrace.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.mouseflow.com https://n2.mouseflow.com https://ajax.googleapis.com https://connect.facebook.net https://seal.verisign.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.onelink-edge.com https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.zscalerthree.net https://js.adsrvr.org https://cdn.bttrack.com/ https://bttrack.com/ https://pixel.mathtag.com/event/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com/ https://collector-17692.us.tvsquared.com/; img-src 'self' https://*.rienergy.com https://*.pplelectric.com https://*.optimizely.com https://www.google-analytics.com https://www.facebook.com https://seal.websecurity.norton.com https://esus-pplelectric.onelink-translations.com https://es.pplelectric.com https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://ad.doubleclick.net https://gateway.zscalerthree.net https://bttrack.com https://collector-17692.us.tvsquared.com/; style-src 'self' 'unsafe-inline' https://*.rienergy.com https://*.pplelectric.com https://ajax.googleapis.com https://googletagmanager.com https://www.gstatic.com/charts/ https://*.google.com https://*.googleapis.com https://www.gstatic.com; font-src 'self' data: fonts.gstatic.com https://www.gstatic.com/charts/; frame-src 'self' https://*.rienergy.com https://*.pplelectric.com https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://www.google.com/recaptcha/ https://admin.sparkflow.net https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://player.vimeo.com https://*.paymentus.com https://*.doubleclick.net https://gateway.zscalerthree.net https://pixel.mathtag.com https://insight.adsrvr.org; child-src 'self' https://*.rienergy.com https://*.pplelectric.com https://*.google.com https://google.com https://connect.facebook.net https://www.facebook.com https://player.vimeo.com https://*.paymentus.com https://*.optimizely.com https://optimizely.com; frame-ancestors 'self' https://*.optimizely.com; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 2 frame-ancestors 'self' memberapp.exerp.com webtracapp.myvscloud.com *.myfitapp.de *.myfitapp.com *.myfitapp.ch cockpit.mobilepro.uk.com myfitapp.brightlime.com mobileapp.legendonlineservices.co.uk; 2 frame-ancestors 'self' *.muse.ai 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 default-src 'self'; worker-src blob: ; media-src *.stripe.com static.olark.com https://lp.onfleet.com/hubfs/Onfleet-Demo-2025.mp4; img-src *.visualwebsiteoptimizer.com onfleet.com *.linkedin.com *.stripe.com *.reddit.com *.facebook.com *.hubspot.com data: *.google.com *.google-analytics.com *.google.co.uk *.bing.com *.clarity.ms *.cloudfront.net *.hsforms.com *.cloudinary.com *.olark.com *.twitter.com; script-src-elem onfleet.com *.jsdelivr.net *.stripe.com *.youtube-nocookie.com *.doubleclick.net *.listenlayer.com *.redditstatic.com *.youtube.com *.olark.com *.licdn.com cdn.sitesearch360.com *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.cloudfront.net *.googleapis.com *.hsadspixel.net *.hubspot.com *.hs-analytics.net *.hs-banner.com static.olark.com transcend-cdn.com script.crazyegg.com *.clarity.ms js.hsforms.net cdn.segment.com *.facebook.net dev.visualwebsiteoptimizer.com 'unsafe-inline' https://unpkg.com/aos@next/dist/aos.js https://inorganik.github.io/countUp.js/dist/countUp.umd.js https://bat.bing.com/bat.js https://www.googletagmanager.com/; style-src onfleet.com *.googleapis.com *.cloudfront.net transcend-cdn.com static.olark.com 'unsafe-inline' https://unpkg.com/aos@next/dist/aos.css; font-src *.gstatic.com static.olark.com *.cloudfront.net data:; frame-src *.stripe.com *.rippling.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.olark.com *.hsforms.com; connect-src *.linkedin.com *.stripe.com countly.onfleet.com onfleet.com *.onfleet.com *.googlesyndication.com *.listenlayer.com *.reddit.com *.redditstatic.com *.sitesearch360.com *.hubapi.com *.olark.com *.hubspot.com *.s3.amazonaws.com onfleet.ghost.io *.hsforms.com api.segment.io telemetry.transcend.io *.clarity.ms cdn.segment.com transcend-cdn.com *.google-analytics.com *.doubleclick.net *.google.com publickeyservice.keys.adm-services.goog 2 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; 2 default-src 'none';script-src 'self' https://static.frag-den-staat.de https://traffic.okfn.de https://js.stripe.com;style-src 'self' 'unsafe-inline' https://static.frag-den-staat.de;img-src 'self' data: blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://traffic.okfn.de *.tile.openstreetmap.org *.global.ssl.fastly.net i.ytimg.com;media-src https://static.frag-den-staat.de https://media.frag-den-staat.de;worker-src 'self' blob: https://static.frag-den-staat.de;frame-src 'self' blob: https://static.frag-den-staat.de https://media.frag-den-staat.de https://www.youtube-nocookie.com https://media.ccc.de https://js.stripe.com https://hooks.stripe.com https://www.paypal.com https://datawrapper.dwcdn.net;object-src 'self' https://media.frag-den-staat.de;connect-src 'self' wss://fragdenstaat.de https://static.frag-den-staat.de https://media.frag-den-staat.de https://sentry.okfn.de https://api.stripe.com https://traffic.okfn.de;child-src 'self' blob: https://static.frag-den-staat.de;base-uri 'none';font-src data: https://static.frag-den-staat.de;manifest-src https://static.frag-den-staat.de;form-action 'self' https://fragdenstaat.de https://forum.okfn.de https://www.paypal.com https://pretix.eu https://hooks.stripe.com https://stripe.com https://r.girogate.de;report-uri https://sentry.okfn.de/api/3/security/?sentry_key=f00c20a879414df69051163a90597a8c; 2 frame-ancestors 'self' https://*.movavika.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com https://webvisor.com https://*.webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 2 default-src 'self' mailto: tel: *.aia.com; script-src 'self' https://rum.hlx.page blob: 'unsafe-inline' 'unsafe-eval' *.aia.com *.datatoolscloud.net.au *.nab.com.au *.azure-api.net *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.linkedin.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.akamaihd.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io *.inside-graph.com wss://au4-live.inside-graph.com *.dynatrace.com *.healthshare.com.au https://healthshare.com.au; connect-src 'self' *.aia.com *.datatoolscloud.net.au *.nab.com.au *.azure-api.net *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.linkedin.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io *.inside-graph.com wss://au4-live.inside-graph.com https://browser-intake-datadoghq.com *.dynatrace.com *.healthshare.com.au https://healthshare.com.au; img-src 'self' data: blob: *.aia.com *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.youtube.com https://youtu.be *.adsymptotic.com *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.inside-graph.com wss://au4-live.inside-graph.com *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io *.dynatrace.com *.healthshare.com.au https://healthshare.com.au; media-src 'self' data: blob: *.aia.com *.aia.com.au *.scene7.com https://convincely.io *.convincely.io; object-src 'self' *.aia.com *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io; frame-src 'self' mailto: tel: *.aia.com *.aia.com.au *.mcxplatform.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.facebook.com *.facebook.net *.youtube.com https://youtu.be https://infogram.com/ *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io *.inside-graph.com wss://au4-live.inside-graph.com *.dynatrace.com *.healthshare.com.au https://healthshare.com.au; child-src 'self' blob: *.healthshare.com.au https://healthshare.com.au; style-src 'self' 'unsafe-inline' *.aia.com *.aia.com.au *.ichat-aia.com *.google.com *.google.com.au *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.scene7.com *.adobedtm.com *.omtrdc.net *.demdex.net *.originally.us *.bing.com *.youtube.com https://youtu.be *.zscalertwo.net *.doubleclick.net *.lemnisk.co *.outbrain.com *.marketo.net *.marketo.com *.mktoresp.com *.turn.com *.plavxml.com *.salesforce-sites.com *.fullstory.com *.inmoment.com *.inmoment.com.au *.cvly.app https://cvly.app *.inside-graph.com wss://au4-live.inside-graph.com *.clarity.ms *.tiktok.com https://vimeo.com *.vimeo.com *.googlesyndication.com https://convincely.io *.convincely.io *.dynatrace.com *.healthshare.com.au https://healthshare.com.au; font-src * data:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.useinsider.com https://www.google.com https://ads.nextdoor.com https://www.googletagmanager.com https://*.secureprivacy.ai/ https://analytics.tiktok.com https://connect.facebook.net https://js.adsrvr.org https://c.amazon-adsystem.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://bat.bing.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googleoptimize.com/optimize.js https://code.jquery.com/jquery-3.2.1.slim.min.js https://www.google-analytics.com/analytics.js https://ad.doubleclick.net https://snap.licdn.com https://code.jquery.com https://secure-ds.serving-sys.com https://js.web-2-tel.com https://up.pixel.ad https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://secure-ds.serving-sys.com https://js.web-2-tel.com https://bs.serving-sys.com https://maps.googleapis.com https://maps.gstatic.com https://www.googleadservices.com https://www.youtube.com; img-src 'self' data: https://s.gravatar.com https://bat.bing.net https://*.useinsider.com https://*.secureprivacy.ai/ https://*.wp.com/cdn.auth0.com/avatars https://arttrk.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://www.google.com https://www.google.co.in https://px.ads.linkedin.com https://pixel.sitescout.com https://www.googletagmanager.com https://attribution.sitescout.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://match.adsrvr.org/ https://www.google-analytics.com/ https://ad.doubleclick.net https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://i.ytimg.com https://clickserv.sitescout.com/ https://fonts.gstatic.com https://www.linkedin.com https://px4.ads.linkedin.com https://www.speedwaydigest.com https://speedwaydigest.com https://www.interstatebatteries.com/ https://interstatebatteries.com/ https://quickstart.interstatebatteries.com/ https://fr.interstatebatteries.com/ https://es.interstatebatteries.com/ https://fr.quickstart.interstatebatteries.com/ https://es.quickstart.interstatebatteries.com/ https://fr.qa.home.interstatebatteries.com/ https://es.qa.home.interstatebatteries.com/ https://qa.home.interstatebatteries.com/ https://fr.qa.quickstart.interstatebatteries.com/ https://es.qa.quickstart.interstatebatteries.com/; style-src 'self' 'unsafe-inline' https://*.useinsider.com https://fonts.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; font-src 'self' 'unsafe-inline' https://*.useinsider.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; connect-src 'self' https://bat.bing.net https://www.google.com https://www.googleapis.com https://*.google-analytics.com https://*.useinsider.com https://s.amazon-adsystem.com https://analytics.tiktok.com https://*.secureprivacy.ai/ https://ara.paa-reporting-advertising.amazon https://maps.googleapis.com https://analytics.interstatebatteries.com https://analytics.google.com https://googleads4.g.doubleclick.net https://stats.g.doubleclick.net https://px.ads.linkedin.com https://secure-ds.serving-sys.com https://lm.serving-sys.com https://js.web-2-tel.com https://bat.bing.com https://www.facebook.com https://web-2-tel.com https://insight.adsrvr.org https://ad.doubleclick.net; frame-src 'self' https://*.useinsider.com https://analytics.interstatebatteries.com/ https://www.googletagmanager.com https://s.amazon-adsystem.com/ https://www.youtube.com https://insight.adsrvr.org https://www.google.com https://td.doubleclick.net https://pixel-sync.sitescout.com https://match.adsrvr.org/ https://www.facebook.com https://*.doubleclick.net; media-src 'self' data:; upgrade-insecure-requests; 2 default-src 'self'; block-all-mixed-content; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src blob: 2 frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 2 default-src 'none'; script-src 'self' piwik.bildung-rp.de https://static.b-ite.com https://cs-assets.b-ite.com https://karriere.pl.bildung-rp.de/ https://player.vimeo.com/api/player.js 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://piwik.bildung-rp.de https://jobs.b-ite.com; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.bildung.rlp.de/ https://secure2.bildung-rp.de/; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com https://rp.db-schulkinowochen.de/ https://player.vimeo.com/video/ https://vimeo.com/event/ https://video.rlp-media.de/videos/; font-src 'self'; manifest-src 'self' 2 default-src 'self' blob: https://*.wistia.com https://*.cloudfront.net https://*.helpscout.net https://stats.nice.fr https://*.dastra.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://stats.nice.fr https://*.helpscout.net https://*.wistia.com https://*.cloudfront.net https://*.dastra.eu; style-src 'self' 'unsafe-inline'; frame-src 'self' blob: https://www.youtube.com https://www.youtube-nocookie.com https://api.wp-rocket.me https://*.dastra.eu; img-src 'self' data: blob: https://secure.gravatar.com https://ps.w.org https://stats.nice.fr https://*.wistia.com https://*.dastra.eu; font-src 'self' data: https://*.wistia.com https://*.dastra.eu 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; style-src 'self' https: 'unsafe-inline' *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; font-src 'self' data: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; connect-src 'self' *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; frame-src 'self' data: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; frame-ancestors 'self' *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; object-src data: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; media-src 'self' data: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com; worker-src 'self' data: blob: *.configcat.com *.doubleclick.net *.ads-twitter.com *.adsymptotic.com *.adyen.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.sibs.com *.speedtestcustom.com *.tiktok.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com cihbank.ma llamamegratis.es t.co wss://*.byside.com *.zetaglobal.net d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com 2 default-src 'self' https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net; font-src 'self' data: https://ucarecdn.com https://*.ucarecdn.com https://fonts.gstatic.com; frame-src 'self' https://ucarecdn.com https://*.uploadcare.com https://js.stripe.com https://*.google.com https://*.youtube-nocookie.com https://*.facebook.com https://codepen.io https://codesandbox.io https://*.codesandbox.io https://zapier.com https://td.doubleclick.net https://www.googletagmanager.com; child-src 'self' blob:; media-src blob: data: https://ucarecdn.com https://*.ucarecdn.com; style-src 'self' 'unsafe-inline' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://unpkg.com https://js.stripe.com https://*.googleapis.com https://*.zapier.com https://*.integrately.com https://prod-slash.ferndocs.com https://cdn.cookiehub.eu; connect-src 'self' blob: https://*.cloudfront.net *.uploadcare.com uploadcare.com https://*.s3-accelerate.amazonaws.com https://ucarecdn.com https://*.ucarecdn.com https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.statuspage.io https://*.pingdom.net wss://ws.pusherapp.com https://api.rollbar.com https://*.helpscout.net https://zapier.com https://*.zapier.com https://*.integrately.com https://api.getrewardful.com https://www.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://adservice.google.com https://*.googleadservices.com https://*.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://analytics.ahrefs.com https://registry.npmjs.org https://dev.visualwebsiteoptimizer.com https://cdn.cookiehub.eu https://consent-eu.cookiehub.net https://region-eu.cookiehub.net https://icons.ferndocs.com; img-src 'self' blob: data: https://*.uploadcare.com https://ucarecdn.com https://*.ucarecdn.com https://*.ucr.io https://q.stripe.com https://zapier-images.imgix.net https://zapier.com https://*.zapier.com https://integrately.com https://*.amazonaws.com https://*.travis-ci.com https://*.travis-ci.org https://github.com https://codesandbox.io https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.g.doubleclick.net https://i.ytimg.com https://bat.bing.com *.google.com *.google.at *.google.com.au *.google.be *.google.com.br *.google.by *.google.ca *.google.ch *.google.cn *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.co.id *.google.co.il *.google.co.in *.google.it *.google.co.jp *.google.co.kr *.google.lt *.google.lv *.google.me *.google.com.mx *.google.com.my *.google.nl *.google.no *.google.com.ph *.google.pl *.google.pt *.google.ru *.google.se *.google.com.sg *.google.co.th *.google.com.tr *.google.com.tw *.google.com.ua *.google.co.uk *.google.com.vn *.google.rs *.google.com.ar *.google.com.ph *.google.ee https://*.customer.io https://*.facebook.com https://cx.atdmt.com https://p.adsymptotic.com https://*.linkedin.com https://dev.visualwebsiteoptimizer.com https://files.buildwithfern.com https://api.producthunt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://js.stripe.com https://m.stripe.network https://zapier.com https://cdn.zapier.com https://*.integrately.com https://r.wdfl.co https://*.codepen.io https://*.helpscout.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.facebook.net https://snap.licdn.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://pi.pardot.com https://prod-slash.ferndocs.com https://files.buildwithfern.com https://cdn.cookiehub.eu https://cookiehub.net; frame-ancestors 'self'; report-uri https://app.uploadcare.com/apps/api/v0.1/csp/report/ 2 default-src 'self'; img-src 'self' https://w3.flatex.de data: https://res.cloudinary.com; font-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://w3.flatex.de; script-src 'self' 'unsafe-inline' https://responder.wt-safetag.com https://www.googletagmanager.com/; frame-src 'self' https://konto.flatex.de https://www.googletagmanager.com/ https://stock.flatexdegiro.com 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; 2 default-src 'self' http: https: ws: wss: yoti: * *.faphouse4k.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com accounts.google.com *.google.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com cdn.delight-vr.com www.yoti.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 2 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2 default-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; img-src 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com; frame-src 'self' www.googletagmanager.com *.doubleclick.net *.blubrry.com atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com; font-src 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' *.doubleclick.net atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; connect-src 'self' *.doubleclick.net *.linkedin.com region1.google-analytics.com atkinsrealis.cd.invdcloud-is.co.uk staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com r1.trackedweb.net *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net geolocation.onetrust.com *.onetrust.com; base-uri 'self'; form-action 'self'; script-src-elem 'self' *.doubleclick.net atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net sc.lfeeder.com static.cloudflareinsights.com communications.atkinsrealis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com 2 frame-ancestors https://app.contentful.com https://contentpath.siemens.com https://content.sw.siemens.com 2 frame-ancestors 'self' *.doctors.net.uk; object-src 'none' 2 frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.schaeffler.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://*.fbcdn.net https://*.twimg.com/ https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com https://media-aftermarket.schaeffler.com https://eqs-cockpit.com https://sch-cor-website-cdn-stage.mishost.ch https://sch-cor-website-cdn-live.mishost.ch https://www.eqs.com https://*.doubleclick.net data: blob:; 2 frame-ancestors 'self' https://app.grovecms.org/ https://donate.lpm.org/ 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://js.hs-banner.com https://*.hs-banner.com https://js.hsforms.net/ https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.hubspot.com/ https://www.google-analytics.com/ https://tagmanager.google.com/ https://*.googletagmanager.com/ https://ssl.google-analytics.com/ https://www.google.com https://www.gstatic.com https://apis.google.com https://*.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.cloudflare.com https://*.hsforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://forms.hscollectedforms.net https://unpkg.com http://*.hsforms.net https://*.hsadspixel.net https://*.hs-analytics.net https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://js.hsforms.net/ https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://newtriplea.wpengine.com https://content.triple-a.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn2.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net; base-uri 'self'; connect-src 'self' ws://localhost:* https://www.triple-a.io https://forms.hscollectedforms.net https://forms.hsforms.com/ https://*.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com/ https://*.wpengine.com https://*.googleapis.com https://*.hsforms.com https://*.hs-banner.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.triple-a.io/api/v1/merchant https://forms-na1.hsforms.com https://*.hubapi.com https://forms.hsforms.com https://*.hubspot.com https://analytics.google.com https://*.google.com https://newtriplea.wpengine.com https://content.triple-a.io https://js-eu1.hscta.net https://js.hscta.net https://*.hscollectedforms.net https://publicapi.svc.triple-a.live; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://app.hubspot.com/ https://*.hubspot.com/ https://td.doubleclick.net/ https://www.google.com/recaptcha/ https://www.google.com/ https://*.hsforms.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://forms-na1.hsforms.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://forms.hsforms.com https://app.hubspot.com https://www.google.com https://td.doubleclick.net https://recaptcha.google.com/recaptcha/ https://*.hubspot.net https://*.hsforms.net http://*.hsforms.net; img-src 'self' data: https://track.hubspot.com https://*.hsforms.com/ https://*.hubspot.com/ https://forms-na1.hsforms.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com/ https://www.gstatic.com https://stats.g.doubleclick.net www.google-analytics.com https://newtriplea.wpengine.com https://content.triple-a.io https://www.google.com https://*.googleapis.com https://google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.hubspot.com https://no-cache.hubspot.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net http://*.hsforms.net https://*.hsforms.com https://*.analytics.google.com https://ssl.gstatic.com https://js-eu1.hscta.net https://js.hscta.net https://flagcdn.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; object-src 'self'; worker-src 'self'; child-src https://*.hsforms.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.intercomcdn.com https://widget.intercom.io https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://region1.analytics.google.com; child-src 'self'; media-src 'self'; frame-src 'self' https://www.google.com https://www.gstatic.com https://app.livestorm.co https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com 2 frame-src 'self'; img-src *.mysedgwick.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ 'self' data:; child-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; default-src 'self' https://geolocation.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://fonts.gstatic.com/ https://storage.googleapis.com/co; style-src 'self' https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://storage.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' *.kampyle.com *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguardinvestor.co.uk *.vanguard.co.uk;base-uri 'self';font-src 'self' https: data: *.vanguard.com:* *.vgcontent.info:*;form-action 'self';frame-ancestors 'self';img-src 'self' data: vanguard.d2.sc.omtrdc.net *.amazon-adsystem.com www.facebook.com *.doubleclick.net www.google.com *.adservice.google.com *.ytimg.com sjs.bizographics.com *.linkedin.com snap.licdn.com P.adsymptotic.com *.kampyle.com insight.adsrvr.org *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguard.co.uk ade.googlesyndication.com https://*.vanguardinvestor.co.uk https://alb.reddit.com https://match.adsrvr.org/ https://ib.adnxs.com;object-src 'none';script-src 'self' 'unsafe-inline' *.vgdynamic.info connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.youtube.com/ *.kampyle.com *.vanguard.com:* *.vgcontent.info:* corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com https://*.vanguardinvestor.co.uk cdn.botframework.com/botframework-webchat/latest/webchat.js https://solutions.eu.invocacdn.com https://td.doubleclick.net https://www.redditstatic.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' *.kampyle.com *.vanguard.com:* *.vgcontent.info:*;connect-src *.demdex.net vanguard.d2.sc.omtrdc.net *.tt.omtrdc.net *.kampyle.com *.medallia.com *.medallia.eu *.vanguard.com *.vanguard.co.uk static.vgcontent.info cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com corp-pmj.webt.vanguard.com corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com corp.etm.testassets.vgdynamic.info corp.etm.assets.vgdynamic.info corp.at2.assets.vgdynamic.info *.googlesyndication.com www.google.com googleads.g.doubleclick.net 'self' https://*.vanguardinvestor.co.uk https://*.vanguardinvestor.com https://*.vanguard.com directline.botframework.com https://pnapi.eu.invoca.net https://ad.doubleclick.net https://google.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com;frame-src *.demdex.net *.youtube.com 'self' *.vanguard.com *.kampyle.com insight.adsrvr.org vanguard-pf-git-vgpf-prod-raindrop-tech.vercel.app vanguard-pf-git-vgpf-dev-raindrop-tech.vercel.app https://www.googletagmanager.com https://td.doubleclick.net https://4598102.fls.doubleclick.net https://13621799.fls.doubleclick.net;media-src;upgrade-insecure-requests 2 default-src 'self' https: data:; connect-src 'self' wss://*.tawk.to wss://ws.hotjar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: mailto:; img-src * 'self' data: https:; 2 base-uri 'none'; font-src 'self' https: data: https://heapanalytics.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https: images.ctfassets.net https://heapanalytics.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' https://heapanalytics.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://cdn.heapanalytics.com https://heapanalytics.com; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https:; worker-src blob:; connect-src 'self' https: http://cdn.cookielaw.org wss: https://heapanalytics.com; media-src blob: 'self' https:; 2 script-src 'unsafe-inline' 'self' 'unsafe-eval' *.googleapis.com *.facebook.net *.union-investment.de *.usercentrics.eu *.doubleclick.net *.meininvest.de *.frontend.live *.googletagmanager.com *.podigee-cdn.net *.highcharts.com https://safemicronkk2022prod.z6.web.core.windows.net/ http://localhost:* https://fe-calculator-prod.azureedge.net https://fe-scs-aktuelles-prod.azureedge.net https://bplv.fe.union-investment.de https://internal.api.union-investment.de mktdplp102cdn.azureedge.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://apps.mypurecloud.de/genesys-bootstrap/genesys.min.js https://apps.mypurecloud.de/journey/messenger-plugins/offersHelper.min.js https://apps.mypurecloud.de/genesys-bootstrap/plugins/genesysvendors.min.js; 2 default-src 'self'; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2 default-src 'self' 'unsafe-inline' data: https: ; style-src 'self' 'unsafe-inline' 2 frame-ancestors 'self' https://www.herroom.com https://www.hisroom.com; 2 default-src 'self' data: blob: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.octopus-cards.com *.oepay.octopus-cards.com *.comm.octopus.com.hk *.youtube.com *.google.com *.google.com.hk *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com ade.googlesyndication.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net www.facebook.com connect.facebook.net https://api2.branch.io https://cdn.branch.io https://app.link 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' 'unsafe-inline' data: *; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com https://*.bing.com https://*.geizhals.de https://*.bing.com https://unpkg.com/ https://*.openstreetmap.org/ https://*.virtualearth.net https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pollin.at https://*.pollin.de https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/* https://*.criteo.com https://*.usercentrics.eu https://connect.facebook.net/ https://www.googletagmanager.com https://api.signalize.com/ https://www.dwin1.com https://www.redditstatic.com https://*.paypal.com https://*.payments-amazon.com https://*.loadbee.com https://ajax.cloudflare.com https://challenges.cloudflare.com https://www.awin1.com https://api.pushpushgo.com https://s-eu-1.pushpushgo.com https://*.sovendus.com https://cdn.pushpushgo.com https://*.trbo.com https://*.bing.com https://*.geizhals.de https://unpkg.com/ https://*.openstreetmap.org/ https://*.virtualearth.net https://*.mollie.com https://*.clarity.ms https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com; connect-src 'self' https://*.pollin.at https://*.pollin.de https://*.criteo.com https://*.usercentrics.eu https://*.service.consent.usercentrics.eu/ https://www.redditstatic.com https://conversions-config.reddit.com https://*.sovendus.com https://www.google.com https://googleads.g.doubleclick.net https://*.paypal.com https://payments-eu.amazon.com https://*.loadbee.com https://pixel-config.reddit.com https://api.pushpushgo.com https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com https://*.bing.com https://*.geizhals.de https://*.virtualearth.net https://*.clarity.ms https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://pagead2.googlesyndication.com https://www.google.com https://google.com https://ad.doubleclick.net https://www.googleadservices.com; worker-src https://api.pushpushgo.com https://s-eu-1.pushpushgo.com https://cdn.pushpushgo.com https://*.pollin.at https://*.pollin.de https://*.bing.com https://unpkg.com/ https://*.openstreetmap.org/ https://*.virtualearth.net; img-src 'self' data: https://*.doubleclick.net https://*.google.com https://*.google.de https://s-eu-1.pushpushgo.com s-us-1.pushpushgo.com https://cdn.pushpushgo.com https://static-a.pushpushgo.com https://*.pollin.at https://*.pollin.de https://pollin.de https://*.usercentrics.eu https://www.facebook.net https://*.facebook.com https://alb.reddit.com https://*.media-amazon.com https://www.paypalobjects.com https://*.paypal.com https://*.googletagmanager.com https://*.bing.com https://*.geizhals.de https://unpkg.com/ https://*.openstreetmap.org/ https://*.virtualearth.net https://*.trbo.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com o https://www.googleadservices.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com; frame-src https://td.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.loadbee.com https://*.trbo.com; 2 frame-ancestors 'self' *.virginmedia.ie *.upc.biz; 2 default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.chatbase.co/; connect-src 'self' http://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ https://*.sentry.io/ wss://*.piesocket.com wss://*.ffrtz.com https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/ wss://*.tantumpay.com/ https://*.chatbase.co/; font-src 'self' data: http://localhost http://localhost:3000 https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.chatbase.co/; frame-src 'self' antennapod-subscribe: castros: downcast: gpodder: icatcher: instacast: overcast: playerfm: pktc: podcastaddict: podcastguru: podcat: podkicker: rssradio: podcast: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/ https://*.tantumpay.com https://*.chatbase.co/; img-src 'self' data: blob: android-webview-video-poster: http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://loremflickr.com/ https://*.hotjar.com/ https://*.trafficjunky.net/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/ https://*.chatbase.co/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ http://mac.fritz.box http://mbpvonchristian.fritz.box https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/ https://*.tantumpay.com https://cdn.jsdelivr.net/npm/ua-parser-js/dist/ua-parser.min.js https://*.chatbase.co/; style-src 'self' 'unsafe-inline' data: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://knpb-media.zammad.com/ https://*.chatbase.co/; media-src 'self' blob: data: https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readwhere.app *.readwhere.com *.cloudflare.com *.bootstrapcdn.com *.googletagmanager.com *.gstatic.com *.facebook.net *.twitter.com googleads.g.doubleclick.net *.doubleclick.net *.rwadx.com *.google.com *.google.co.in *.facebook.com *.epapr.in static.xx.fbcdn.net scontent.fdel72-1.fna.fbcdn.net *.google-analytics.com use.fontawesome.com *.pinterest.com *.jquery.com *.cloudfront.net *.googleapis.com data: sb.scorecardresearch.com *.googlesyndication.com 2 frame-ancestors 'self' *.inforcloudsuite.com 2 frame-ancestors 'self' nationaalarchief.sr *.nationaalarchief.sr; report-uri /report-csp-violation 2 script-src-elem link.sportsgirl.com.au *.wufoo.com *.pinterest.com *.jotform.com *.jotfor.ms *.squarecdn.com https://api.smooch.io/faye https://cdn-widgetsrepository.yotpo.com *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com *.surveymonkey.com *.googleapis.com *.kaltura.com *.creativecdn.com *.sli-spark.com *.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.jotfor.ms https://cdn-widget-assets.yotpo.com *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com *.creativecdn.com https://cdn-widgetsrepository.yotpo.com *.useinsider.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.jotfor.ms *.slant.co cdn.neverbounce.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com bid.g.doubleclick.net *.youtube-nocookie.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk * *.sharethis.com *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net *.surveymonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de *.stockinstore.net *.rakuten.com *.afterpay.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.jotfor.ms *.jotform.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.youtube.com https://site-assets.afterpay.com/ *.kaltura.com *.facebook.com https://static.zdassets.com/web_widget/latest/basic_settings_avatar.png www.google.com.ua *.sharethis.com *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com *.creativecdn.com https://barcode.tec-it.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.getwisp.co *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk *.squarecdn.com https://hbiq.net songbirdstag.cardinalcommerce.com *.sharethis.com *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com *.squarecdn.com assets.braintreegateway.com *.jotfor.ms *.sharethis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net *.forter.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sentry.io *.api.useinsider.com wss://api.smooch.io/faye https://sst.suzannegrae.com.au *.sharethis.com *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com *.kaltura.com *.creativecdn.com *.sussan.com.au analytics-ipv6.tiktokw.us https://sst.sportsgirl.com.au 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e350c8f5-2076-4690-909d-d997db0d337e.sansec.watch/; 2 frame-ancestors 'self' https://*.notifica.re 2 connect-src 'self' *.google-analytics.com *.doubleclick.net *.consentmanager.net *.dynamics.com *.lanxess.com *.etracker.de maps.googleapis.com directline.botframework.com wss://directline.botframework.com;default-src 'self' fonts.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bayferrox.com *.lanxess.com *.linkedin.com media.bayferrox.com;frame-ancestors 'self' https://*.etracker.com;frame-src 'self' *.lanxess.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.investis.com digitizer.app *.equitystory.com *.eqs.com *.vara-services.com vara-services.com *.dynamics.com towercam.cologne *.linkedin.com pmr.lanxess.com pmr.lanxess.de www.aplf.com vidicast.de iframe.cvwarehouse.com xms.deutsche-boerse.com;img-src 'self' data: *.google-analytics.com * *.linkedin.com *.google.com *.google.de *.consentmanager.net *.vimeocdn.com *.lanxess.com;media-src 'self' media.lanxess.com data:;script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com * 'unsafe-eval' *.licdn.com *.consentmanager.net *.lanxess.com;style-src 'self' 'unsafe-inline' *.lanxess.com fonts.googleapis.com; 2 frame-ancestors 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com play.google.com https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk sgtm.axa.co.uk https://sgtm.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org; frame-src 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com https://a247752487.cdn.optimizely.com https://247752487.cdn.optimizely.com https://a247752487.cdn-pci.optimizely.com sgtm.axa.co.uk https://sgtm.axa.co.uk/ https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com https://www.google.com widget.trustpilot.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org https://v4in1-ti.click4assistance.co.uk https://csp.withgoogle.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; 2 frame-ancestors https://*.pironet-ndh.com:4433 'self' 2 frame-ancestors 'self' *.ariba.com *.gn.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.medco.com *.express-scripts.com *.evernorth.com *.linkedin.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.google-analytics.com *.launchdarkly.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.s3.amazonaws.com *.branch.io app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.adsrvr.org; connect-src 'self' *.mktoresp.com *.brightcove.com dotsub.com *.prod.boltdns.net *.google-analytics.com *.s3.amazonaws.com *.112.2o7.net *.omtrdc.net *.qualtrics.com *.akamaihd.net *.demdex.net *.mktoutil.com *.nr-data.net *.facebook.com *.d41.co *.branch.io app.link *.express-scripts.com *.evernorth.com *.googleapis.com *.eloqua.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.demandbase.com api.company-target.com *.verint-cdn.com *.wevalueyourfeedback.com *.linkedin.com *.brightcovecdn.com *.google.com *.launchdarkly.com; font-src 'self' data: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com *.evernorth.com *.express-scripts.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' static.addtoany.com *.marketo.com *.demdex.net *.doubleclick.net *.facebook.com *.brightcove.net *.s3.amazonaws.com *.qualtrics.com activitymap.adobe.com *.omniture.com *.google.com *.evernorthcaregroup.com s.company-target.com *.evernorth.com *.googletagmanager.com; img-src 'self' blob: data: *.google-analytics.com *.112.2o7.net *.brightcove.com pbs.twimg.com d8-es-rgadev-com.s3.amazonaws.com brightcove.hs.llnwd.net *.googletagmanager.com *.prod.boltdns.net brightcove.vo.llnwd.net *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.everesttech.net *.facebook.com *.linkedin.com *.adsymptotic.com t.co *.twitter.com *.demdex.net *.s3.amazonaws.com *.facebook.net *.marketo.com *.express-scripts.com *.evernorth.com *.doubleclick.net *.google.com *.branch.io app.link *.privacysandbox.googleadservices.com *.adsrvr.org *.googleapis.com maps.gstatic.com lh3.googleusercontent.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com id.rlcdn.com *.verint-cdn.com *.wevalueyourfeedback.com findoctave.com *.findoctave.com; media-src 'self' blob: *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.akamaihd.net *.s3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.addtoany.com www.google-analytics.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net dotsub.com vjs.zencdn.net 112.2o7.net *.cloudflare.com *.qualtrics.com *.d41.co *.facebook.net *.licdn.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.twitter.com *.s3.amazonaws.com unpkg.com *.rlcdn.com *.agkn.com www.googleadservices.com *.doubleclick.net activitymap.adobe.com *.branch.io app.link *.adsrvr.org *.googleapis.com tlt.cigna.com *.evernorthcaregroup.com cdn.cookielaw.org *.onetrust.com cdn.jsdelivr.net tag.demandbase.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com *.google.com assets.adobedtm.com cdnjs.cloudflare.com https://assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://mychart.evernorthcaregroup.com https://players.brightcove.net https://unpkg.com https://www.googletagmanager.com mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' blob: static.addtoany.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.cloudflare.com *.s3.amazonaws.com *.evernorthcaregroup.com unpkg.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' blob: static.addtoany.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.cloudflare.com *.s3.amazonaws.com *.evernorthcaregroup.com unpkg.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-ancestors 'self' *.medco.com *.express-scripts.com *.evernorth.com *.accredo.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://calendario-ministro.tst.jus.br https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br wss://ws.hotjar.com; img-src 'self' data: https: https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br; 2 script-src 'self' https://chat.seznam.cz https://*.hit.gemius.pl https://www.stream.cz/static/embed/ https://h.seznam.cz https://c.imedia.cz; report-uri /cspreport; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.vimeo.com code.jquery.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com *.player.vimeo.com *.viralsweep.com js.adsrvr.org cdn.userway.org *.vimeo.com analytics.tiktok.com *.pinterest.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com *.vimeo.com code.jquery.com 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; img-src 'self' *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; style-src 'self' 'unsafe-inline' *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; base-uri 'self' blob:; form-action 'self' *.kakao.com blob:; connect-src 'self' wss: *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; font-src 'self' *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; frame-src 'self' *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com beacon.etfflows.com *.googlesyndication.com company-target.com *.google.com *.rlcdn.com beacon.etfflows.com *.linkedin.com *.cookielaw.org data: *.marketo.com *.demandbase.com analytics.google.com dpm.demdex.net *.onetrust.com *.mktoresp.com *.d41.co www.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com blob:; object-src 'self' blob:; media-src 'self' blob: *.kakaocdn.net *.vettafi.com *.ipify.org rlcdn.com unpkg.com *.webflow.io *.hotjar.io *.mktoutil.com *.flashtalking.com *.llnw.net *.llnwd.net *.akafms.net *.brightcovecdn.com *.cloudfront.net *.issgovernance.com *.myworkdayjobs.com *.aetna.com theinvestoragenda.org accesstomedicinefoundation.org *.twitter.com *.facebook.com bcove.video *.youtube.com *.instagram.com vds.issproxy.com spotify.link *.abfunds.com pigeonhole.at *.amazon.com *.apple.com *.spotify.com *.fundsquare.net *.alliancebernstein.co.kr *.abfunds.com youtu.be *.dbs.com *.eqt.com *.brainshark.com *.pensionspolicyinstitute.org.uk *.vimeo.com *.unpri.org *.scopeexplorer.com *.finra.org mymanagedfunds.com *.issgovernance.com *.linkfundsolutions.com *.dbs.com *.praemium.com *.net *.hub24.com *.kakao.com allncbrnstn.co *.on24.com *.secureaccountview.com *.financialtrans.com *.financialtrans.com *.rightprospectus.com *.fondsprofessi.net *.linkmarketservices.com *.podbean.com *.abfunds.co.kr *.etftrends.com *.citywire.com *.nasdaq.com *.youtube.com *.abfunds.com.hk *.abfunds.com.sg *.abfunds.co.kr *.fbcdn.net bernstein.com www.facebook.com prezi-nocookies.com *.demdex.net *.glance.net *.prezicdn.net cdn.cookielaw.org *.facebook.net *.glancecdn.net alliancebernstein.122.2o7.net *.oribi.io *.adoberesources.net alliancebernsteinholdinglp.gcs-web.com www.juicer.io *.adobe.io *.typekit.net *.adobe.com *.libsyn.com *.lottiefiles.com *.cloudflare.com *.geenee.it rawgit.com *.akamaihd.net *.boltdns.net *.bc0a.com *.zencdn.net *.daum.net *.demdex.net *.everesttech.net *.ytimg.com *.line.me *.lfeeder.com *.taboola.com *.facebook.net *.doubleclick.net *.line-scdn.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.youtube.com *.daumcdn.net *.hotjar.com *.alliancebernstein.com okt.to *.pardot.com assets.adobedtm.com *.company-target.com cdn.cookielaw.org *.acml.com metrics.alliancebernstein.com *.googletagmanager.com alliancebernstein.tt.omtrdc.net *.fontawesome.com *.mktoweb.com *.marketo.net *.adobedtm.com *.marketo.com *.d41.co vettafi.com snap.licdn.com static.hotjar.com static.oktopost.com tag.demandbase.com cdn.pardot.com www.google-analytics.com id.rlcdn.com be 2 connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.googletagmanager.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://eu.qualtrics.com https://*.optimizely.com https://integrations.optimizely-edge.com https://*.arcot.com https://*.doubleclick.net https://*.onetrust.com https://*.optimizely.com https://ade.googlesyndication.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://api.github.com https://api.mypurecloud.ie https://pagead2.googlesyndication.com https://www.google.hu https://px.ads.linkedin.com wss://carrier-pigeon.mypurecloud.ie https://*.bankofireland.com https://*.bsw-dev.net https://*.cludo.com https://*.google.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.googleapis.com https://*.gstatic.com https://*.pingdom.net https://calculators.api.bankofireland.com https://*.twitter.com https://app.altocloud.com https://cdn.optimizely.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://gkcpri.boi.com https://gkcsec.boi.com https://gmspri.boi.com https://gmssec.boi.com https://privacyportal.cookiepro.com https://stats.g.doubleclick.net;font-src 'self' data: https://fonts.gstatic.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://*.bankofireland.com https://*.getsitecontrol.com https://altocloudcdn.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com;frame-src 'self' https://bankofireland.eu.qualtrics.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://a25243410878.cdn-pci.optimizely.com https://a25243410878.cdn.optimizely.com https://www.googletagmanager.com https://*.arcot.com https://a25243410878.cdn-pci.optimizely.com https://a25243410878.cdn.optimizely.com https://form-stg.bsw-dev.net https://form.bankofireland.com https://*.365online.com https://*.doubleclick.net https://*.google.com https://*.twitter.com https://*.which50.com https://365online.com https://altocloud-sdk.com https://boi-app.ignitionwealth.ie https://boi-app.uat.ignitionwealth.ie https://boimedia.customerminds.com https://media.customerminds.com https://pixel.everesttech.net https://s-static.ak.facebook.com https://www.everestjs.net https://www.facebook.com https://www.youtube.com;img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.ytimg.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.optimizely.com https://*.arcot.com https://ade.googlesyndication.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://cookiepro.blob.core.windows.net https://cdn.optimizely.com https://www-stg.bsw-dev.net https://www.google.hu https://www-dev.bsw-dev.net https://*.bankofireland.com https://*.cludo.com https://*.doubleclick.net https://*.facebook.com https://*.getsitecontrol.com https://*.google.com https://*.google.ie https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.twimg.com https://*.twitter.com https://app.altocloud.com https://cdn.cookielaw.org https://gtrk.s3.amazonaws.com https://pixel.everesttech.net https://s0.2mdn.net https://secure.adnxs.com https://secure.gravatar.com https://t.co https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://tagmanager.google.com https://*.googletagmanager.com https://siteintercept.qualtrics.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.optimizely.com https://optimizely-edge.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.google-analytics.com https://*.mypurecloud.ie https://*.onetrust.com https://*.optimizely.com https://ade.googlesyndication.com https://cdn-assets-prod.s3.amazonaws.com https://code.jquery.com https://cookie-cdn.cookiepro.com https://optimizely-edge.com https://optimizely.s3.amazonaws.com https://www.google.hu https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://*.bankofireland.com https://*.bizographics.com https://*.cludo.com https://*.doubleclick.net https://*.getsitecontrol.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.twimg.com https://*.twitter.com https://altocloud-sdk.com/ac.js https://altocloudcdn.com https://app.altocloud.com https://boi-app.ignitionwealth.ie https://boi-app.preprod.ignitionwealth.ie https://boi-app.uat.ignitionwealth.ie https://cdn.cookielaw.org https://connect.facebook.net https://cookiepro.blob.core.windows.net https://dnn506yrbagrg.cloudfront.net https://geolocation.onetrust.com https://i.ytimg.com https://ict.infinity-tracking.net https://pagead2.googlesyndication.com https://pixel.everesttech.net https://pixel.quantserve.com https://rules.quantcount.com https://s.ytimg.com https://seal.websecurity.norton.com https://secure.adnxs.com https://secure.quantserve.com https://snap.licdn.com https://static.ads-twitter.com https://t.co https://www.everestjs.net https://www.google-analytics.com https://www.google.ie https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube.com/iframe_api https://youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://*.qualtrics.com https://cookiepro.blob.core.windows.net https://*.bankofireland.com https://*.twimg.com https://*.twitter.com https://cdnjs.cloudflare.com https://optimize.google.com; 2 frame-ancestors *.austinisd.org 2 frame-ancestors 'self' https://huckmag.com https://www.huckmag.com https://lwl.mutualcp.com 2 child-src 'self' https://survey.jam-software.com;frame-src https://jam-software-gmbh.jobs.personio.de; base-uri 'self';font-src 'self';form-action 'self';frame-ancestors 'self' *.jam-software.de *.jam-software.com ;img-src *.jam-software.com 'self' https://www.google.com https://www.google.de https://ja.jam-software.com https://www.jam-software.de https://www.jam-software.com https://customers.jam-software.de https://manuals.jam-software.de https://manuals.jam-software.com https://survey.jam-software.com media.jam-software.com;media-src 'self' media.jam-software.com https://survey.jam-software.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.jam-software.de https://matomo.jam-software.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://survey.jam-software.com; 2 default-src 'self' data: *.google-analytics.com analytics.google.com crm.assist.ru crm.assist.kz *.googletagmanager.com mc.yandex.ru mc.yandex.md bitrix.info; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com analytics.google.com *.googletagmanager.com mc.yandex.ru mc.yandex.md bitrix.info; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' crm.assist.ru crm.assist.kz; base-uri 'self'; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: data: mc.yandex.ru mc.yandex.md *.google-analytics.com analytics.google.com *.doubleclick.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' bitrix.info mc.yandex.ru mc.yandex.md *.google-analytics.com analytics.google.com *.doubleclick.net; child-src 'self' blob: mc.yandex.ru mc.yandex.md crm.assist.ru crm.assist.kz; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com bitrix.info mc.yandex.ru mc.yandex.md; 2 upgrade-insecure-requests; report-to https://www.codium.ai; report-uri https://www.codium.ai; 2 frame-ancestors 'self' *.febas.de 2 default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 2 default-src 'self' deskline.net 'unsafe-inline' 'unsafe-eval' https: data: blob: 2 frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninassau.digital *.unama.digital *.univeritas.digital *.uninorte.digital *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br *.fasb.edu.br *.rdstation.com.br *.cursoscdmv.com.br https://cursoscdmv.com.br https://unijuazeiro.edu.br *.cloudfront.net *.unescnet.br *.fael.edu.br *.unifael.edu.br *.uni7.edu.br; 2 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://n0c357rmy1njbuit2friqwu.blob.core.windows.net; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/; 2 frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2 default-src 'self' telit.com *.telit.com blob: bing.com *.bing.com licdn.com google-analytics.com *.google-analytics.com demandbase.com *.demandbase.com company-target.com *.company-target.com *.licdn.com *.recaptcha.net recaptcha.net gstatic.com *.gstatic.com google.com youtube-nocookie.com *.youtube-nocookie.com youtube.com *.youtube.com ggpht.com *.ggpht.com googleapis.com *.googleapis.com ytimg.com *.ytimg.com *.doubleclick.net googletagmanager.com *.googletagmanager.com pardot.com *.pardot.com osano.com *.osano.com *.sharethis.com sharethis.com driftt.com *.driftt.com oribi.io *.oribi.io linkedin.com *.linkedin.com rlcdn.com *.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat gravatar.com *.gravatar.com w.org *.w.org wpengine.com *.wpengine.com yoast.com *.yoast.com jsdelivr.net *.jsdelivr.net wistia.com *.wistia.com helpscout.net *.helpscout.net *.litix.io litix.io cloudfront.net *.cloudfront.net *.devmobo.com cinterion.com *.cinterion.com securityscorecard.com *.securityscorecard.com *.googlesyndication.com googlesyndication.com *.facebook.net *.facebook.com *.alicdn.com *.typekit.net *.vimeo.com *.indeed.com *.killadsapi.com *.zi-scripts.com *.zoominfo.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://telit-newsletter.devmobo.com/l.php; base-uri 'self';frame-ancestors 'self' 2 default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 2 script-src 'self' 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://api.w3-edge.com https://www.googletagmanager.com https://www.googletagservices.com https://cdn.privacy-mgmt.com https://cdnjs.cloudflare.com https://secure.hook6vein.com https://www.details-enterprise-7.com https://pi.pardot.com https://www.google.com https://www.google-analytics.com https://go.skymedia.co.uk https://js-agent.newrelic.com https://bam.nr-data.net https://yoast.com https://ajax.googleapis.com https://assets.adobedtm.com https://www.gstatic.com https://skymediaglobal.b-cdn.net https://cdn.skymedia.de https://cdn.skymedia.ie https://cdn.skymedia.co.uk https://cdn.adsmartfromsky.co.uk https://cdn.adsmartfromsky.ie https://cdn.cflight.co.uk https://gdpr-tcfv2.sp-prod.net https://fluid.4strokemedia.com https://cdnb.4strokemedia.com https://z.moatads.com https://imasdk.googleapis.com/ https://pagead2.googlesyndication.com/ https://s0.2mdn.net;worker-src 'self' blob:;connect-src 'self' https://bam.nr-data.net https://cdn.privacy-mgmt.com https://my.yoast.com https://www.skymedia.co.uk https://cdn.skymedia.co.uk https://cdn.skymedia.ie https://cmp.skymedia.de https://edge.adobedc.net https://region1.google-analytics.com https://www.google-analytics.com https://www.google.com https://fluid.4strokemedia.com https://feed.4strokemedia.com https://api.condatis.sky https://playback.brightcovecdn.com https://videos.skysports.com https://manifest.prod.boltdns.net https://securepubads.g.doubleclick.net https://videos.skynews.com https://csi.gstatic.com;object-src 'self' https://skymediaglobal.b-cdn.net https://cdn.skymedia.co.uk; 2 default-src https: data: 'unsafe-inline'; 2 default-src 'self' ; connect-src 'self' www.google-analytics.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: i.ytimg.com image.tmdb.org *.gstatic.com *.google.com *.w.org *.gravatar.com *.vimeocdn.com *.phenomena.com; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com *.youtube.com *.vimeo.com *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com; frame-src 'self' *.youtube.com *.vimeocdn.com *.vimeo.com; frame-ancestors 'self'; object-src 'self' ; 2 worker-src blob:; img-src https: blob: data:; default-src 'self' ogletree.com data: https: 'unsafe-eval' 'unsafe-inline'; frame-src blob: https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onenorth.com *.ropesgray.com *.cookielaw.org *.google.com *.gstatic.com *.googletagmanager.com https://cdn.iframe.ly *.sharethis.com siteimproveanalytics.com *.passle.net *.linkedin.com *.licdn.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.lfeeder.com *.vimeo.com *.twitter.com; img-src 'self' data: *.onenorth.com *.ropesgray.com *.sharethis.com *.googletagmanager.com *.linkedin.com *.siteimproveanalytics.io *.adsymptotic.com *.lfeeder.com *.google.com *.google-analytics.com *.doubleclick.net *.twitter.com *.passle.net *.cookielaw.org *.ropesgray.com *.onenorth.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.myfonts.net *.sharethis.com *.passle.net *.cloudflare.com *.cloudfront.net *.typekit.net *.googleapis.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.myfonts.com *.cloudfront.net *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.ropesgray.com https://cdn.iframe.ly *.sharethis.com *.passle.net *.taleo.net *.brightcove.net *.google.com *.youtube.com *.vimeo.com *.yoshki.com *.twitter.com *.transistor.fm https://datawrapper.dwcdn.net https://www.googletagmanager.com; connect-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.sharethis.com *.google-analytics.com *.doubleclick.net *.passle.net *.crwdcntrl.net *.oribi.io https://www.google.com; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' https://*.axfood.se https://*.willys.se https://*.hemkop.se 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://babiel.jobbase.io https://babiel.onlyfy.jobs https://*.usercentrics.eu https://www.instagram.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' data: https://www.google-analytics.com https://*.usercentrics.eu; frame-src 'self' https://babiel.jobbase.io https://babiel.onlyfy.jobs https://www.youtube-nocookie.com https://www.instagram.com https://*.usercentrics.eu; connect-src 'self' https://www.google-analytics.com https://*.usercentrics.eu 2 frame-ancestors 'self' https://*.acepta.com 2 frame-ancestors 'self' https://fispi.kws.com https://fispi.kws-qa.com https://kws.workbox.de 2 default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 2 script-src 'self' blob: *.citysbs.com *.19lou.com *.cqmmgo.com *.19louimg.cn *.baidu.com *.baidustatic.com api.map.baidu.com *.bdstatic.com *.pstatp.com c.mipcdn.com tjs.sjs.sinajs.cn c.cnzz.com s22.cnzz.com res.wx.qq.com apis.map.qq.com c.dun.163.com cstaticdun.126.net s11.cnzz.com static.geetest.com api.geetest.com *.alicdn.com *.bdimg.com c.dun.163yun.com jsapi.qq.com mat1.gtimg.com analytics.snssdk.com app.citybrain.hangzhou.gov.cn 19lou.xyani.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.19lou.com/report 2 default-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; script-src * 'unsafe-inline' 'self' 'unsafe-eval' blob:; object-src data: 'self'; base-uri 'self'; connect-src 'self' https://* * data: 'unsafe-inline'; img-src * data: blob: 'self' 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; child-src blob: 'self'; worker-src blob: 'self'; frame-ancestors 'self' https://*.contentful.com https://*.salesforce.com https://*.site.com https://*.force.com https://*.segment.com https://*.algolia.io https://*.cookieinformation.com https://*.typeform.com https://*.youtube.com https://*.vimeo.com 2 default-src 'self' data: blob: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 2 default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com https://google.com *.googlesyndication.com *.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://googleads.g.doubleclick.net *.cookiebot.com https://cookiebot.com https://plausible.io *.beslist.nl; worker-src *.convertexperiments.com blob:; frame-ancestors 'self' https://pwisao1609.prd.corp; report-uri https://www.lobbes.nl/CspReport; report-to https://www.lobbes.nl/CspReport; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com https://tally.so/ *.tally.so *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com https://tally.so/ *.tally.so; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 2 script-src 'self' 'unsafe-eval' https://swyftx.com https://stg.swyftx-dev.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apps.rokt.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://swyftx.com https://widget.swyftx.com https://metrics.swyftx.com https://stg.swyftx-dev.net https://app.intotheblock.com https://yoast.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://www.redditstatic.com https://static.ads-twitter.com https://cdn.branch.io https://analytics.tiktok.com https://bat.bing.com https://cdn.pdst.fm https://app.link https://static.hotjar.com https://script.hotjar.com https://cdn.callrail.com/ https://js.callrail.com/ https://g10102301085.co https://cdn.veritonic.com https://widget.intercom.io https://js.intercomcdn.com https://apps.rokt.com https://secure.quantserve.com https://rules.quantcount.com https://*.optimizely.com; frame-src 'self' blob: data: https://metrics.swyftx.com https://widget.swyftx.com https://www.google.com/ https://*.youtube.com https://platform.twitter.com https://11770793.fls.doubleclick.net https://td.doubleclick.net https://apps.rokt.com https://a5342079895732224.cdn.optimizely.com https://a5342079895732224.cdn-pci.optimizely.com; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://analytics.tiktok.com; connect-src 'self' https://swyftx.com https://apic.swyftx.com https://metrics.swyftx.com https://analytics.tiktok.com https://ads.tiktok.com https://atr.veritonicmetrics.com https://ip.veritonicmetrics.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://my.yoast.com https://dev.visualwebsiteoptimizer.com https://js.callrail.com https://api.intotheblock.com https://pixel.quantcount.com https://pixel.quantserve.com https://logx.optimizely.com https://*.optimizely.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src 'self' https://swyftx.com https://js.intercomcdn.com; img-src * 'self' data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.optimizely.com; 2 default-src 'self' https://mw-ar-recom-prod.pgapi.io/; media-src https://videos.ctfassets.net; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://www.googletagmanager.com/debug/* https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net/* https://adservice.google.com https://www.googleadservices.com https://capig.bhd.com.do https://*.analytics.google.com https://analytics.google.com https://tagmanager.google.com/ https://us-central1-bhd-global.cloudfunctions.net https://api.sendgrid.com https://8265mwtvn6.execute-api.us-east-1.amazonaws.com https://static.bhd.com.do https://backend.bhd.com.do https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://search.bhd.com.do https://connect.facebook.net https://stats.g.doubleclick.net; img-src 'self' data: https://static.bhd.com.do https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.com.ar https://*.google.as https://*.google.com.bd https://*.google.be https://*.google.com.bo https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.de https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.es https://*.google.com.et https://*.google.fr https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gr https://*.google.com.gt https://*.google.hn https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.in https://*.google.je https://*.google.co.jp https://*.google.com.kh https://*.google.ki https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.co.ma https://*.google.mg https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.ni https://*.google.nl https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.com.sb https://*.google.sh https://*.google.sn https://*.google.sm https://*.google.st https://*.google.co.th https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.com.uy https://*.google.com.vc https://*.google.co.ve https://*.google.com.vn https://*.google.vu https://*.google.co.za https://*.google.cat https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com/ https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.gstatic.com https://fonts.googleapis.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://static.bhd.com.do; manifest-src 'self'; worker-src 'self' blob:; 2 frame-ancestors app.contentful.com app.optimizely.com 2 default-src https: 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;style-src * 'self' data: 'unsafe-inline';script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com; object-src 'none' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://api.firststreet.org https://events.statsigapi.net https://statsigapi.net https://plausible.io https://featuregates.org https://googleads.g.doubleclick.net https://*.js.stripe.com https://connect-js.stripe.com https://js.stripe.com https://checkout.stripe.com https://api.hcaptcha.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com https://s.ytimg.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com; child-src 'self' blob: https://www.googleadservices.com https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: blob: https://raw.githubusercontent.com https://assets.firststreet.org https://assets.riskfactor.com https://*.stripe.com http://www.w3.org/2000/svg https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.com https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://assets.floodfactor.com https://i.ytimg.com https://img.youtube.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://connect-js.stripe.com https://checkout.stripe.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://api.hcaptcha.com https://www.googletagmanager.com https://www.google.com https://td.doubleclick.net https://www.googleadservices.com https://bid.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://js.hs-forms.com; frame-ancestors 'none'; media-src 'self' https://assets.firststreet.org https://assets.riskfactor.com https://www.youtube.com https://youtube.com https://youtu.be; connect-src 'self' https://*.riskfactor.com https://*.riskfactor.dev https://maps.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com/pagead/ https://www.google.com/ccm/collect https://api.firststreet.org https://plausible.io https://*.doubleclick.net https://www.google-analytics.com https://api.stripe.com https://checkout.stripe.com https://*.firststreet.org https://*.firststreet.dev https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://td.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.youtube.com https://youtube.com https://youtu.be https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com https://featureassets.org https://events.statsigapi.net https://statsigapi.net https://api.statsig.com https://featuregates.org https://beyondwickedmapping.org wss://realtime.statsigapi.net https://api.statsigcdn.com https://prodregistryv2.org https://cloudflare-dns.com https://assetsconfigcdn.org https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://youtu.be https://img.youtube.com https://i.ytimg.com https://s.ytimg.com; report-uri https://o96591.ingest.sentry.io/api/4507611656159232/security/?sentry_key=42354ebeb5d22fbb2bb3100a5c58c995; worker-src 'self' blob: https://localhost:3000 https://*.riskfactor.dev https://*.firststreet.dev https://*.firststreet.org 2 default-src 'self' mittwald.de *.mittwald.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net pixel.byspotify.com assets.calendly.com *.youtube.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.redditstatic.com *.signalize.com *.etracker.com *.etracker.de *.hotjar.com pretix.eu *.ads.linkedin.com snap.licdn.com *.googletagmanager.com *.adform.net mittwald.de *.mittwald.de; style-src 'self' 'unsafe-inline' assets.calendly.com *.hotjar.com pretix.eu; img-src 'self' data: www.etracker.de assets.calendly.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com alb.reddit.com *.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net px.ads.linkedin.com mittwald.de *.mittwald.de; font-src 'self' data: assets.calendly.com assets.calendly.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com *.hotjar.com mittwald.de *.mittwald.de; connect-src 'self' pixels.spotify.com wss://umd.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com www.redditstatic.com *.signalize.com *.etracker.de *.hotjar.com *.hotjar.io wss://*.hotjar.com pretix.eu px.ads.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net pixel-config.reddit.com mittwald.de *.mittwald.de blob:; media-src 'self' userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com mittwald.de *.mittwald.de blob:; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net mittwald.de *.mittwald.de blob:; frame-src 'self' td.doubleclick.net googletagmanager.com *.googletagmanager.com calendly.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.youtube.com www.youtube-nocookie.com player.vimeo.com *.adform.net pretix.eu mittwald.de *.mittwald.de; frame-ancestors 'self' https://*.etracker.com; 2 default-src 'self' *.amazonaws.com *.tarteel.ai *.tarteel.io *.mixpanel.com *.stripe.com *.sentry.io *.wasabisys.com tarteel.zendesk.com https://vercel.live/ https://vercel.com https://*.vercel.com wss://*.pusher.com https://*.gstatic.com https://*.google-analytics.com; script-src 'self' 'unsafe-eval' *.mixpanel.com *.stripe.com *.appsflyer.com https://vercel.live/ https://vercel.com https://*.vercel.com; style-src 'self' 'unsafe-inline' *; img-src 'self' static-cdn.tarteel.ai *.wasabisys.com https://vercel.live/ https://vercel.com https://*.vercel.com https://sockjs-mt1.pusher.com/ data: blob: *.ytimg.com *.tiktokcdn.com *.tiktokcdn-us.com unpkg.com; object-src 'self' data:; frame-src 'self' *.tiktok.com *.stripe.com https://vercel.live/ https://vercel.com https://*.vercel.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.facebook.com; script-src-elem 'self' blob: 'unsafe-inline' *; worker-src 'self' blob:; frame-ancestors 'none'; 2 font-src 'self'; object-src 'none'; base-uri 'self'; 2 default-src * data:; script-src https: http://suzukicycles.local http://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src https: http://suzukicycles.local 'unsafe-inline' 2 frame-ancestors 'self' https://*.ftm.nl https://*.ftm.eu 2 default-src 'self' pghub.io; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; font-src 'self' https://fonts.gstatic.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.ctfassets.net *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; frame-src https://www.googletagmanager.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://pg-lex.my.salesforce-sites.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://*.analytics.google.com https://*.googletagmanager.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; 2 object-src data:; base-uri 'self' studio.plasmic.app analytics.plasmic.app; frame-ancestors 'self' studio.plasmic.app analytics.plasmic.app partners.abnormalsecurity.com partners.abnormal.ai cms.abnormalsecurity.com cms.abnormal.ai staging-cms.abnormalmarketing.dev 2 worker-src 'self' blob: ;script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; 2 frame-ancestors members.rexmd.com members.navamd.com members.lifemd.com *.lifemd.com 2 object-src 'none'; frame-ancestors 'none'; 2 frame-ancestors 'self' https://2gis.ru https://zoon.ru https://sravni.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com 2 default-src 'self' ; connect-src 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com https://dpm.demdex.net https://platform.linkedin.com/ https://px.ads.linkedin.com/wa/ https://api.userway.org/ https://cdn.userway.org/ https://*.pioneerinvestments.com https://pioneerinvestments.com https://online.flippingbook.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vcm.onlineprospectus.net https://www.facebook.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hsforms.net https://js.hsadspixel.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.id.opendns.com https://js.hs-banner.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://contentdsp.com https://assets.juicer.io https://cdnjs.cloudflare.com https://www.youtube.com https://apps.usw2.pure.cloud https://www.bugherd.com https://use.typekit.net https://dinkytown.net https://code.jquery.com https://assets.adobedtm.com https://s.ytimg.com https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://platform.linkedin.com/ https://linkedin.com/ https//*linkedin.com https://px.ads.linkedin.com/wa https://www.linkedin.com/ https://player.vimeo.com/ https://cdn.userway.org/ https://online.flippingbook.com ; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.typekit.net https://dinkytown.net https://d2iiunr5ws5ch1.cloudfront.net https://tags.srv.stackadapt.com https://assets.juicer.io https://www.bugherd.com https://vcm.onlineprospectus.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://www.dinkytown.net https://linkedin.com/ https://px.ads.linkedin.com/wa https//*linkedin.com https://cdn.userway.org/ https://online.flippingbook.com ; img-src 'self' https://d2iiunr5ws5ch1.cloudfront.net https://d21y75miwcfqoq.cloudfront.net https://www.juicer.io https://*.fbcdn.net https://www.google.co.in https://p.adsymptotic.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://dpm.demdex.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://media-exp1.licdn.com https://*.id.opendns.com https://pbs.twimg.com https://assets.juicer.io https://smetrics.vcm.com https://cm.everesttech.net https://p.typekit.net https://srv.stackadapt.com https://platform.linkedin.com/ https://cdn.userway.org/ https://online.flippingbook.com ; font-src 'self' https://www.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://static.juicer.io https://stackpath.bootstrapcdn.com data://* use.typekit.net https://cdn.userway.org/ https://online.flippingbook.com ; worker-src blob: ; frame-src https://vcm.demdex.net https://www.youtube.com https://vcm-mkt-stage1-m.adobe-campaign.com https://t.mail.vcm.com https://bid.g.doubleclick.net https://html5-player.libsyn.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://10877860.fls.doubleclick.net https://www.linkedin.com/ https://connect.rightprospectus.com/ https://player.vimeo.com/ https://cdn.userway.org/ https://online.flippingbook.com ; media-src https://video.twimg.com https://*.fbcdn.net https://player.vimeo.com/ ; form-action 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com https://dpm.demdex.net https://webto.salesforce.com https://cdn.userway.org/ https://*.pioneerinvestments.com https://pioneerinvestments.com https://online.flippingbook.com ; report-to csp-endpoint; report-uri https://*.vcm.com; 2 frame-ancestors 'self' https://*.myatproperties.com/ https://*.myansleyatlanta.com https://*.mychristiesre.com/; 2 default-src 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu www.dachser.com translate.googleapis.com;object-src 'self';base-uri 'self';font-src 'self' data: fonts.gstatic.com github.com player.podigee-cdn.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com static3.avast.com;frame-src 'self' dachser-warehouse.atrivio.net app.usercentrics.eu veronline.me players.brightcove.net player.podigee-cdn.net players.brightcove.net dachser-warehousekapazitaeten.atrivio.net;img-src 'self' data: *.usercentrics.eu *.dachser.ch cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com app.usercentrics.eu www.dachser.com www.gstatic.com translate.google.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de webtr.dachser.com www.facebook.com;manifest-src 'self';media-src blob: 'self';worker-src blob: ;connect-src mailto: 'self' www.dachser.com maps.googleapis.com bcboltbde696aa-a.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com *.usercentrics.eu www.etracker.de webtr.dachser.com dachser-locations.atrivio.net www.google-analytics.com www.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' webtr.dachser.com code.etracker.com app.usercentrics.eu edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net maps.googleapis.com www.dachser.com 3001.scriptcdn.net s3-us-west-2.amazonaws.com s3.amazonaws.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com 2508t.dsp7c.com connect.facebook.net maps.googleapis.com www.dachser.com www.etracker.de webtr.dachser.com https://code.etracker.com/t.js https://dmr-notification.atrivio.net/js/main.js https://maps.googleapis.com/maps/api/js https://static.etracker.com/code/e.js https://www.etracker.de/cntcc;script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' webtr.dachser.com www.googletagmanager.com edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net app.usercentrics.eu cdn.podigee.com player.podigee-cdn.net maps.googleapis.com najiwu.xeyutezepo.com www.dachser.com dmr-notification.atrivio.net static.etracker.com www.etracker.de data1.pamurt.com bopati.xuyobidexe-vipopucec.com code.etracker.com data1.scopich.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de www.facebook.com www.gstatic.com;style-src-attr 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' player.podigee-cdn.net www.dachser.com cdn.podigee.com; report-uri https://atrivio.report-uri.com/r/d/csp/reportOnly https://atrivio.report-uri.com/r/d/csp/wizard; 2 frame-ancestors 'self' https://*.sherweb.com https://cumulus.sherweb.com https://cloudmanagerportal.com https://cumulus.ismgrid.com https://techdata.sherweb.com https://control.intellam.com https://cumulus.fusenetworks.com https://cloud.itpartners.com https://portal.massiveit.com https://control.careservtech.com https://billing.rak4cloud.com https://control.gocareserv.help 2 frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 2 frame-ancestors 'self' *.zinghr.com teams.microsoft.com *.teams.microsoft.com *.skype.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-script.monsido.com/ https://cdn-apac.onetrust.com/ https://u.heatmap.it/ https://cdn.yellowmessenger.com/ https://www.google.com/ https://www.gstatic.com/ https://static.elfsight.com/platform/platform.js https://www.petronas.com/608242b4-6b3e-4aff-8979-014519414d0c https://app-script.monsido.com/ https://static.elfsight.com/ https://api.swiftype.com/ https://geotargetly-api-1.com/ https://g10498469755.co/ https://code.jquery.com/ ; object-src 'none'; upgrade-insecure-requests 2 frame-ancestors 'self' monpasscrea.bpifrance-creation.fr; frame-src 'self' www.onlineassessmenttool.com static.addtoany.com www.easy-lms.com openn.qls.cloud.bpifrance.fr www.slideshare.net view.genial.ly view.genially.com fr.slideshare.net www.youtube.com www.youtube-nocookie.com 3242--mon-entreprise.netlify.app cdn.trustcommander.net aides-entreprises.fr embauche.beta.gouv.fr mon-entreprise.urssaf.fr www.onlineassessmenttool.com ace.easy-lms.com www.ultimedia.com; 2 default-src 'self' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com *.adobecqms.net maps.google.com; style-src 'self' 'unsafe-inline' https://w3q3.bancomontepio.pt/ *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com fonts.googleapis.com *.mkt.dynamics.com *.dynamics.com *.dyn365mktg.com *.azureedge.net *.azurefd.net *.cloudflare.com *.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com www.googletagmanager.com www.googleadservices.com *.google-analytics.com *.google.com *.googlesyndication.com snap.licdn.com static.ads-twitter.com cdn.evgnet.com cdn1.adoberesources.net www.redditstatic.com *.hotjar.com connect.facebook.net www.clarity.ms bat.bing.com analytics.tiktok.com s.pinimg.com *.qualtrics.com www.youtube.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com code.jquery.com ct.pinterest.com *.cookielaw.org maps.googleapis.com maps.gstatic.com *.cloudflare.com *.mkt.dynamics.com *.dyn365mktg.com *.dynamics.com https://www.youtube.com https://s.ytimg.com *.cloudflare.com *.azureedge.net https://mitsweb.iitech.dk; img-src 'self' data: *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com *.gstatic.com maps.gstatic.com cdn.cookielaw.org *.google.com *.googleapis.com https://i.ytimg.com *.cloudflare.com *.googlesyndication.com *.googletagmanager.com; frame-src 'self' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com maps.google.com www.google.com *.mkt.dynamics.com *.dynamics.com *.dyn365mktg.com https://www.youtube.com https://youtube.com *.google.com *.googletagmanager.com *.google-analytics.com blob: data:; frame-ancestors 'self' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com *.adobecqms.net maps.google.com; object-src 'self' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com *.adobecqms.net blob: data:; connect-src 'self' *.bancomontepio.com *.bancomontepio.pt *.google.com www.gstatic.com *.montepio.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com *.googleapis.com *.google.com *.mkt.dynamics.com *.dynamics.com *.dyn365mktg.com *.azureedge.net *.azurefd.net *.cloudflare.com *.cloudflare-insights.com https://www.youtube.com https://s.ytimg.com *.googlesyndication.com *.googletagmanager.com; font-src 'self' fonts.gstatic.com *.bancomontepio.pt *.dynamics.com data:; base-uri 'self'; 2 default-src 'self' https://*.mhh.de chrome-extension; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://cdnjs.cloudflare.com ; script-src-attr 'self' 'unsafe-inline' https://*.mhh.de; connect-src 'self' https://*.mhh.de https://*.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://*.mhh.de; img-src 'self' data: https://*.mhh.de https://*.ytimg.com ; frame-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; child-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://www.mhh.de/_mc/csp; report-to https://www.mhh.de/_mc/csp 2 upgrade-insecure-requests; frame-ancestors 'self' https://www.bharatpetroleum.in 2 frame-ancestors 'self' https://prd-cd-01-mdc-us-ce.wsf-e-loreal.com https://prd-cd-01-mdc-us-tc.wsf-e-loreal.com https://prd-cd-01-mdc-us-us.wsf-e-loreal.com https://prd-cd-mdc-us-ce.wsf-e-loreal.com https://prd-cd-mdc-us-tc.wsf-e-loreal.com https://prd-cd-mdc-us-us.wsf-e-loreal.com https://www.makeup.com https://www.skincare.com 2 default-src 'self' https://play.vidyard.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://analytics.ahrefs.com https://*.stackadapt.com https://cdn.bizible.com https://cdn.cookielaw.org https://*.websitevoice.com https://analytics.funnelfuel.io https://matomo.funnelfuel.io https://www.youtube.com https://www.gstatic.com https://www.googleadservices.com https://ajax.cloudflare.com https://www.brighttalk.com https://www.google.com https://scout-cdn.salesloft.com https://pagead2.googlesyndication.com https://code.jquery.com https://ajax.cloudflare.com https://analytics.funnelfuel.io https://ajax.googleapis.com https://www.googleoptimize.com https://platform.twitter.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://j.6sc.co https://js.adsrvr.org https://munchkin.marketo.net https://pages.blueprism.info https://play.vidyard.com https://siteintercept.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloud.coveo.com https://tracking.g2crowd.com https://unpkg.com https://www.gartner.com https://www.google-analytics.com https://www.googletagmanager.com https://zn6hxtfylyqcfawhp-blueprism.siteintercept.qualtrics.com; style-src 'unsafe-inline' 'unsafe-hashes' 'report-sample' 'self' https://*.stackadapt.com https://widget.websitevoice.com https://cdn.jsdelivr.net https://www.opoint.no https://cdn.jsdelivr.net/jquery.slick https://use.typekit.net https://p.typekit.net https://unpkg.com https://cdnjs.cloudflare.com https://www.blueprism.com https://cloud.typography.com https://fonts.googleapis.com https://higherlogiccloudfront.s3.amazonaws.com https://pages.blueprism.info https://static.cloud.coveo.com https://www.gartner.com; object-src 'none'; base-uri 'self' https://tei-forrester.com; connect-src 'self' https://*.onetrust.com https://analytics.ahrefs.com https://*.stackadapt.com https://insight.adsrvr.org https://cdn.jsdelivr.net https://cdn.cookielaw.org https://analytics-eu.cloud.coveo.com https://sr.qualtrics.com https://tracking-api.g2.com https://www.google.cl https://www.google.co.in https://www.google.com.mx https://www.google.co.uz https://www.google.hu https://www.googletagmanager.com https://www.google.co.za https://analytics-eu.cloud.coveo.com https://privacyportal-uk.onetrust.com https://hnd1.sr.qualtrics.com https://geolocation.onetrust.com https://fonts.googleapis.com https://544-mlv-234.mktoutil.com https://lhr1.sr.qualtrics.com https://matomo.funnelfuel.io https://region1.google-analytics.com https://secure.adnxs.com https://sr.qualtrics.com https://tracking-api.production.g2.com https://translate.googleapis.com https://unpkg.com https://www.facebook.com https://www.google.ca https://www.google.ch https://www.google.co.kr https://www.google.co.ma https://www.google.co.uk https://www.google.com.br https://www.google.com.hk https://www.google.com.my https://www.google.fr https://www.google.de https://www.google.es https://www.google.it https://www.google.je https://www.youtube.com https://yul1.sr.qualtrics.com https://www.google.com https://secure.adnxs.com https://scout.salesloft.com https://region1.analytics.google.com https://privacyportal-uk.onetrust.com https://platform-eu.cloud.coveo.com https://pdx1.sr.qualtrics.com https://iad1.sr.qualtrics.com https://pages.blueprism.info https://geolocation.onetrust.com https://feed-proxy.craftcms.com https://eps.6sc.co https://cloud.typography.com https://api.craftcms.com https://higherlogiccloudfront.s3.amazonaws.com https://v.eps.6sc.co https://analytics.funnelfuel.io https://c.6sc.co https://px.ads.linkedin.com https://geolocation.onetrust.com https://fra1.sr.qualtrics.com https://544-mlv-234.mktoresp.com https://analytics.google.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://epsilon.6sense.com https://ipv6.6sc.co https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://www.blueprism.com https://higherlogiccloudfront.s3.amazonaws.com; frame-src 'self' https://open.spotify.com https://embed.podcasts.apple.com/ https://tei.forrester.com https://google.com https://www.googletagmanager.com https://9848451.fls.doubleclick.net https://www.youtube.com https://www.google.com https://www.gartner.com https://www.brighttalk.com https://tei.forrester.com https://td.doubleclick.net https://player.vimeo.com https://match.adsrvr.org https://insight.adsrvr.org https://pages.blueprism.info https://platform.twitter.com https://play.vidyard.com https://www.facebook.com; img-src 'self' https://*.linkedin.com/ https://cdn.bizible.com https://cdn.bizibly.com https://cdn.cookielaw.org https://www.google.co.th https://www.google.com.uy https://event.on24.com https://fonts.gstatic.com https://pages.blueprism.info https://translate.google.com https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.uk https://www.google.com.hk https://www.google.com.my https://www.google.com.pk https://www.google.com.sg https://www.google.com.vn https://www.google.dk https://www.google.ie https://www.google.lk https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.it https://www.google.com.do https://www.google.com.mx https://www.google.com.ph https://www.google.com.sa https://www.google.com.gt https://www.google.com.co https://www.google.com.br https://www.google.com.au https://www.google.co.id https://www.google.bf https://www.google.gg https://www.google.fr https://www.google.fi https://www.google.es https://www.google.de https://www.google.com https://www.google.co.za https://www.google.co.ve https://www.google.co.uk https://www.google.co https://www.google.cl https://www.google.ch https://www.google.ca https://www.google.be https://www.google.at https://www.google.ae https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://analytics.funnelfuel.io https://ade.googlesyndication.com https://www.google.se https://www.google.nl https://cdn.vidyard.com https://cdn-ukwest.onetrust.com https://www.blueprism.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://files.blueprism.com https://play.vidyard.com https://px.ads.linkedin.com https://reviews.static.gartner.com https://siteintercept.qualtrics.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self' *.blueprism.com bpu.builtbymasonry.com bpu.ddev.site; report-uri https://0c754a7ddb1ed1988dd08948153b2ba5.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2 default-src 'self'; font-src 'self' data: oymcdn.co.uk fonts.gstatic.com; script-src 'self' 'unsafe-inline' oymcdn.co.uk *.cookie-script.com www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com songbird.cardinalcommerce.com js.stripe.com browser.sentry-cdn.com js.sentry-cdn.com 'unsafe-eval'; connect-src 'self' *.cookie-script.com vod-progressive.akamaized.net vod-progressive-ak.vimeocdn.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com api.stripe.com js.stripe.com issuing-key.stripe.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com sentry.io www.onlinescoutmanager.co.uk:3000 wss://www.onlinescoutmanager.co.uk:3000 aws-preview.onlinescoutmanager.com:3000 wss://aws-preview.onlinescoutmanager.com:3000 dojotoolkit.org; img-src 'self' data: oym-public.s3.eu-west-2.amazonaws.com oymcdn.co.uk *.openstreetmap.org i.vimeocdn.com assets.braintreegateway.com checkout.paypal.com; form-action 'self' *.cardinalcommerce.com *.arcot.com songbird.cardinalcommerce.com *.rda3dsauth.co.uk *.ipg-online.com; base-uri 'self'; manifest-src 'self' oymcdn.co.uk; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src * data: blob: ; media-src 'self' oym-live.s3.eu-west-2.amazonaws.com player.vimeo.com vod-progressive.akamaized.net vod-progressive-ak.vimeocdn.com; style-src 'self' 'unsafe-inline' oymcdn.co.uk fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' oymcdn.co.uk fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' oymcdn.co.uk *.cookie-script.com www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com songbird.cardinalcommerce.com js.stripe.com browser.sentry-cdn.com js.sentry-cdn.com; report-uri /webhooks/csp/?blocked=true; 2 frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 2 frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2 frame-ancestors https://connext.conti.de/; 2 frame-ancestors 'self' https://*.paperflite.com https://*.cleverstory.io https://*.iotbusiness-platform.com https://discover.cority.com https://resources.cority.com https://cority.lightning.force.com 2 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com https://cdn.livechat-files.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/ https://challenges.cloudflare.com; 2 frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch *.privent.ch *.upc-print.ch safeavenue.f-secure.com sunrisemoments.ch www.ticketcorner.ch; 2 frame-ancestors 'self' https://www.mibaby.de/ https://jupiter.kk.lan/ 2 default-src 'self';script-src 'self' https://www.youtube.com https://yt.zone-secure.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.matomo.cloud/matomo.js https://unpkg.com/friendly-challenge@0.9.11/widget.module.min.js 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline';object-src 'none';base-uri 'self'; connect-src 'self' https://www.havas.fr https://region1.google-analytics.com https://www.google-analytics.com https://havasgroup-site.matomo.cloud;font-src 'self' data:;frame-src 'self' https://gateway.euronext.com https://www.dailymotion.com https://www.youtube-nocookie.com https://geo.dailymotion.com https://player.vimeo.com https://sdk.companywebcast.com;img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://s2.dmcdn.net/ https://s1.dmcdn.net/;manifest-src 'self';media-src 'self'; 2 frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 2 default-src 'self'; connect-src 'self' https://api.newsletter2go.com; frame-ancestors 'self'; form-action 'self'; img-src 'self' https://files.newsletter2go.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.newsletter2go.com; style-src 'self' 'unsafe-inline'; 2 child-src blob: ; style-src 'self' 'unsafe-inline' https://*.bmfsfj.de https://*.init-ag.de ; connect-src 'self' https://*.bmfsfj.de https://*.init-ag.de https://analytics.init.de https://api.friendlycaptcha.com/ https://eu.frcapi.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.init-ag.de https://*.bmfsfj.de https://analytics.init.de 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ ; worker-src blob: ; media-src 'self' blob: data: https://*.streamfarm.net https://*.bmfsfj.de https://*.init-ag.de ; frame-src 'self' https://*.video.taxi https://*.init.de https://infotool-familie.de https://www.infotool-familie.de https://*.init-ag.de https://*.bmfsfj.de https://c19.bundesbots.de/ https://familienbot.bundesbots.de https://familienbot.azr.juacvoe.net/ https://*.cloudfront.net https://eu.frcapi.com ; frame-ancestors 'self' https://*.bmfsfj.de https://infotool-familie.de https://www.infotool-familie.de https://*.init-ag.de ; img-src 'self' data: 'unsafe-inline' https://*.bmfsfj.de https://*.init-ag.de https://*.bitvtest.de https://bitvtest.de ; default-src 'self' blob: ; font-src 'self' data: https://*.bmfsfj.de https://*.init-ag.de 2 default-src 'self' https://8chan.moe https://8chan.se https://8chan.cc http://alephchvkipd2houttjirmgivro5pxullvcgm4c47ptm7mhubbja6kad.onion https://www.youtube.com https://www.invidio.us https://invidious.snopyta.org https://yewtu.be https://8chan.tv https://liveleak.com https://www.bitchute.com https://8chan.redchannit.xyz https://www.youtube-nocookie.com data: ws: wss: style-src: 'unsafe-inline' script-src: 'wasm-unsafe-eval' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; img-src 'self' data: blob: https://*.cloudfront.net https://*.crowdriff.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 2 default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; connect-src * 'self'; frame-src * 'self'; font-src * 'self'; media-src * 'self'; object-src * 'self'; worker-src 'self' blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://api.openai.com https://*.boxever.com https://*.coveo.com https://global.ketchcdn.com https://cdn.ketchjs.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://cm.vizient.localhost https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://tag.demandbase.com https://api.company-target.com https://company.target.com https://rlcdn.com https://id.rlcdn.com https://scripts.demandbase.com https://segments.company-target.com https://tag-logger.demandbase.com https://www.juicer.io https://datawrapper.dwcdn.net https://assets.juicer.io https://static.juicer.io https://media.licdn.com https://a.usbrowserspeed.com https://img.genially.com https://view.genially.com https://view.genial.ly https://*.simpli.fi https://cdn.knightlab.com https://vizient.wispform.com https://*.6sc.co https://secure.adnxs.com https://epsilon.6sense.com https://s.company-target.com; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 2 frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com *.9fftech.com https://*.9fftech.com https://*.tau2904.com https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cmspilot.ttbbank.local 2 frame-ancestors 'self' https://*.us-2.platformsh.site https://*.leicabiosystems.com https://punchoutcommerce.com https://*.tradecentric.com https://*.sciquest.com https://*.jaggaer.com https://*.ariba.com https://*.punchout2go.com https://*.ziphq.com; report-uri /report-csp-violation 2 frame-ancestors 'self' *.drugsredalert.nl *.drugs-test.nl *.medialift.nl *.drugsinfo.nl *.readymag.com *.alcoholinfo.nl *.allesoverdrinken.nl *.ledd.nl *.trimbos.nl *.drugsenuitgaan.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl *.helderopschool.nl *.geweldinjeugdzorginfo.nl *.nationaledrugmonitor.nl *.trimbosportaal.nl *.ican-app.nl ican-app.nl; 2 frame-ancestors 'self' https://*.storyblok.com/ 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com *.mouseflow.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' *.mouseflow.com; upgrade-insecure-requests; 2 upgrade-insecure-requests; base-uri 'self' *.idec.com; img-src 'self' https: *.idec.com https://px.ads.linkedin.com https://ssl.google-analytics.com blob: data:; style-src 'unsafe-inline' https:; font-src https: data:; object-src *.idec.com https://h.online-metrix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.idec.com https://*.hsforms.net https://js.hsforms.net https://*.beschannels.com https://*.dingxiang-inc.com https://*.jquery.com https://*.marketo.com https://*.marketo.net https://*.force.com https://*.salesforce.com https://*.doubleclick.net https://*.google.com https://tpc.googlesyndication.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.go-mpulse.net https://browser-update.org https://*.salesforceliveagent.com https://snap.licdn.com https://*.webtraxs.com https://api.ipify.org https://cdn.doofinder.com https://rw1.marchex.io https://h.online-metrix.net https://flex.cybersource.com https://s.yimg.jp https://yubinbango.github.io https://*.feedbackify.com https://consent.cookiebot.com https://platform-api.sharethis.com https://code.jivosite.com https://www.gstatic.com https://consentcdn.cookiebot.com https://buttons-config.sharethis.com https://t.sharethis.com https://s3.amazonaws.com https://599-euj-018.mktoresp.com https://684d0d41.akstat.io https://orbitvu.co https://*.orbitvu.co https://*.imagino.com https://hm.baidu.com https://app.mailjet.com https://www.youtube.com https://bat.bing.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hubspot.com https://js.hsadspixel.net https://js.zi-scripts.com https://h64.online-metrix.net blob:; 2 frame-ancestors 'self' https://www.sexfreehd.xxx https://www.sexfreehdxxxin.com https://www.sexfreehdxxx.pro 2 default-src 'self'; script-src 'self' *.livechatinc.com *.mouseflow.com https://*.googletagmanager.com https://challenges.cloudflare.com https://maps.googleapis.com https://fonts.google.com; connect-src 'self' *.livechatinc.com *.mouseflow.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleapis.com https://maps.googleapis.com controlpanel.voipfone.co.uk api.voipfone.co.uk; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'self' *.livechatinc.com; frame-src 'self' *.livechatinc.com https://*.google.com https://challenges.cloudflare.com https://www.youtube.com; frame-ancestors 'none'; report-uri https://api.voipfone.co.uk/v1/csp-report; report-to csp-report 2 : upgrade-insecure-requests 2 frame-ancestors 'self' pagecloud.com www.pagecloud.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob: 2 base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://maps.gstatic.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://picsum.photos; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://static.hotjar.com https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://cloudflareinsights.com ws://localhost:24678/; frame-src 'self' https://www.youtube.com/; script-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' learninglemur.com learninglemur.wiris.kitchen 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.jsdelivr.net cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee analytics.google.com bugcrowd.com assets.bugcrowdusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com mb.cision.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee px.ads.linkedin.com wss://www.upm.com t.lianacem.com px.ads.linkedin.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com bugcrowd.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; media-src 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2 default-src https:;img-src 'self' https: data:;connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;font-src 'self' data: https:;worker-src 'self' https: blob: 2 frame-ancestors *.netrtl.com 2 default-src https://app-sj22.marketo.com; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' https://cdn.cookielaw.org https://app-sj22.marketo.com https://dyv6f9ner1ir9.cloudfront.net https://assets.adoberesources.net https://documentcloud.adobe.com https://kit.fontawesome.com/703ee20203.js https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://www.googletagmanager.com/ https://tag.demandbase.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://munchkin.marketo.net/ https://snap.licdn.com/ https://connect.facebook.net/ https://bat.bing.com/ https://cdn.mouseflow.com/ https://j.6sc.co/ https://js.storylane.io/ https://s.company-target.com/ https://static.addtoany.com/ https://pages.fiscalnote.com/ https://www.votervoice.net/ https://unpkg.com/ https://vjs.zencdn.net/ https://ajax.googleapis.com/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsforms.net/; style-src 'self' https://fonts.googleapis.com 'unsafe-hashes' 'unsafe-inline' https://hello.myfonts.net https://app-sj22.marketo.com https://*.typekit.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com/ https://pages.fiscalnote.com/ https://unpkg.com/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/; img-src 'self' data: https://fiscalnote-marketing.s3.amazonaws.com https://app-sj22.marketo.com https://assets.adoberesources.net https://lh3.googleusercontent.com https://raw.githubusercontent.com/ https://image.freepik.com/ https://px.ads.linkedin.com/ https://api.company-target.com/ https://id.rlcdn.com/464526.gif https://www.facebook.com/ https://b.6sc.co/v1/beacon/ https://www.google.com/ https://bat.bing.com/ https://t.co/ https://www.google-analytics.com/ https://segments.company-target.com/ https://cdn.filestackcontent.com/ https://cdn.coverr.co/ https://info.votervoice.net/ https://www.linkedin.com https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://pages.fiscalnote.com/ https://vjs.zencdn.net/ https://cdn.pixabay.com/ https://images.unsplash.com/ https://i.postimg.cc/63XvymsK/ https://forms.hsforms.com/ https://track.hubspot.com/; connect-src 'self' https://cdn.cookielaw.org *.adobe.io wss://*.adobe.io https://ka-f.fontawesome.com https://www.google.com/ https://analytics.google.com/ https://api.company-target.com/ https://tag-logger.demandbase.com/ https://www.google-analytics.com/ https://c.6sc.co/ https://109-ill-989.mktoresp.com/ https://px.ads.linkedin.com/ https://ipv6.6sc.co/ https://geolocation.onetrust.com/ https://stats.g.doubleclick.net https://cdn.plyr.io/ https://vjs.zencdn.net/ https://forms.hscollectedforms.net/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/; font-src data: 'self' https://fonts.gstatic.com https://*.typekit.net https://ka-f.fontawesome.com/; media-src https://fiscalnote-marketing.s3.amazonaws.com https://cdn.coverr.co/ https://fiscalnote2.ddev.site/path/to/captions.vtt https://stream.mux.com/ https://vjs.zencdn.net/ https://fiscalnote-marketing.s3.us-east-2.amazonaws.com/ https://info.votervoice.net/; frame-src https://fiscalnote.outgrow.us https://www.youtube.com https://app-sj22.marketo.com https://documentcloud.adobe.com https://www.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://s.company-target.com/ https://app.storylane.io/ https://fast.wistia.net/ https://pages.fiscalnote.com/ https://fiscalnote.chilipiper.com/ https://www.votervoice.net/ https://datawrapper.dwcdn.net/ https://fiscalnote-marketing.s3.amazonaws.com/; form-action 'self'; base-uri 'self'; manifest-src 'self'; 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://*.wistia.net https://*.wistia.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://f.vimeocdn.com https://fast.wistia.com https://forms.hsforms.com https://googletagmanager.com https://js.hubspot.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://player.vimeo.com https://static.hsappstatic.net https://src.litix.io https://secure.gravatar.com https://tagmanager.google.com https://www.vimeo.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https://*.cloudwaysapps.com https://cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fast.wistia.com secure.gravatar.com tagmanager.google.com www.googletagmanager.com;object-src embedwistia-a.akamaihd.net;child-src 'self' blob: https://*.doubleclick.net https://*.vimeo.com https://app.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsadspixel.net https://vimeo.com https://www.googletagmanager.com; form-action 'self' forms.hubspot.com forms.hsforms.com; worker-src 'self' blob:; 2 font-src 'self' amp.azure.net app-tu.wigeogis.com app.wigeogis.com data: 2 default-src 'self' https://*.learningcaregroup.com https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://pixel.sitescout.com https://cdn.linkedin.oribi.io https://www.googletagmanager.com resonate.com https://ds.reson8.com/v1/p https://ds.reson8.com/v1/i https://ds.reson8.com/v1/t https://cdn.segment.com/analytics.js/v1/ https://cdn.resonate.com https://tags.srv.stackadapt.com/events.js https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.learningcaregroup.com https://media.winnie.com https://cdn.segment.com/ *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.licdn.com https://*.resonate.com https://ds.reson8.com/v1/p https://tags.srv.stackadapt.com/events.js ;style-src 'self' 'unsafe-inline' https://*.learningcaregroup.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self' http://* https://* data: ; 2 frame-ancestors 'self' *.icewarp.com 2 frame-ancestors 'self' landmarkglobal.be; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unless.com https://*.unless.com https://beamanalytics.b-cdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://unless.com https://*.unless.com https://fonts.googleapis.com; connect-src 'self' https://unless.com https://*.unless.com wss://*.unless.com https://*.beamanalytics.io https://*.algolianet.com https://*.algolia.net; font-src 'self' https://unless.com https://*.unless.com https://fonts.gstatic.com; frame-src 'self' https://unless.com https://*.unless.com https://calendar.google.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://unless.com https://*.unless.com https://images.ctfassets.net https://i.ytimg.com; object-src 'none'; base-uri 'none'; 2 frame-ancestors erx.io trade.erx.io 2 base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com code.gist.build;font-src 'self' data:;img-src 'self' data: blob: https: track-eu.customer.io;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://*.bing.net https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://applepay.cdn-apple.com cdp-eu.customer.io assets.customer.io 'nonce-f+fHWpT64thwxY2eGD+3WQ==' 'nonce-lv8+EGcd/U+w8QRwHU8ptg==' 'nonce-dS/9tqdPvJM59XGP9KuNIQ==' 'nonce-KVMDA067YWSbEyECkqQW5g==' 'nonce-Mncl0olFUvMVuPKy2CaQNw==';child-src 'self' data: https:;frame-src 'self' data: https: renderer.gist.build code.gist.build;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.bing.com https://*.bing.net https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://*.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://applepay.cdn-apple.com cdp-eu.customer.io assets.customer.io https://*.google-analytics.com https://*.doubleclick.net https://frstre.com https://*.linkedin.oribi.io cdp-eu.customer.io engine-consumer-api.cloud.gist.build track-eu.customer.io analytics.customer.io gist-queue-consumer-api.cloud.gist.build; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://siteimproveanalytics.com https://kit.fontawesome.com https://analytics.rubensteintech.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://*.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://app.wistia.com https://googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://cloud.typenetwork.com https://fonts.googleapis.com https://tagmanager.google.com https://*.crazyegg.com ; font-src 'self' data: https://*.wistia.com https://ka-f.fontawesome.com https://cloud.typenetwork.com https://fonts.gstatic.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://embed-ssl.wistia.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://*.crazyegg.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com https://imgsct.cookiebot.com https://www.google.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://cdn.plyr.io https://ka-f.fontawesome.com https://*.crazyegg.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://embed-cloudfront.wistia.com https://*.googlesyndication.com https://www.google.com ; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://fast.wistia.net https://*.crazyegg.com https://services.bclplaw.marketing/infographics/ https://www.googletagmanager.com https://td.doubleclick.net/ ; child-src 'self' blob: ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net ; 2 script-src 'unsafe-inline' 'unsafe-eval' https://universalclass.com https://*.universalclass.com https://*.4uc.org https://4uc.org https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com; object-src 'none';frame-ancestors 'self' 2 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.widget.cloud.opta.net omo.akamai.opta.net code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.youtube.com s.ytimg.com platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net munchkin.marketo.net connect.facebook.net sync.ecal.com l.getsitecontrol.com s2.getsitecontrol.com cdn.funnelytics.io pagead2.googlesyndication.com analytics.tiktok.com static.ads-twitter.com www.instagram.com www.redditstatic.com tradablebits.com;connect-src 'self' adservice.google.com www.google.com *.doubleclick.net www.google-analytics.com analytics.google.com ipinfo.io *.mktoresp.com ws://localhost:12387/ l.getsitecontrol.com analytics.tiktok.com track-v2.funnelytics.io events.getsitectrl.com analytics-ipv6.tiktokw.us pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com conversions-config.reddit.com; img-src 'self' data: secure.widget.cloud.opta.net *.ytimg.com img.youtube.com syndication.twitter.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.co.nz www.facebook.com t.co analytics.twitter.com m2.getsitecontrol.com alb.reddit.com;style-src 'self' 'unsafe-inline' secure.widget.cloud.opta.net tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com pro.fontawesome.com sync.ecal.com cdn.jsdelivr.net;manifest-src 'self'; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com pro.fontawesome.com fonts.gstatic.com; frame-ancestors 'self';frame-src 'self' https://nzr-qa.livelikeapp.com https://nzr.livelikeapp.com/ platform.twitter.com www.youtube.com www.youtube-nocookie.com *.doubleclick.net stats.g.doubleclick.net www.google.com www.googletagmanager.com bid.g.doubleclick.net sync.ecal.com www.instagram.com; upgrade-insecure-requests; 2 default-src 'self' https://www.citybankplc.com/ https://docs.google.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/ https://analytics.google.com/; script-src 'self' https://www.citybankplc.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://lankabd.com/ https://www.citytouch.com.bd/ https://ibank.thecitybank.com/ https://docs.google.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/ https://cityalo.com/; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://app.optimizely.com; 2 default-src https://cdn.qapitalapp.net 'self'; style-src https://cdn.qapitalapp.net 'self' 'unsafe-inline'; script-src https://cdn.qapitalapp.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net 'self' 'unsafe-inline'; object-src 'none'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://www.facebook.com 'self'; connect-src https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://stats.g.doubleclick.net https://analytics.tiktok.com 'self'; frame-ancestors 'none' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net; img-src 'self' https://www.guysandstthomas.nhs.uk data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.gstatic.com *.ytimg.com *.shorthandstories.com *.visualwebsiteoptimizer.com *.baidu.com *.hotjar.com *.trac.jobs ; connect-src 'self' *.hotjar.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.g.doubleclick.net *.visualwebsiteoptimizer.com *.shorthand.com *.webspellchecker.net wss://*.hotjar.com *.cloudflare.com *.hotjar.com *.trac.jobs wss://ws.hotjar.com *.launchdarkly.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://www.clarity.ms https://tracking.g2crowd.com https://cdn.getkoala.com https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai static.cdn.prismic.io prismic.io js.qualified.com https://js.zoominfo.com https://ws.zoominfo.com; style-src * 'unsafe-inline'; img-src * data: blob: https://www.clarity.ms https://api.getkoala.com images.unsplash.com images.prismic.io responsiveio.cdn.prismic.io https://ws.zoominfo.com; font-src * data:; connect-src * https://www.clarity.ms https://tracking.g2crowd.com https://api.getkoala.com https://olivia.paradox.ai js.qualified.com app.qualified.com wss://ws.qualified.com https://ws.zoominfo.com; frame-src * responsiveio.prismic.io; object-src 'none'; form-action *; base-uri 'self'; frame-ancestors 'self' https://slice-simulator.prismic.io https://responsiveio.prismic.io https://app.rfpio.com; upgrade-insecure-requests ; media-src cdn.plyr.io responsiveio.cdn.prismic.io app.qualified.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wize.bot https://*.wizebot.tv https://cdn.cookie-script.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; 2 connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud pagead2.googlesyndication.com; default-src 'self' static.dnsbelgium.be; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net e.infogram.com youtu.be https://www.googletagmanager.com/; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com *.ads.linkedin.com imgsct.cookiebot.com; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; object-src 'self'; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be pagead2.googlesyndication.com 'sha256-7b0CKEQkvadz7B/pYgEMs74upd57DoxBlXRIWY8pdRg=' 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; worker-src 'self' 2 default-src 'none'; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://bitrix.info/bx_stat https://stats.g.doubleclick.net; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com https://fonts.bitrix24.ru; frame-ancestors 'self' https://www.lumien.ru; frame-src 'self' blob: https://*.auvix.ru https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://cp.unisender.com https://vk.com https://rutube.ru; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.1c-bitrix.ru https://cdn.bitrix24.site; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://www.googletagmanager.com https://www.youtube.com https://*.1c-bitrix.ru https://cdn.bitrix24.ru https://cdn-ru.bitrix24.ru https://bitrix.info/ba.js https://connect.facebook.net https://cp.unisender.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com https://fonts.bitrix24.ru https://*.1c-bitrix.ru; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; 2 frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2 default-src https: 'unsafe-inline'; object-src 'none'; media-src https: data: blob:; font-src https: data:; img-src https: data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 2 script-src 'nonce-Q6X4V0Xt8EJOpCQIdMjg7Q==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2 default-src 'self' *.albridge.com:* *.bnymellon.net *.cirstatements.com *.mainaccount.com *.woveplatform.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.cirstatements.com *.mainaccount.com *.woveplatform.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.cirstatements.com *.mainaccount.com *.woveplatform.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.cirstatements.com *.mainaccount.com *.woveplatform.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.cirstatements.com *.mainaccount.com *.woveplatform.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com; 2 frame-ancestors 'self' https://411.windcreekcasinodev.com https://411.windcreekcasino.com https://411.windcreekcasinostage.com; 2 default-src 'self' 'unsafe-inline' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' 'unsafe-inline' data: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.google-analytics.com https://www.googletagmanager.com https://kronika.gov.pl;connect-src 'self' ws: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://moje.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://sandbox.zpe.gov.pl https://sr-production.contentplus.io https://*.google-analytics.com;media-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;worker-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;frame-src * data:;frame-ancestors 'self' https://logowanie.zpe.gov.pl 2 script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://edge.marker.io https://js.hscta.net https://tours.silverfin.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hubspot.com https://cdnjs.cloudflare.com https://apis.google.com https://js.hsforms.net https://js-na1.hs-scripts.com https://fast.wistia.net https://fast.wistia.com https://assets.calendly.com https://www.google.com/recaptcha/enterprise.js https://static.ads-twitter.com https://www.clarity.ms https://snap.licdn.com https://googleads.g.doubleclick.net https://www.gstatic.com https://tours.silverfin.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; object-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com https://kit.fontawesome.com 2 default-src 'none'; manifest-src 'self'; script-src 'self' https://*.opportunity.de; style-src 'self' 'unsafe-inline' 'unsafe-inline'; img-src 'self' https://*.openstreetmap.org https://*.opportunity.de data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; frame-src 'self' https://*.opportunity.de; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-violation.php; 2 frame-ancestors https://docs.singlestore.com https://staging.docs.singlestore.com https://*.contentstack.com; 2 default-src * 'self' https://pic.yeshiva.org.il *.yeshiva.org.il *.yeshiva.co https://securepubads.g.doubleclick.net *.safeframe.googlesyndication.com *.googlesyndication.com https://www.googletagmanager.com https://cdn.rtlcss.com https://www.gstatic.com https://accessibility.f-static.com https://adservice.google.co.il https://fonts.gstatic.com *.gstatic.com https://yeshiv.activetrail.biz *.youtube.com https://closeapp.co.il *.googleapis.com *.google.com https://www.charidy.com *.facebook.com https://www.youtube-nocookie.com https://youtu.be https://trailer.web-view.net *.hotjar.com *.crwdcntrl.net *.doubleclick.net *.sekindo.com https://console.googletagservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://browser-update.org https://ssl.google-analytics.com *.google-analytics.com https://www.google.co.il *.google.co.il https://cdnjs.cloudflare.com https://www.googletagservices.com *.cloudflare.com https://angular-ui.github.io https://maxcdn.bootstrapcdn.com https://csp.withgoogle.com data: blob: https://static.cloudflareinsights.com https://partner.googleadservices.com https://syndicatedsearch.goog *.adtrafficquality.google https://3001.scriptcdn.net 'unsafe-inline'; font-src *; style-src * 'unsafe-inline'; frame-ancestors *; 2 default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com translations.signapsesolutions.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' translations.signapsesolutions.com js.monitor.azure.com disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' wsstatic.servmetric.com cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' i0lne9atrk.execute-api.eu-west-2.amazonaws.com o4506903028891648.ingest.us.sentry.io uksouth-1.in.applicationinsights.azure.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' green-hill-00bcb1d03.4.azurestaticapps.net podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: prod-sign-backend-signapisinterpretationwebtransl-1qw8ws199jmxo.s3.eu-west-2.amazonaws.com; worker-src 'none'; 2 default-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com; block-all-mixed-content; connect-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com *.g.doubleclick.net www.facebook.com www.google-analytics.com *.analytics.google.com region1.analytics.google.com www.googletagmanager.com sc.lfeeder.com *.google.com *.googleadservices.com *.doubleclick.net www.google.fr plausible.io webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com www.datocms-assets.com *.rollbar.com; font-src 'self' data: cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; frame-ancestors 'none'; frame-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com td.doubleclick.net; img-src 'self' https: data: cdn.scalingo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com www.googletagmanager.com cdn.mxpnl.com connect.facebook.net www.google-analytics.com apis.google.com plausible.io sc.lfeeder.com webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com *.rollbar.com; style-src 'self' 'unsafe-inline' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; upgrade-insecure-requests 2 frame-ancestors 'self' https://www.anyvan.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; worker-src 'self' blob: ; 2 default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://*.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://techem-empfehlen.de https://www.techem-empfehlen.de https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de https://*.etracker.com https://*.etracker.de https://static.xingcdn.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.bunny.net https://cdn.jsdelivr.net data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src 'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.techem.com *.youtube.com *.yextpages.net *.marketo.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://techem-experts.rogsurvey.de blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://*.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt https://*.etracker.de https://techem-empfehlen.de https://www.techem-empfehlen.de; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com https://*.etracker.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 2 default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com https://*.tigo.com.ni; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.smooch.io https://analytics.tiktok.com https://tigo.us18.list-manage.com https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-7Fp7MEYPiWwFlFSMtMrgFGtyV65kiMzqzrPzl5b9JcE=' 'sha256-1eitAMOMBEWQWrEo2CI2KMY9gYgxOeJjntcD0Puyirw=' 'sha256-kw7rMCesUws2kQMU9IXUxO6kflQ3bRrMMDWqFbNNfHs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-mjWayJ8bIILZRwmU4qhz1tO/F4oF7grwSWF0Gi1bRZ0=' 'sha256-i5/84Qt3GRPZSmbISt7FQ2OJ8SAFhcuq8afScN4sDls='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://*.google-analytics.com https://*.tigocloud.net https://www.tigo.com.gt https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://*.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://*.tigo.com.ni https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.public.emerios.com; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;, script-src * 'unsafe-inline' 'unsafe-eval' blob:, style-src * 'unsafe-inline', img-src * data: blob:, media-src *, font-src * data: 2 default-src 'unsafe-inline' https: https://www.jung-group.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.jung-group.com; object-src 'unsafe-inline' https://*.mollie.com; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; frame-src https://www.jung-group.com https://*.jung.de https://*.jung-group.cn https://*.jung-group.com https://scnem3.com https://*.mollie.com blob: https://*.arviewer.jung.de https://*.cms-assets.jung.de https://*.cms.jung.de https://*.downloads.jung.de https://*.jung.app https://*.jung.de https://*.jung.ee https://*.jung.es https://*.jung.lt https://*.jung-russia.ru https://*.jung.ua https://*.m.jung.de https://*.musterkoffer.jung.de https://*.qr.jung.de https://*.service.jung.de https://*.smarthome.jung.de https://*.software.jung.de https://*.jung.be https://*.jungcontrols.com https://*.mein-elektroinstallateur.de https://*.youtube.com https://www.youtube-nocookie.com https://player.podigee-cdn.net https://scnem3.com https://*.pay1.de https://*.paypal.com https://*.paypalobjects.com https://*.archlabtransfer.de https://*.partcommunity.com https://*.jung-group.cn https://planung.fs-conf3-jung-qm.p14.de https://planung.konfigurator.jung.de https://planung.jung.de https://planung.jung-group.com https://*.mypurecloud.de https://*.nr-data.net https://shyrka-prod-euc1.s3.eu-central-1.amazonaws.com https://*.newrelic.com https://jung.canto.de https://d30qymu4o00meq.cloudfront.net https://*.cloudfront.net https://canto.us1app.churnzero.net https://embeds.beehiiv.com https://*.euc1.pure.cloud wss://*.mypurecloud.de wss://*.euc1.pure.cloud https://digital.jung-group.com https://digital.jung-group.com/de/knx-configurator https://digital.jung-group.com/de/home-configurator https://digital.jung-group.com/de/switch-configurator https://jung-configurator.canvaslogic.tech https://www.googletagmanager.com https://productimages.jung-group.com https://default-german-bucket-staging.s3-accelerate.amazonaws.com https://default-german-bucket-staging-public.s3-accelerate.amazonaws.com https://default-german-bucket.s3.eu-central-1.amazonaws.com https://oauth.canto.de https://jung.sw.localhost; frame-ancestors 'self' https://www.jung-group.com https://jung.canto.de 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.civiccomputing.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com https://dl.episerver.net https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googleadservices.com https://www.recaptcha.net https://hello.myfonts.net https://widget.surveymonkey.com https://www.surveymonkey.com https://prod.smassets.net; 2 frame-ancestors 'self' https://*.achareh.co https://mci.ir https://*.mci.ir https://top.ir https://*.top.ir https://hanapp.ir https://*.hanapp.ir https://mobicar.co https://*.mobicar.co; 2 default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://svanalytics.containers.piwik.pro/2479d5f4-1a62-42bf-91c4-e6075dc3f52b.js https://static.rekai.se/a06ec3db.js https://static.rekai.se/files/sv-autocomplete.min.js https://f1-eu.readspeaker.com/script https://webux.azurewebsites.net/modules/RSA145135/popUp.js; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://youtube.com/ https://creators.spotify.com/ https://podcasters.spotify.com/ https://www.podbean.com/ https://api.screen9.com https://micc.gotland.se/ https://geo.gotland.se/ https://app2.gotland.se/ https://app-eu.readspeaker.com/ https://svanalytics.piwik.pro/ https://i17.inviewer.se/ https://portalen.gotland.se/ https://portalen1.gotland.se/ https://www.svt.se/ https://mule03.gotland.se/ https://play.screen9.com https://avexport-app2.gotland.se/ https://map.naturkartan.se/ https://play.google.com https://vimeo.com/ https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://f1-eu.readspeaker.com/script/12089/webReader/r/ https://micc.gotland.se/; connect-src 'self' https://maps.googleapis.com https://alme.inadra.se/login https://rekai.se https://predict.rekai.se/ https://view.rekai.se/view https://svanalytics.containers.piwik.pro/2479d5f4-1a62-42bf-91c4-e6075dc3f52b/privacy-widgets.json https://vimeo.com/api/ https://svanalytics.piwik.pro/ https://view.rekai.se/view/event https://micc.gotland.se/ https://app-eu.readspeaker.com/ https://f1-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://wrapi-eu.readspeaker.com https://media-eu.readspeaker.com/ https://youtube.com/ https://reseplanerare.resrobot.se https://play.screen9.com/ https://mule03.gotland.se https://play.google.com; style-src-elem 'unsafe-inline' 'self' https://f1-eu.readspeaker.com/script/12089/webReader/r/ https://micc.gotland.se/ https://svanalytics.containers.piwik.pro/ https://reseplanerare.resrobot.se; font-src 'self' data: https://micc.gotland.se/ https://reseplanerare.resrobot.se; media-src 'self' https://play.boxcast.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com data: https://cdn-eu.readspeaker.com/graphic/default/buttons/icon_16px.gif https://f1-eu.readspeaker.com/script/12089/webReader/r/r2655/img/ https://i.vimeocdn.com/ http://www.w3.org https://gotland.se https://reseplanerare.resrobot.se https://www.svtstatic.se; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' https://maps.googleapis.com https://svanalytics.containers.piwik.pro/2479d5f4-1a62-42bf-91c4-e6075dc3f52b.js https://static.rekai.se/a06ec3db.js https://static.rekai.se/files/sv-autocomplete.min.js https://f1-eu.readspeaker.com/script/ https://svanalytics.containers.piwik.pro/ https://micc.gotland.se/ https://reseplanerare.resrobot.se https://map-embed.naturkartan.se/embed.js https://player.vimeo.com 2 script-src 'unsafe-inline' 'self' 'unsafe-eval' analytics.tiktok.com https://fonts.googleapis.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://assets.adobedtm.com https://bat.bing.com https://www.googleadservices.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://a.quora.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://px.ads.linkedin.com https://tagmanager.google.com https://static.hotjar.com https://www.google-analytics.com https://analytics.twitter.com https://script.hotjar.com https://sc-static.net https://www.linkedin.com https://platform.twitter.com https://secure-ds.serving-sys.com https://optimize.google.com https://cdn.segment.com https://tags.srv.stackadapt.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-banner.com https://boards.greenhouse.io https://boards-cdn.greenhouse.io https://s3-cdn.greenhouse.io https://boards-api.greenhouse.io https://tag.simpli.fi https://i.simpli.fi https://munchkin.marketo.net https://go.yourbind.com https://cdn.wisepops.com https://*.marketo.com https://www.yourbind.com https://staging-yourbind.netlify.app https://www.surest.com https://staging-surest.netlify.app https://acdn.adnxs.com https://*.on24.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*.typekit.net *.adobe.io wss://*.adobe.io https://assets.adoberesources.net https://lh3.googleusercontent.com https://documentcloud.adobe.com js.zi-scripts.com tags.clickagy.com *.pixel.ad *.basis.net *.sitescout.com https://www.hlx.live https://rum.hlx.page/ https://www.aem.live https://rum.aem.page/ https://britehr.app https://www.facebook.com https://s.pinimg.com/ct/core.js https://ct.pinterest.com https://s.pinimg.com/ct/lib/main.cb6ceab7.js https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/svg-pan-zoom@3.6.2/dist/svg-pan-zoom.min.js; frame-ancestors 'self' http://localhost:8000 https://surest-calculator-embed.vercel.app https://www.figma.com https://britehr.app; 2 frame-ancestors https://app.zoominfo.com 2 default-src 'self'; connect-src 'self' *.google-analytics.com *.googlesyndication.com api.leadinfo.com *.leadinfo.net *.lndrflp.net *.hubspot.com *.hsforms.com *.hscollectedforms.net *.oribi.io *.usercentrics.eu *.nelioabtesting.com *.google.com *.google.de *.facebook.com *.lfeeder.com *.doubleclick.net *.linkedin.com *.ads.linkedin.com yoast.com *.mouseflow.com salesviewer.org salesviewer.com *.salesviewer.com *.salesviewer.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mouseflow.com *.leadinfo.net cdn.leadinfo.net *.mouseflow.com *.googletagmanager.com *.google-analytics.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hubspot.com *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.licdn.com *.usercentrics.eu *.doubleclick.net *.lfeeder.com *.facebook.net *.licdn.net *.lndrflp.net cdn.lndrflp.net salesviewer.org salesviewer.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.novomind.com *.hubspot.com *.hsappstatic.net; img-src 'self' data: *.novomind.com *.lfeeder.com tr-rc.lfeeder.com *.salesviewer.org salesviewer.org *.salesviewer.com salesviewer.com *.google-analytics.com *.hubspot.com *.hsforms.com *.forms-na1.hsforms.com *.perf-na1.hsforms.com *.usercentrics.eu *.service.usercentrics.eu *.google.com *.google.de *.googleadservices.com *.ads.linkedin.com *.doubleclick.net *.mouseflow.com; font-src 'self' data: *.mouseflow.com; frame-src 'self' *.googletagmanager.com *.novomind.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hsappstatic.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.mouseflow.com; child-src *.mouseflow.com; 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' http://localhost:3000 http://127.0.0.1 https://*.komatsu.com https://www.komatsu.com; 2 script-src 'unsafe-inline' data: blob: http: https: https://www.homeagain.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.homeagain.com/; worker-src 'self' data: blob: http: https: https://www.homeagain.com/; img-src data: blob: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self' data: blob: http: https: https://www.homeagain.com/; font-src 'self' data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.zuora.com *.google.com *.googletagmanager.com cloud.emailca.merck-animal-health-usa.com cloud.email3.homeagain.com cl.s11.exct.net webto.salesforce.com csxd.contentsquare.net; 2 default-src 'self' https: https://*.wistia.com https://*.wistia.net; font-src 'self' https: data: https://*.wistia.com; img-src 'self' http: https: data: blob: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' blob: https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/; style-src 'self' http: https: 'unsafe-inline' blob: https://fast.wistia.com; connect-src 'self' http: https: blob: ws: wss: https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net; worker-src 'self' https: blob:; media-src 'self' https: blob: https://*.wistia.com https://*.wistia.net; child-src 'self' blob:; frame-src 'self' https: blob: https://fast.wistia.com https://fast.wistia.net 2 child-src 'self' https://*.hotjar.com https://www.rightworks.com; connect-src 'self' 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 https://*.6sc.co https://*.cvent.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.mktoresp.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mypurecloud.com https://*.outbrain.com https://*.parsely.com https://*.qualified.com https://*.reddit.com https://*.redditstatic.com https://*.sitesearch360.com https://*.storylane.io https://*.typeform.com https://*.wistia.com https://*.youtube.com https://a.usbrowserspeed.com https://apps.mypurecloud.com https://cdn.linkedin.oribi.io https://ct.capterra.com https://designer-api.hu-manity.co https://grsm.io https://ipv6.6sc.co https://js.callrail.com https://maps.googleapis.com https://o132438.ingest.sentry.io https://partnerlinks.io https://scout.salesloft.com https://secure.adnxs.com https://tagmanager.google.com https://transactional-api.hu-manity.co https://www.googletagmanager.com https://www.rightworks.com wss://*.hotjar.com wss://*.qualified.com wss://ws.hotjar.com; default-src 'self' https://rightworks.com https://www.rightworks.com; font-src 'self' data: https://*.gstatic.com https://*.sfdcstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; frame-ancestors 'self' https://*.smartvault.com https://app.mutinyhq.com https://www.rightworks.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.rightnetworks.com https://*.sitescout.com https://*.smartvault.com https://*.storylane.io https://*.typeform.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://app.mutinyhq.com https://app.qualified.com https://apps.mypurecloud.com https://calendly.com https://ct.capterra.com https://d1l7z5ofrj6ab8.cloudfront.net https://js.driftt.com https://mypurecloud.com https://open.spotify.com https://s-static.ak.facebook.com https://service.force.com https://tagmanager.google.com https://widget.drift.com https://widgets.wp.com https://www.g2.com https://www.rightworks.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.images.cvent.com https://*.instagram.com https://*.linkedin.com https://*.mutinycdn.com https://*.outbrain.com https://*.parsely.com https://*.sitesearch360.com https://*.vimeocdn.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://alb.reddit.com https://analytics.twitter.com https://attr.ml-api.io https://b.6sc.co https://bat.bing.com https://c.clarity.ms https://ct.capterra.com https://googleads.g.doubleclick.net https://img.youtube.com https://info.rightnetworks.com https://info.rightworks.com https://maps.googleapis.com https://pixel.wp.com https://s.ml-attr.com https://s.w.org https://secure.adnxs.com https://storage.pardot.com https://storylane-prod-uploads.s3.us-east-2.amazonaws.com https://t.co https://tr.outbrain.com https://www.googletagmanager.com https://www.rightworks.com; media-src 'self' blob: data: file: https://*.wistia.com/ https://js.driftt.com https://www.rightworks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adroll.com https://*.ads-twitter.com https://*.calendly.com https://*.doubleclick.net https://*.drift.com https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.mountain.com https://*.mutinycdn.com https://*.outbrain.com https://*.pardot.com https://*.parsely.com https://*.partnerstack.com https://*.qualified.com https://*.redditstatic.com https://*.rightnetworks.com https://*.rightworks.com https://*.salesforceliveagent.com https://*.storylane.io https://*.transactionpro.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.wistia.com https://*.wp.com https://a.usbrowserspeed.com https://amplify.outbrain.com/cp/obtp.js https://apps.mypurecloud.com https://apps.mypurecloud.com/genesys-bootstrap/genesys.min.js https://bat.bing.com https://cdn.callrail.com https://cdn.hu-manity.co https://cdn.sitesearch360.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://ct.capterra.com https://d1l7z5ofrj6ab8.cloudfront.net https://extend.vimeocdn.com https://j.6sc.co https://js.callrail.com https://js.driftt.com https://lex.33across.com https://mypurecloud.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://service.force.com https://snap.licdn.com https://snippet.growsumo.com https://tagmanager.google.com https://tr.outbrain.com https://transactionpro.us20.list-manage.com https://widget.drift.com https://wistia.com https://www.clarity.ms https://www.googleadservices.com https://www.googletagmanager.com https://www.rightworks.com https://www.youtube.com wss://*.qualified.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://*.typeform.com https://*.wp.com https://cdnjs.cloudflare.com https://code.jquery.com https://service.force.com https://tagmanager.google.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; worker-src 'self' blob: data: file: filesystem: https://www.rightworks.com unsafe-eval unsafe-inline 2 frame-ancestors 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com http://maps.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.plyr.io https://www.youtube.com https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://snap.licdn.com https://*.hotjar.com; object-src *; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.typekit.net https://*.bootstrapcdn.com https://cdn.plyr.io https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com; media-src * blob:; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://maps.google.com https://vimeo.com https://*.azureedge.net https://*.dynamics.com https://forms.microsoft.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net https://*.googleapis.com; connect-src 'self' data: https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://api.openai.com https://api.getimg.ai https://cdn.plyr.io https://noembed.com https://*.pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://*.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com wss://ws.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://pagead2.googlesyndication.com; worker-src blob:; 2 child-src 'self' https://*.ringcentral.com https://apps.rokt.com https://sgtm.espaskincare.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://ams.creativecdn.com https://*.ringcentral.com https://tags.creativecdn.com/ https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://ams.creativecdn.com https://analytics.tiktok.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com https://sgtm.espaskincare.com https://*.ringcentral.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.ringcentral.com; form-action 'self' https://www.facebook.com https://www.espaskincare.com https://checkout.espaskincare.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: https://*.ringcentral.com; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://analytics.tiktok.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com https://tags.creativecdn.com https://*.ringcentral.com https://sgtm.espaskincare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io https://*.ringcentral.com; upgrade-insecure-requests; report-to csp-endpoint 2 default-src 'none'; font-src https: data:; img-src https:; script-src-elem https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https:; frame-src https:; script-src https:; 2 default-src 'self'; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src * blob: data:; connect-src * 2 frame-ancestors 'self' https://student-stg.elsanow.co https://student.elsaspeak.com 2 frame-ancestors 'self' https://manage.hcinnovationgroup.com https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2 frame-ancestors 'self' https://*.brightsites.co.uk; 2 img-src 'self' *.commercecloud.salesforce.com *.bathandbodyworks.com *.bathandbodyworks.ca data: *.yottaa.net bat.bing.com *.google.com *.tealiumiq.com *.smaato.net *.pubmatic.com *.rubiconproject.com *.doubleclick.net *.casalemedia.com *.3lift.com *.ads.audio.thisisdax.com *.analytics.yahoo.com *.bazaarvoice.com *.brightcove.com *.brightcovecdn.com *.brsrvr.com *.cookielaw.org *.curalate.com *.dotomi.com *.googleapis.com *.gstatic.com *.mountain.com *.omtrdc.net *.onetrust.com *.openx.net *.paypalobjects.com *.pinterest.com *.zineone.com ads.stickyadstv.com agentcore.s3.amazonaws.com aivo-assets.s3.amazonaws.com ap.lijit.com assets-qelplatam.s3.amazonaws.com bathandbodyworkscc.zendesk.com bh.contextweb.com cdn.cookielaw.org cdn.jsdelivr.net cm.everesttech.net contextual.media.net crb.kargo.com cs.openwebmp.com dpm.demdex.net exchange-match.mediaplex.com https://www.googletagmanager.com/td ib.adnxs.com idsync.live.streamtheworld.com idsync.rlcdn.com match.adsrvr.org match.sharethrough.com mountain.com omtrdc.net partners.tremorhub.com pinterest.com ps.eyeota.net sync.1rx.io sync.bfmio.com sync.ipredictive.com sync.mathtag.com sync.targeting.unrulymedia.com tags.bluekai.com us.ck-ie.com v2assets.zopim.io https://sync.inmobi.com https://sync.crwdcntrl.net https://f.monetate.net https://csync.loopme.me https://pixel.adsafeprotected.com *.207.net *.rlcdn.com *.smartadserver.com;script-src 'self' 'unsafe-inline' blob: storage.googleapis.com localhost:3000 code.jquery.com tags.tiqcdn.com *.yottaa.net *.attn.tv bbwi-us.attn.tv events.attentivemobile.com www.googletagmanager.com *.doubleclick.net cdn.quantummetric.com *.bathandbodyworks.com *.bathandbodyworks.ca bat.bing.com sc-static.net *.agentbot.net *.attentivemobile.com *.bazaarvoice.com *.brcdn.com *.brightcove.net *.brightcovecdn.com *.byspotify.com *.cdn-apple.com *.cookielaw.org *.curalate.com *.dotomi.com *.googleapis.com *.gstatic.com *.kampyle.com *.monetate.net *.mpsnare.iesnare.com *.onetrust.com *.ordergroove.com *.paypal.com *.pepperjam.com *.pinterest.com *.privacymanager.io *.smaato.net *.tealiumiq.com *.zineone.com *.snapchat.com 7316103.collect.igodigital.com api.tnapplications.com assets.adobedtm.com bathbodyworks-pixel.netlify.app cdn.cookielaw.org cnstrc.com dev.zopim.com engine-global.monetate.net github.com https://*.px-cdn.net https://*.px-cloud.net https://*.yottaa.com https://*.yottaa.net https://s.pinimg.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.onelink-edge.com objects.githubusercontent.com privacyportal-cdn.onetrust.com rdf.radial.com static.zdassets.com tst-rdf.radial.com https://dx.mountain.com https://px.mountain.com https://www.googleadservices.com *.medallia.com https://google.com 'unsafe-eval' https://runtime.commercecloud.com;connect-src 'self' api.cquotient.com localhost:3000 dpm.demdex.net bbwi-us.attn.tv events.attentivemobile.com aa.bathandbodyworks.com *.tealiumiq.com *.bathandbodyworks.com *.bathandbodyworks.ca ingest.quantummetric.com *.restapi.ordergroove.com *.bazaarvoice.com *.googleapis.com *.gstatic.com *.cookielaw.org *.zineone.com *.onetrust.com *.aivo.co *.boltdns.net *.brightcove.com *.brightcovecdn.com *.cognigy.ai *.curalate.com *.mountain.com *.omtrdc.net *.ordergroove.com *.paypal.com *.pinterest.com *.salesforce.com *.zdassets.com *.snapchat.com *.doubleclick.net api.tnapplications.com bathandbodyworkscc.zendesk.com cdn.cookielaw.org crcldu.com endpoint-foundever.cognigy.cloud engine-global.monetate.net engine.monetate.net geo.privacymanager.io geolocation.onetrust.com https://*.px-cdn.net https://*.px-cloud.net https://*.yottaa.net https://www.google.com https://www.google.com/ccm https://www.google.com/ccm/collect https://www.onelink-edge.com mountain.com objects.githubusercontent.com omtrdc.net pinterest.com rdf.radial.com rl.quantummetric.com telemetry.partners.prod.minionplatform.com public.prod.minionplatform.com tst-rdf.radial.com wss://csb.zineone.com wss://endpoint-foundever.cognigy.cloud wss://widget-mediator.zopim.com zendesk-eu.my.sentry.io *.cnstrc.com/ https://pixels.spotify.com wss://cloud.zineone.com https://google.com https://restapi.ordergroove.com https://api.rlcdn.com https://runtime.commercecloud.com;frame-src *.aivo.co *.cookielaw.org *.curalate.com *.googleapis.com *.gstatic.com *.onetrust.com *.ordergroove.com *.paypal.com *.pcipal.cloud *.pcipalstaging.cloud *.pinterest.com *.zineone.com *.snapchat.com *.doubleclick.net bathandbody.demdex.net https://recaptcha.google.com/recaptcha/ https://td.doubleclick.net https://www.google.com/recaptcha/ https://www.googletagmanager.com ingest.quantummetric.com jqtmdiy716.execute-api.us-east-1.amazonaws.com telemetry.partners.prod.minionplatform.com public.prod.minionplatform.com wss://csb.zineone.com wss://endpoint-foundever.cognigy.cloud http://t.pepperjamnetwork.com;media-src *.boltdns.net *.brightcovecdn.com *.curalate.com agentcore.s3.amazonaws.com blob: data: static.zdassets.com;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self' https://runtime.commercecloud.com;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 2 img-src 'self' 'unsafe-inline' https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://www.google.com https://*.linkedin.com https://*.facebook.com https://*.youtube.com https://*.reddit.com https://*.twitter.com https://*.google-analytics.com https://www.google.ca https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://t.co https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.google.co.in https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.googleadservices.com https://*.cmhc-schl.gc.ca/ https://*.facebook.net https://*.msecnd.net https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://siteimproveanalytics.com/ https://*.redditstatic.com https://*.ads-twitter.com https://*.licdn.com https://*.hotjar.com/ https://*.googleapis.com https://*.cloudflare.com https://cdn.jsdelivr.net https://*.b2clogin.com https://www.googletagmanager.com/ https://*.linkedin.com/ https://*.twitter.com/ https://www.google.com https://ajax.googleapis.com/ https://www.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://analytics-ca.clickdimensions.com https://*.cloudfront.net https://pixel.byspotify.com https://*.curator.io; style-src 'self' 'unsafe-inline' https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://*.typekit.net https://*.cloud.coveo.com/ https://*.googleapis.com https://*.jquery.com https://use.typekit.net https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.typekit.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://cdn.insight.sitefinity.com https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/ https://js.datadome.co/tags.js js.datadome.co https://karriere.soprasteria.de https://karriere.css.soprasteria.de https://karriere.css.soprasteria.de/post_message_receiver.js https://cdn.mouseflow.com https://survey.survicate.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.usercentrics.eu embed.vev.page https://js-eu1.hsforms.net/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/ https://js-eu1.hs-analytics.net/ https://js-eu1.hubspot.com/ *.ceros.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com *.mouseflow.com https://go.soprahr.com/ *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.google.com/recaptcha/enterprise.js https://www.youtube.com/ *.inzynk.io https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net/npm/ixbrl-viewer@1.4.54/iXBRLViewerPlugin/viewer/dist/ixbrlviewer.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com data: https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com *.mouseflow.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://i.ytimg.com/ https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://assets.survicate.com https://img.survicate.com https://images.unsplash.com *.usercentrics.eu https://www.buzzsprout.com https://forms-eu1.hsforms.com/ https://perf-eu1.hsforms.com/ https://track-eu1.hubspot.com/ js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.ads.linkedin.com i.vimeocdn.com https://www.soprasteria.nl https://www.soprasteria.lu *.mouseflow.com *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.soprasteria.be https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.fr https://www.google.com https://pagead2.googlesyndication.com; media-src 'self' data: blob: https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://www.youtube.com/ https://res.cloudinary.com https://smartcdn.dam.gettyimages.com/ https://cdn.soprasteria.com/; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://youtu.be/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://app.livestorm.co/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/ *.doubleclick.net https://it-economics.jobs.personio.de/ https://karriere.css.soprasteria.de https://soprasteria.jobs.personio.de/ https://view.ceros.com/ *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com *.hsforms.net *.hsforms.com https://forms-eu1.hsforms.com/ *.mouseflow.com https://go.soprahr.com/ *.eloqua.com *.en25.com *.oraclecloud.com eloqua.soprasteria.co.uk https://www.google.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com https://td.doubleclick.net; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ *.hsforms.com *.mouseflow.com; connect-src 'self' accounts.google.com. *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://stats.g.doubleclick.net/ https://www.linkedin.com/ *.linkedin.com https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.pa-cd.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io https://o2.mouseflow.com https://eu-api.friendlycaptcha.eu https://respondent.survicate.com https://survey.survicate.com *.usercentrics.eu https://forms-eu1.hsforms.com/ https://forms-eu1.hscollectedforms.net/ https://api-eu1.hubapi.com/ https://cta-eu1.hubspot.com/ *.hubapi.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.mouseflow.com https://www.google.com/ccm/collect https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com; 2 default-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ist.ac.at *.ista.ac.at https://www.google-analytics.com https://www.googletagmanager.com *.azureedge.net *.dynamics.com; style-src 'self' *.googleapis.com *.ist.ac.at *.ista.ac.at *.azureedge.net *.dynamics.com 'unsafe-inline'; img-src 'self' data: *.ist.ac.at *.ista.ac.at https://secure.gravatar.com *.azureedge.net *.dynamics.com; font-src 'self' fonts.gstatic.com *.ist.ac.at *.ista.ac.at data:; connect-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; media-src 'self' *.ist.ac.at *.ista.ac.at; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.ist.ac.at *.ista.ac.at; 2 default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'unsafe-inline' *; object-src 'self'; font-src 'self' data: *; connect-src *; img-src 'self' data: *; frame-src *; media-src *; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com unpkg.com *.newrelic.com *.nr-data.net nr-data.net js.stripe.com pay.google.com outrightinternational.bamboohr.com/js/embed.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js outrightinternational.us5.list-manage.com *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.google.com *.analytics.google.com *.paypalobjects.com *.licdn.com *.thegivingblock.com *.jsdelivr.net cdn-cookieyes.com cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com doublethedonation.com *.doublethedonation.com *.mailchimp.com *.jsdelivr.net cdnjs.cloudflare.com unpkg.com; img-src 'self' data: *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com ucarecdn.com www.gstatic.com resources.bamboohr.com www.google-analytics.com/* pay.google.com *.google.com *.paypal.com *.google-analytics.com *.paypalobjects.com *.linkedin.com cdn-cookieyes.com googletagmanager.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com tgbwidget.com *.tgbwidget.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com *; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com *.stripe.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com *.fundraiseup.com fndrsp.net *.fndrsp.net doublethedonation.com *.doublethedonation.com nr-data.net fndrsp-checkout.net outrightinternational.bamboohr.com bam.nr-data.net *.fundraiseup.com *.stripe.com *.paypal.com *.plaid.com *.mastercard.com *.checkout.visa.com api.addressy.com *.google.com *.analytics.google.com google.com/pay *.linkedin.com *.cookieyes.com cdn-cookieyes.com 2 default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2 script-src 'self' https: 'unsafe-inline' https:; connect-src 'self' wss: https:; img-src 'self' data: https://v2assets.zopim.io/ https://madaarab.zendesk.com/ https://mada.ps https://www.mada.ps https://mada9649.zendesk.com/ https://www.gravatar.com/ https://tile.openstreetmap.org; style-src 'self' https: 'unsafe-inline'; media-src 'self' https://static.zdassets.com https://www.googletagmanager.com; frame-src https://www.google.com; default-src 'self' 2 default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://res.cloudinary.com https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 2 style-src 'self' 'unsafe-inline' https: data: ; script-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: https: ; font-src 'self' https: data: ; media-src 'self' http: blob: ; connect-src 'self' wss: https: blob: ; object-src 'self' blob:; frame-src 'self' *.vimeo.com https: ; 2 frame-src https://8eac-103-170-54-70.ngrok-free.app https://20331188.hs-sites.com https://shopify.dev.kubric.io https://mm.beta.kubric.io https://app.getmodemagic.com https://getmodemagic.com https://www.youtube.com https://*.typeform.com/ https://calendly.com/ https://*.arcade.software/ https://*.storylane.io https://*.hsforms.com/ https://open.spotify.com/ https://giphy.com/ https://media.kubric.io/; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob:; font-src 'self' data: https:; connect-src * 'unsafe-inline' https:; default-src *; img-src * data: 'unsafe-inline'; 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com t.clicktale.net contentsquare.com *.contentsquare.net *.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net cdn.aglty.io *.winperu.pe *.googleapis.com *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com *.jquery.com datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com scotiabank.tt.omtrdc.net *.scotiabank.com snap.licdn.com px.ads.linkedin.com p.adsymptotic.com 52.18.162.157 52.17.161.123 activitymap.adobe.com www.tiktok.com/es ads.tiktok.com/i18n/login displayvideo.google.com analytics.tiktok.com bat.bing.com bing.com www.scotiabank.com.pe;worker-src blob:;img-src 'self' *.clicktale.net *.agilitycms.com *.azureedge.net cdn.aglty.io *.google.com.pe *.google.ca *.google.com *.adobedtm.com https://www.google-analytics.com *.facebook.com *.scotiabank.com *.winperu.pe *.googleapis.com datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com snap.licdn.com px.ads.linkedin.com p.adsymptotic.com 52.18.162.157 52.17.161.123 activitymap.adobe.com googleads.g.doubleclick.net *.contentsquare.net www.tiktok.com/es ads.tiktok.com/i18n/login displayvideo.google.com analytics.tiktok.com bat.bing.com bing.com ;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval' *.clicktale.net contentsquare.com *.contentsquare.net www.googletagmanager.com www.google-analytics.com 8157301.fls.doubleclick.net googleads.g.doubleclick.net cdnssl.clicktale.net dpm.demdex.net cdn.agilitycms.com scotiabankfiles.azureedge.net cdn.aglty.io *.winperu.pe *.googleapis.com *.scotiabank.com.pe assets.adobedtm.com dpm.demdex.net www.googleadservices.com www.google.com.pe *.google.com *.adobedtm.com www.facebook.com use.fontawesome.com ing-district.clicktale.net dc.services.visualstudio.com cx.atdmt.com connect.facebook.net c.clicktale.net t.clicktale.net clicktale.net az416426.vo.msecnd.net adservice.google.com 8157301.fls.doubleclick.net www.gstatic.com stats.g.doubleclick.net ogs.google.com scotiabank.tt.omtrdc.net datatrustcatalogobucket.s3.us-east-2.amazonaws.com datatrustperu.com *.scotiabank.com snap.licdn.com px.ads.linkedin.com p.adsymptotic.com 52.18.162.157 52.17.161.123 activitymap.adobe.com www.tiktok.com/es ads.tiktok.com/i18n/login displayvideo.google.com analytics.tiktok.com bat.bing.com bing.com ; 2 default-src 'self' https://horizon-api.www.myvitamins.com https://*.rlcdn.com/; child-src 'self' https://sgtm.myvitamins.com/ https://ams.creativecdn.com https://*.ringcentral.com wss://*.liveperson.net https://*.cloudfront.net https://*.smct.io/ https://*.rlcdn.com/ https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://youtu.be/ https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.seroundprince.com/ https://ams.creativecdn.com wss://*.ringcentral.com https://*.ringcentral.com wss://*.liveperson.net https://*.amazonaws.com/ https://*.smct.io https://*.snapchat.com/ https://*.rlcdn.com/ https://*.contentsquare.net https://click.prod.mplat-ppcprotect.com https://*.listrakbi.com/ https://www.wepowerconnections.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.myvitamins.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.liveperson.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://sgtm.myvitamins.com; font-src 'self' data: https://*.smct.io/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myvitamins.com https://m.myvitamins.com https://checkout.myvitamins.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com https://youtu.be/; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.seroundprince.com/ https://tags.creativecdn.com/ https://*.ringcentral.com/ https://*.smct.io https://smct.co/ https://*.smct.co/ https://ct.pinterest.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://*.contentsquare.net https://app.contentsquare.com https://*.listrakbi.com/ https://s.pinimg.com/ https://*.listrakbi.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://youtu.be/ https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myvitamins.com; frame-ancestors 'self' https://www.instagram.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.smct.io/ https://*.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 2 frame-ancestors https://app.clonable.net 'self'; 2 frame-ancestors 'self' https://jobcloud.ch https://www.jobcloud.ch https://jobs.ch https://www.jobs.ch https://jobup.ch https://www.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://www.jobscout24.ch https://jobscout24.ch https://impieghi.ch https://www.impieghi.ch https://www.stellenmarkt.ch https://stellenmarkt.ch https://www.jobbasel.ch https://www.jobbern.ch https://www.jobmittelland.ch https://www.myjob.ch https://www.ostjob.ch https://www.zentraljob.ch https://www.rhenus.com https://rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.calendly.com https: http://js.hs-scripts.com https://js.hs-scripts.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https: wss: https://ldc.a.usbrowserspeed.com; frame-src 'self' https://calendly.com https://app.storyblok.com/ https://vercel.live/ https://tag.trovo-tag.com/ https://forms.hsforms.com/ https://insight.adsrvr.org/ https://www.youtube.com https://youtube.com https://youtu.be https://overjet.tourial.com https://app.hubspot.com; media-src 'self' https://www.youtube.com https://youtube.com https://youtu.be https://*.storyblok.com; frame-ancestors 'self' https://app.storyblok.com/; worker-src 'self' blob:; upgrade-insecure-requests; 2 default-src 'self' *.malvernpanalytical.com *.malvernpanalytical.com.cn; connect-src 'self' https://*.clarity.ms https://api64.ipify.org https://geoip-js.com https://*.hotjar.com wss://*.hotjar.com https://api64.ipify.org https://bat.bing.com https://segments.company-target.com https://cdn.cookielaw.org https://www.google-analytics.com *.g.doubleclick.net https://api.company-target.com https://surveystats.hotjar.io https://analytics.google.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com https://privacyportal-de.onetrust.com v2.clickguardian.app *.google-analytics.com *.analytics.google.com geolocation.onetrust.com api.bizzabo.com *.google.com malvernpanalytical.matomo.cloud unpkg.com cdn.jsdelivr.net cdn.linkedin.oribi.io gateway.zscalertwo.net mp-production.ent.eu-west-1.aws.found.io mp-uat.ent.eu-west-1.aws.found.io mp-development.ent.eu-west-1.aws.found.io mpfinder.azurewebsites.net www.googleapis.com prompts.maze.co pagead2.googlesyndication.com tag-logger.demandbase.com px.ads.linkedin.com cdn.horizons.confirmit.eu https://*.materials-talks.com https://*.materials-talks.jp https://*.materials-talks.kr https://api.demandbase.com www-api.malvernpanalytical.com www-api-uat.malvernpanalytical.com www-api-dev.malvernpanalytical.com https://*.recaptcha.net https://wcs.naver.com https://nam.veta.naver.com; font-src 'self' unpkg.com cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com gateway.zscalertwo.net; frame-src 'self' https://virtualshowroom.tech/ *.google.com *.google.co.uk *.google.ie https://*.sdlproducts.com *.recaptcha.net https://www.youtube-nocookie.com https://www.youtub.com *.youtube.com https://player.youku.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ *.visualwebsiteoptimizer.com app.vwo.com gateway.zscalertwo.net td.doubleclick.net s.company-target.com feedback.malvernpanalytical.com https://player.bilibili.com; frame-ancestors 'self' https://*.sdlproducts.com; img-src 'self' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn data: https://dam.malvernpanalytical.com https://c.bing.com/ https://c.clarity.ms/ https://linkedin.com/px/ https://malvern.dist.sdlmedia.com https://p3.aprimocdn.net https://*.sdlproducts.com https://materials-talks.com https://materials-talks.kr https://materials-talks.jp https://*.materials-talks.com https://*.materials-talks.kr https://*.materials-talks.jp https://unpkg.com cdn.jsdelivr.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://match.prod.bidr.io https://bat.bing.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://segments.company-target.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://id.rlcdn.com https://googleads.g.doubleclick.net https://hm.baidu.com http://api.share.baidu.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.hotjar.com https://*.linkedin.com https://cdn.cookielaw.org https://p.adsymtotic.com *.google-analytics.com *.analytics.google.com *.baidu.com gateway.zscalertwo.net res.cloudinary.com https://latex.codecogs.com https://assets-ext.bizzabo.com https://i.ytimg.com https://postfiles.pstatic.net; media-src 'self' https://dam.malvernpanalytical.com https://p3.aprimocdn.net gateway.zscalertwo.net https://*.materials-talks.com https://*.materials-talks.jp https://*.materials-talks.kr; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn https://*.clarity.ms/ https://geoip-js.com https://www.google.com/pagead https://*.sdlproducts.com https://www2.malvernpanalytical.com https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://zz.bdstatic.com/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://www.recaptcha.net https://www.youtube.com https://www.googletagmanager.com unpkg.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://www.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://bat.bing.com http://bat.bing.com https://tag.demandbase.com http://*.pardot.com https://script.hotjar.com https://googleads.g.doubleclick.net http://www.googletagmanager.com https://*.baidu.com http://push.zhanzhang.baidu.com http://ada.baidu.com https://fe-resource.cdn.bcebos.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com v2.clickguardian.app *.googlesyndication.com https://cdn.heeet.io *.matomo.cloud gateway.zscalertwo.net snippet.maze.co cdn.horizons.confirmit.eu https://wcs.naver.net https://ssl.pstatic.net; style-src 'self' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn unpkg.com cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.sdlproducts.com gateway.zscalertwo.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com translate.googleapis.com; worker-src blob: blob: *.malvernpanalytical.com data:; base-uri 'self'; report-to csp-endpoint; 2 frame-src self youtube.com www.youtube.com https://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com https://www.google.com *.prismic.io https://player.vimeo.com/ https://client-registry.mutinycdn.com http://info.arcadia.com/ https://td.doubleclick.net/ hemsync.clickagy.com https://insight.adsrvr.org/ connect.urjanet.com https://www.cognitoforms.com https://forms.hsforms.com; frame-ancestors self localhost:9999 https://*.prismic.io/ 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.plyr.io https://*.tradingview.com https://*.hubspot.com https://www.tickcounter.com https://*.wisekey.com https://*.hsleadflows.net https://*.certifyid.com https://www.brighttalk.com https://cdn.jsdelivr.net https://unpkg.com https://*.tradingview.com https://js.hsforms.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/ https://z.moatads.com https://www.google-analytics.com https://www.googletagmanager.com https://*.addthis.com/ https://cdnjs.cloudflare.com/ https://*.twitter.com/ https://*.twimg.com https://s.ytimg.com https://*.google.com https://rawgit.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.youtube.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://cdn.plyr.io https://*.tradingview.com https://unpkg.com https://cdnjs.cloudflare.com/ https://*.twimg.com https://*.twitter.com https://*.bootstrapcdn.com https://*.googleapis.com https://cdn.wisekey.com; img-src 'self' data: https://*.tradingview.com https://www.googletagmanager.com https://*.linkedin.com https://*.hsforms.com https://www.google.com.vn https://*.certifyid.com https://api.mapbox.com https://unpkg.com https://maps.googleapis.com https://maps.google.com https://forms.hubspot.com https://perf.hsforms.com https://www.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com https://ml-eu.globenewswire.com/ https://hugin.info https://track.hubspot.com https://forms.hsforms.com https://*.twimg.com https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.gstatic.com https://cdn.wisekey.com; font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com/ https://*.gstatic.com https://*.bootstrapcdn.com https://d3o11irj9639cz.cloudfront.net https://cdn.wisekey.com https://*.googleapis.com; frame-src 'self' https://*.tradingview.com https://www.tickcounter.com https://cdnapisec.kaltura.com https://*.doubleclick.net https://*.certifyid.com https://www.brighttalk.com https://app.eu.veertly.com https://www.recaptcha.net/ https://s.tradingview.com https://forms.hsforms.com https://js.hsforms.net https://webcasts.weforum.org/ https://s7.addthis.com/ https://twitter.com htps://js.hsforms.net https://*.twitter.com https://*.facebook.com https://*.youtube-nocookie.com/ https://*.youtube.com https://*.google.com https://livestream.com https://*.wisekey.com; form-action 'self' https://*.twitter.com https://cdn.wisekey.com/ https://forms.hsforms.com; connect-src 'self' https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://*.googlesyndication.com https://*.hscollectedforms.net https://cdn.linkedin.oribi.io https://js.hs-banner.com https://forms.hsforms.com https://api.hubapi.com https://m.addthis.com https://*.twitter.com https://www.google-analytics.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://*.wisekey.com; object-src 'self' https://*.certifyid.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.tradingview.com; 2 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru rabota.pre.hra.tcsbank.ru cityadstrack.com http://pxl.leads.su http://trkleads.ru pxl.leads.su trkleads.ru ad.admitad.com partners.cpaex.ru go.cityclub.finance cityadspix.com pwieu.com hskwq.com umllb.com cityadslink.com nfemo.com facebook.com reg.bet liknot.ru stvkr.com/ api.leads.su offers-staffjet.affise.com analytics.tiktok.com workle.ru www.workle.ru tcsbank.cpahub.ru go.leadgid.ru goto.cpahub.ru devtek.io leadsprofi.ru system.callprofi.ru jne1.info staffjet.scaletrk.com zaimlife.ru my.saleads.pro advertiseru.org adverpro.cc rfnd.io cdn.tbank.ru www.tbank.ru business.tbank.ru cfg.tinkoff.ru www.tinkoff.ru api-statist.tinkoff.ru browser.sentry-cdn.com itsa-self-service-api.tbank.ru rabota.tbank.ru hrsites-api-vacancies.tbank.ru candy-publisher.tbank.ru media.tinkoff.ru meetup.tbank.ru error-hub.tbank.ru geocode-maps.yandex.ru adm.tinkoff.ru rabota.tinkoff.ru twork.tbank.ru hrsites-api-talents.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: analytics.tiktok.com tcsbank.cpahub.ru analytics.google.com www.youtube.com youtube.com rutube.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru cityadstrack.com http://pxl.leads.su http://trkleads.ru pxl.leads.su trkleads.ru ad.admitad.com partners.cpaex.ru go.cityclub.finance cityadspix.com pwieu.com hskwq.com umllb.com cityadslink.com nfemo.com facebook.net reg.bet liknot.ru stvkr.com/ api.leads.su offers-staffjet.affise.com workle.ru www.workle.ru tcsbank.cpahub.ru https://i.ytimg.com/ http://img.youtube.com go.leadgid.ru goto.cpahub.ru devtek.io leadsprofi.ru system.callprofi.ru jne1.info staffjet.scaletrk.com zaimlife.ru my.saleads.pro advertiseru.org adverpro.cc rfnd.io imgproxy.cdn-tinkoff.ru imgproxy.cdn-tbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru www.youtube.com youtube.com education.tbank.ru rutube.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/log/csp-error?appName=pfpjobs&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://prodgis.lla.com https://cdn.quantummetric.com https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com https://analytics.libertycr.com https://www.googletagmanager.com; form-action *; worker-src * blob:; 2 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2 frame-ancestors 'self' https://hertfordshire.gov.uk https://*.hertfordshire.gov.uk https://su-uk*.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com https://su-secu-azu-d365-bps-hcccsc-d.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-t.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-u.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-l.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-d2.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-u2.crm11.dynamics.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://tag.curiosidadesdigitais.com/suno_suno.9999.js http://cdn.stape.io https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com https://cdn.jsdelivr.net/npm/echarts@5.4.1/dist/echarts.min.js https://suno-marketdata-api.suno.com.br/ https://staging-marketdata-api-blfrlxkj30sx2blh.suno.com.br/; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' https://suno-noticias-staging.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ https://cdn.ampproject.org *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.facebook.com *.twitter.com *.twimg.com *.googleapis.com *.amazonaws.com *.youtube.com *.newrelic.com *.cloudfront.net https://disclaimer-api.goadopt.io http://cdn.stape.io *.hubapi.com https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com; object-src 'none'; base-uri 'self' 2 default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; frame-ancestors 'self' https://dashboard.eye-able.com; report-uri /report/content-security-policy 2 upgrade-insecure-requests; frame-ancestors 'self' https://app.storyblok.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.pay1.de api.deepl.com api-free.deepl.com https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com containertags.belboon.de containertags.belboon.com https://*.r.akipam.com https://*.r.jakuli.com https://*.r.lafamo.com https://*.r.niwepa.com https://*.r.powuta.com https://cdn.logico3c.com https://pix.hyj.mobi https://s.retargeted.co https://maytrics.marvellousmachine.net tr.fatmedia.io as.ad4m.at ad4m.at https://*.adform.net bsmartdata.com fatmedia.io ad.ad-srv.net lekkerads.nl marvellousmachine.net https://*.gsitrix.com mediards.com https://*.mediards.com pikkasrv.com ad.ad-srv.net https://*.redintelligence.net https://*.adform.net https://*.redintelligence.net https://*.gsitrix.com https://*.adc-srv.net https://*.ad-srv.net https://*.mediards.com a.twiago.com ad.doubleclick.net ad.yieldlab.net ad13.adfarm1.adition.com ad4m.at adscale.de apptracker.stream bsmartdata.com dsum-sec.casalemedia.com https://*.fatmedia.io lekkerads.nl marvellousmachine.net pikkasrv.com r.adserver01.de r.adserver01.de r.df-srv.de rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com trc.taboola.com tr.mediards.de https://s.marvellousmachine.net https://trk.cytelligence.io/ https://sdk-set1.com/ bat.bing.com sync.targeting.unrulymedia.com sync.1rx.io static.criteo.net sslwidget.criteo.com dynamic.criteo.com connect.facebook.net www.facebook.com cm.g.doubleclick.net adservice.google.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.google-analytics.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js s.pinimg.com ct.pinterest.com api.sovendus.com *.adsrvr.org widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://youtube.com https://www.youtube.com https://applepay.cdn-apple.com; connect-src 'self' https://eu1-search.doofinder.com api.deepl.com api-free.deepl.com pro.ip-api.com 'self' data: blob: https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com https://tr.fatmedia.io https://api.retargeted.co bat.bing.com measurement-api.criteo.com www.econda-monitor.de stats.g.doubleclick.net https://www.google.de/ads/ https://*.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com/ ct.pinterest.com https://www.pinterest.com https://*.sovendus.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com api.trustedshops.com logging.trustbadge.com https://shops-si.trustedshops.com https://guarantee-log.trustedshops.com/v2/trustcard https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: i.ytimg.com data: https://*.googleapis.com https://*.google.com https://*.gstatic.com kraeuterhaus-nocookie.de www.kraeuterhaus-nocookie.de https://t.adcell.com https://janus.r.jakuli.com/ https://img.youtube.com https://ads.yieldmo.com https://sync.1rx.io https://as.ad4m.at https://ih.adscale.de https://dsum-sec.casalemedia.com https://a.twiago.com https://sync.targeting.unrulymedia.com bat.bing.com gum.criteo.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com c1.adform.net dpm.demdex.net dis.criteo.com www.facebook.com https://connect.facebook.net www.google.com www.google.de https://*.g.doubleclick.net adservice.google.com cm.g.doubleclick.net https://server.seadform.net www.googletagmanager.com https://public-prod-dspcookiematching.dmxleo.com ct.pinterest.com widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' mailto: secure.pay1.de www.youtube-nocookie.com https://*.google.com https://t.adcell.com hal9000.redintelligence.net pixel.bsmartdata.com ads.lekkerads.nl ad.ad-srv.net s.marvellousmachine.net https://containertags.belboon.com https://analytics.bestofluck.io https://roxxtraxx.de https://ad4m.at https://c1.adform.net https://*.ad-srv.net/ https://cm.g.doubleclick.net https://ban.tangooserver.com *.mediards.com gum.criteo.com fledge.eu.criteo.com connect.facebook.net www.facebook.com https://*.fls.doubleclick.net https://td.doubleclick.net/ ct.pinterest.com https://*.sovendus.com https://www.sovendus-connect.com https://vars.hotjar.com https://youtube.com https://www.youtube.com; media-src 'self'; base-uri 'self'; form-action 'self' login.microsoftonline.com www.facebook.com; upgrade-insecure-requests; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: connect-src: wss://chat.sbservers.cz wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io img-src: https://chat.supportbox.cz script-src: 'unsafe-inline' https://chat.supportbox.cz style-src: https://chat.supportbox.cz blob: 2 child-src 'self' https://apps.rokt.com https://sgtm.glossybox.co.uk https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://analytics.tiktok.com https://*.ringcentral.com wss://*.ringcentral.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com https://sgtm.glossybox.co.uk; default-src 'none'; font-src 'self' data: https://*.ringcentral.com https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.co.uk https://checkout.glossybox.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.ringcentral.com https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://analytics.tiktok.com https://static.ads-twitter.com https://*.ringcentral.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com https://sgtm.glossybox.co.uk; style-src 'self' 'unsafe-inline' https://*.ringcentral.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to csp-endpoint 2 default-src 'self' https://api.ibep-dev.com wss://u0f66ngvbb.execute-api.us-east-2.amazonaws.com/dev cms.ibep-dev.com diebibel-auth.ibep-dev.com https://api.ibep-prod.com wss://hd0agw1xri.execute-api.us-east-2.amazonaws.com/prod cms.ibep-prod.com diebibel-auth.ibep-prod.com https://api.ibep-staging.com wss://cny3wvor6f.execute-api.us-east-2.amazonaws.com/staging cms.ibep-staging.com diebibel-auth.ibep-staging.com https://api.ibep-test.com wss://e5cbjrq6gk.execute-api.us-east-2.amazonaws.com/test cms.ibep-test.com diebibel-auth.ibep-test.com www.youtube.com www.youtube-nocookie.com player.vimeo.com open.spotify.com public-player-widget.webradiosite.com streamyard.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-sites-eu1.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms.office.com *.jotform.com digiaccess.org *.eu.mautic.net *.digiaccess.org matomo.rackfish.com *.acast.com *.die-bibel.de static.ads-twitter.com nexus.ensighten.com td.doubleclick.net stats.g.doubleclick.net spenden.twingle.de *.customgpt.ai *.licdn.com www.gstatic.com www.google.com surveys.enalyzer.com *.omappapi.com optinmonster.com http://engage.biblijosdraugija.lt https://engage.biblijosdraugija.lt code.etracker.com www.etracker.de facebook.com *.facebook.com connect.facebook.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com file-examples.com www.googletagmanager.com www.bytesroute.com app.bytesroute.com bytesroute-backend.herokuapp.com use.typekit.net *.typekit.net *.google-analytics.com analytics.google.com *.analytics.google.com *.ingest.sentry.io d1weibdish4e0y.cloudfront.net d3t5ogzx22a7ri.cloudfront.net d1hkpuz2o5a2xw.cloudfront.net mautic.bijbelgenootschap.nl fonts.googleapis.com www.google.pt fonts.gstatic.com prezi-nocookies.com *.prezicdn.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io buzzsprout.com www.buzzsprout.com cdn.onesignal.com onesignal.com bytesroute.com *.bytesroute.com *.webradiosite.com widget.spreaker.com *.spreaker.com *.canva.com *.clarity.ms m.debijbel.nl 'unsafe-inline'; img-src * data: 2 upgrade-insecure-requests; default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com; img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr https://img.youtube.com data:; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/; form-action 'self' ; connect-src 'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://data.geopf.fr/geocodage/completion https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/; manifest-src 'self'; child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com; object-src 'self'; 2 frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/ 2 frame-ancestors self https://app.siter.work https://app.siter.io 2 default-src 'self' data:; base-uri 'self'; connect-src 'self' data: https: www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca *.google.fr *.google.com.mx *.google.co.uk pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com *.googleapis.com *.gstatic.com www.linkedin.com snap.licdn.com *.ads.linkedin.com p.adsymptotic.com *.linkedin.oribi.io sjs.bizographics.com bat.bing.com connect.facebook.net www.facebook.com *.cookieyes.com cdn-cookieyes.com *.billets.ca *.tickets.ca; font-src 'self' data: https: fonts.gstatic.com tp-prod-billetsca-public.s3.ca-central-1.amazonaws.com tp-prod-marketplace-public.s3.ca-central-1.amazonaws.com; form-action 'self' https: www.facebook.com; frame-ancestors 'none'; frame-src 'self' https: td.doubleclick.net www.googletagmanager.com *.google.com www.facebook.com; img-src 'self' data: blob: https: www.googletagmanager.com googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca *.google.fr *.google.com.mx *.google.co.uk googleads.g.doubleclick.net pagead2.googlesyndication.com www.googleadservices.com google.com *.googleapis.com *.gstatic.com *.googleusercontent.com www.linkedin.com *.ads.linkedin.com bat.bing.com www.facebook.com cdn-cookieyes.com *.billets.ca *.tickets.ca tp-prod-billetsca-public.s3.ca-central-1.amazonaws.com tp-prod-marketplace-public.s3.ca-central-1.amazonaws.com; manifest-src 'self' https: *.billets.ca *.tickets.ca; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: www.googletagmanager.com googletagmanager.com tagmanager.google.com *.googletagmanager.com www.googleadservices.com www.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com snap.licdn.com bat.bing.com connect.facebook.net cdn-cookieyes.com tp-prod-billetsca-public.s3.ca-central-1.amazonaws.com tp-prod-marketplace-public.s3.ca-central-1.amazonaws.com; style-src 'self' 'unsafe-inline' https: googletagmanager.com tagmanager.google.com fonts.googleapis.com www.gstatic.com tp-prod-billetsca-public.s3.ca-central-1.amazonaws.com tp-prod-marketplace-public.s3.ca-central-1.amazonaws.com; worker-src 'self' blob: data:; report-uri https://o1428952.ingest.us.sentry.io/api/6779447/security/?sentry_key=8b5fda394a3642e9a3bf42710a029851&environment=production&release=16202293557 2 frame-ancestors 'self' https://*.gls.de external.centralstationcrm.net; default-src 'self' external.centralstationcrm.net; style-src 'self' 'unsafe-inline' external.centralstationcrm.net cdn.eye-able.com; script-src 'self' 'unsafe-inline' *.gls.de connect.facebook.net www.facebook.com external.centralstationcrm.net cdn.eye-able.com 'wasm-unsafe-eval'; img-src 'self' *.gls.de connect.facebook.net www.facebook.com external.centralstationcrm.net cdn.eye-able.com data: https://i.vimeocdn.com https://rtc.maptoolkit.net external.centralstationcrm.net; font-src 'self' data:; connect-src 'self' *.gls.de external.centralstationcrm.net https://api.friendlycaptcha.com/api/v1/puzzle; object-src 'self'; base-uri 'none'; frame-src 'self' *.glsbank.de *.gls.de *.gls-bank.de https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://vr-international.vr-bankenportal.de *.frcapi.com; form-action 'self'; worker-src blob:; child-src blob:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rexx-recruitment.com https://cdn.jsdelivr.net/ cdnjs.cloudflare.com https://*.rexx-systems.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://www.google-analytics.com https://sas.ikb.at https://*.branchly.io https://cdn.matomo.cloud https://www.googleadservices.com https://ajax.googleapis.com https://www.gstatic.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com/recaptcha https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://cdn.honey.io https://sas.ikb.at https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.branchly.io https://yoast.com https://*.googleadservices.com https://region1.analytics.google.com https://*.googletagmanager.com wss://sas.ikb.at https://*.google.it https://*.google.co.il https://*.google.com https://www.google.es https://www.google.ch https://google.com https://www.facebook.com https://www.google.com https://www.google.de https://www.google.at https://maps.googleapis.com https://branchly-api.azurewebsites.net https://*.doubleclick.net https://doubleclick.net https://api.holzweg.tv https://ikb.matomo.cloud https://prod.spline.design https://unpkg.com https://*.hotjar.io https://*.hotjar.io:443 https://services.infeo.at https://sas.ikb.at https://www.google-analytics.com https://www.google.lv; frame-src 'self' https://api.lapis-analytics.com https://player.simplecast.com https://player.vimeo.com https://www.lightpollutionmap.info https://www.eversports.at https://ikb.viewer.cit-fusion.com https://gis.ikb.at https://docs.google.com https://www.google.com https://*.rexx-systems.com https://*.youtube.com https://*.feratel.com https://www.googletagmanager.com https://sas.ikb.at https://ocilion.com https://www.facebook.com https://*.doubleclick.net; media-src 'self' data:; report-to csp-endpoint; report-uri https://hw-api.holzweg.tv/csp 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /report-csp-violation 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 2 img-src * *.commercecloud.salesforce.com *.thewatchbox.com *.govbergwatches.com *.the1916company.com *.imgix.net *.amazonaws.com *.placeholder.com *.cookielaw.org 'self' data:;script-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com unsafe-inline 'unsafe-eval' https://runtime.commercecloud.com;connect-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com unsafe-inline https://runtime.commercecloud.com;default-src 'self';style-src 'self' * 'unsafe-inline';frame-src 'self' * data: blob:;media-src 'self' *;object-src 'none';font-src 'self' * data:;frame-ancestors 'self' https://www.the1916company.com https://runtime.commercecloud.com;base-uri 'self';block-all-mixed-content;script-src-attr 'none';upgrade-insecure-requests 2 default-src 'self' http: https: ws: wss: 'unsafe-inline' 'unsafe-eval' data:; child-src 'self' blob: https:; img-src 'self' blob: data: https:; worker-src 'self' blob: https: 2 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.epichosted.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.jsdelivr.net yoast.com maps.googleapis.com *.formsite.com formsite.com *.callrail.com *.epichosted.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.albanymed.org maps.googleapis.com maps.gstatic.com i.ytimg.com i.vimeocdn.com secure.gravatar.com ps.w.org yoa.st yoast.com; connect-src 'self' *.algolia.net *.algolia.io *.algolianet.com analytics.google.com *.doubleclick.net my.yoast.com maps.googleapis.com *.callrail.com *.epichosted.com; frame-src 'self' *.doubleclick.net www.youtube.com player.vimeo.com *.formsite.com formsite.com; 2 frame-ancestors 'self' https://jobsearch.createyourowncareer.com https://www.benet.bertelsmann.com https://www.benet.bertelsmann.de; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com https://www.googletagmanager.com app.ecwid.com translate.google.com *.cloudfront.net https://builder.lift.acquia.com ecomm.events translate.googleapis.com https://www.discoverhealth.org https://translate-pa.googleapis.com js.adsrvr.org connect.facebook.net https://www.google-analytics.com https://discoverhealth.org bam.nr-data.net maps.googleapis.com www.google.com www.gstatic.com www.youtube.com *.epichosted.com https://www.googleadservices.com *.cloudflare.com *.cloudflareinsights.com *.jsdelivr.net bam.nr-data.net *.fontawesome.com solutions.invocacdn.com script-app.mercuryhealthcare.com https://srhs-cp.srhs.com https://app.truelook.cloud *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro *.cloudpano.com app.cloudpano.com https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://mychart.spartanburgregional.com https://brandedweb.mindbodyonline.com/* https://brandedweb.mindbodyonline.com/embed/widget.js https://brandedweb-assets.mindbodyonline.com *.mindbodyonline.com *.healcode.com https://cdn.mxpnl.com https://www.discoverhealth.org/ https://youtu.be/*; frame-src 'self' adfs.srhs.com www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io srhs-cp.srhs.com *.facebook.com https://app.truelook.cloud https://www.mealpro.net mealpro.net *.calendly.com *.azure.com https://calendly.com https://srhs.piwik.pro *.cloudpano.com app.cloudpano.com https://mychart.spartanburgregional.com https://brandedweb-assets.mindbodyonline.com https://brandedweb-next.mindbodyonline.com https://widgets.mindbodyonline.com https://www.discoverhealth.org/ https://youtu.be/*; child-src 'self' adfs.srhs.com www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io https://app.truelook.cloud *.calendly.com *.azure.com https://calendly.com *.piwik.pro https://srhs.piwik.pro/ https://mychart.spartanburgregional.com https://brandedweb.mindbodyonline.com/embed/widget.js https://www.discoverhealth.org https://youtu.be/*; connect-src 'self' https://www.discoverhealth.org https://sessions.bugsnag.com *.lift.acquia.com app.ecwid.com/ ecomm.events https://www.google-analytics.com/ bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com api.clockwisemd.com www.facebook.com *.webdamdb.com translate.googleapis.com *.fontawesome.com adfs.srhs.com https://analytics.google.com https://widgets.mindbodyonline.com/ https://srhs-cp.srhs.com https://us.perz-api.cloudservices.acquia.io *.truelook.cloud ws: *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro www.youtube.com *.cloudpano.com https://app.cloudpano.com https://mychart.spartanburgregional.com/ https://brandedweb.mindbodyonline.com/embed/widget.js https://brandedweb-assets.mindbodyonline.com https://widgets.mindbodyonline.com https://www.discoverhealth.org/ https://youtu.be/* 2 default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2 frame-ancestors 'self' https://www.mitiendadearte.com https://mitiendadearte.com https://www.craftelier.com https://hartem.com https://www.hartem.com https://it-blog.craftelier.com https://de-blog.craftelier.com https://nl-blog.craftelier.com https://pl-blog.craftelier.com https://pt-blog.craftelier.com https://ie-blog.craftelier.com https://cl-blog.craftelier.com https://es-blog.craftelier.com https://esh-blog.craftelier.com https://fr-blog.craftelier.com https://gb-blog.craftelier.com https://hgb-blog.craftelier.com https://hfr-blog.craftelier.com https://hie-blog.craftelier.com https://hde-blog.craftelier.com https://hpt-blog.craftelier.com https://hit-blog.craftelier.com https://hnl-blog.craftelier.com; 2 frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com; 2 upgrade-insecure-requests; upgrade-insecure-requests 2 frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://bbox.blackbaudhosting.com https://cdn.lightwidget.com https://embed-assets.wakelet.com/ https://my.visme.co https://trevorzaplelts.shinyapps.io https://forms.zohopublic.com https://living-in-a-warming-world.lesaffranchis.ca/ https://drive.google.com https://app.smartsheet.com https://embed.wakelet.com https://host.nxt.blackbaud.com https://payments.blackbaud.com https://www.google.com https://player.captivate.fm https://padlet.com https://indd.adobe.com https://view-awesome-table.com https://xmas-2023.lesaffranchis.ca/; object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self' https://auth.letstalkscience.ca/ https://host.nxt.blackbaud.com https://payments.blackbaud.com; frame-ancestors 'self' https://host.nxt.blackbaud.com https://payments.blackbaud.com 2 default-src 'self' cloudflare-quic.com; script-src 'self' d10zminp1cyta8.cloudfront.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com challenges.cloudflare.com cdnjs.cloudflare.com *.licdn.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hsforms.net *.hs-analytics.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.cookiebot.com *.hsforms.com; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.cookiebot.com challenges.cloudflare.com *.hsforms.com; object-src 'none'; connect-src 'self' career.recruitee.com *.plyr.io *.linkedin.oribi.io *.cookiebot.com *.google-analytics.com px.ads.linkedin.com *.hsforms.com *.s3.amazonaws.com; 2 default-src 'self' wss://ws.salecycle.com/ *.salecycle.com/ *.cloudfront.net/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.fanplayr.com/ *.contentsquare.net/ *.office.net/ 'unsafe-inline'; style-src 'self' *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.msccruises.com/ *.msccruises.ie/ *.algolianet.com/ *.algolia.net/ *.dynatrace.com/ *.go-mpulse.net/ *.paypal.co/ *.apple.com/ *.googleapis.com/ google.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.thron.com/ *.privacy-center.org/ cdn.jsdelivr.net/ *.fanplayr.com/ *.criteo.com/ *.criteo.net/ *.pinimg.com/ *.contentsquare.net/ 'unsafe-inline'; script-src 'self' *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.msccruises.com/ *.msccruises.ie/ *.algolianet.com/ *.algolia.net/ cdn.jsdelivr.net/ *.datatrans.com/ *.dynatrace.com/ *.go-mpulse.net/ *.akamaihd.net/ *.google.com/ google.com/ *.paypal.com/ *.apple.com/ *.adobedtm.com/ *.googletagmanager.com/ *.admo.tv/ *.facebook.net/ *.fanplayr.com/ *.msccruises.co.uk/ *.bing.com/ *.pinimg.com/ *.cloudfront.net/ *.tiktok.com/ *.freespee.com/ *.google-analytics.com/ *.pinterest.com/ *.gstatic.com/ *.googleadservices.com/ *.google.it/ *.google.co.uk/ *.google.ch/ *.google.ie/ *.google.gr/ *.googleapis.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.doubleclick.net/ *.thron.com/ *.privacy-center.org/ *.clarity.ms/ blob: 'unsafe-inline' 'unsafe-eval' assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/; img-src 'self' data: *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.msccruises.com/ *.msccruises.co.uk/ *.msccruises.ie/ *.algolianet.com/ *.algolia.net/ *.youtube.com/ *.bing.com/ *.paypalobjects.com/ *.paypal.com/ *.gstatic.com/ *.doubleclick.net/ *.googletagmanager.com/ *.googleadservices.com/ *.google.it/ *.google.com/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.facebook.com/ *.datatrans.com/ *.thron.com/ *.privacy-center.org/ *.clarity.ms/ *.fanplayr.com *.cloudfront.net assets.sc-trc.com/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/ *.ytimg.com/ *.emailingnetwork-platform.com/; frame-src 'self' *.adobe.com/ *.youtube.com *.datatrans.com/ *.paypal.com/ *.apple.com/ *.googletagmanager.com/ *.pinterest.com/ *.paypalobjects.com/ *.gstatic.com/ *.doubleclick.net/ *.googleadservices.com/ *.google.it/ *.google.com/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.facebook.com/ *.msccruises.com/ *.privacy-center.org/ wss://ws.salecycle.com/ *.salecycle.com/ *.cloudfront.net/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.thron.com/ *.clarity.ms/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.contentsquare.net/; frame-ancestors 'self'; connect-src 'self' *.adobe.com/ *.scene7.com/ *.algolianet.com/ *.algolia.net/ cdn.jsdelivr.net/ *.datatrans.com/ *.dynatrace.com/ *.go-mpulse.net/ *.akstat.io/ *.akamaihd.net/ google.com/ *.google.com/ *.google.it/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.paypal.com/ *.apple.com/ *.cloudhub.io/ *.adobedc.net/ *.adobedtm.com/ *.googletagmanager.com/ *.admo.tv/ *.facebook.net/ *.facebook.com/ *.fanplayr.com/ *.msccruises.co.uk/ *.bing.com/ *.bing.net/ *.pinimg.com/ *.cloudfront.net/ *.tiktok.com/ *.freespee.com/ *.google-analytics.com/ *.pinterest.com/ *.paypalobjects.com/ *.gstatic.com/ *.demdex.net/ *.salecycle.com/ *.thron.com/ *.privacy-center.org/ *.msccruises.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.privacy-center.org/ *.msccruises.com/ *.clarity.ms/ *.adobeaemcloud.com/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ smetrics.msccruises.co.uk/ smetrics.msccruisesusa.com/ smetrics.msccruises.ie/ *.doubleclick.net/ *.algolia.io/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.googleadservices.com/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/; font-src 'self' data: *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.fanplayr.com/ *.gstatic.com/ *.office.net/; media-src 'self' stage-assets.msccruises.com/ assets.msccruises.com/ *.adobe.com/ *.scene7.com/ *.thron.com/ blob: 2 default-src 'self' *.lpsnmedia.net; frame-src 'self' data: *.magellanhealth.com *.lpsnmedia.net *.liveperson.net https: lpcdn.lpsnmedia.net; img-src 'self' data: *.lpsnmedia.net https: *.google-analytics.com *.googletagmanager.com; media-src 'self' blob: *.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net http: https: googletagmanager.com google-analytics.com pi.pardot.com; style-src 'self' 'unsafe-inline' http: https: use.fontawesome.com; font-src 'self' data: http: https: use.typekit.net; connect-src 'self' data: http: https: google-analytics.com analytics.google.com googletagmanager.com ws: va.msg.liveperson.net 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.usercentrics.eu https://*.cookieinformation.com https://*.hometogo.com https://*.google-analytics.com https://*.facebook.net https://*.g.doubleclick.net https://*.creativecdn.com https://unpkg.com https://bat.bing.com https://*.criteo.net https://*.criteo.com https://*.hubspot.com https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:; frame-src 'self' https://*.creativecdn.com https://*.googletagmanager.com https://*.usercentrics.eu https://*.cookieinformation.com https://*.doubleclick.net https://*.appspot.com https://*.criteo.com; connect-src 'self' https: wss: https://policy.app.cookieinformation.com; child-src 'self' https://app.usercentrics.eu https://policy.app.cookieinformation.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk 2 default-src 'self' 'unsafe-inline' https: data: *.maribank.com.sg *.maribank.sg www.google-analytics.com www.googletagmanager.com wvjbscheme:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.youtube.com *.google-analytics.com *.googletagmanager.com cdn.cookielaw.org ibe.uphotel.agency https://www.google.com https://www.gstatic.com *.virtualearth.net *.bing.com unpkg.com *.pagestrip.com onepagebooking.com cdnjs.cloudflare.com *.walls.io walls.io connect.facebook.net snap.licdn.com *.azureedge.net; img-src 'self' data: *.object.storage.eu01.onstackit.cloud *.google-analytics.com *.google.de www.googletagmanager.com fonts.gstatic.com form.lidl.com *.google-analytics.com ibe-frontend-production-frontend.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.tile.openstreetmap.org *.tiles.virtualearth.net *.bing.com http://*.tile.osm.org unpkg.com *.pagestrip.com cdn.cookielaw.org onepagebooking.com api.scon-assets.schwarz www.facebook.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com form.lidl.com *.fonts.net ibe.uphotel.agency https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.bing.com unpkg.com *.pagestrip.com onepagebooking.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com ibe.uphotel.agency *.pagestrip.com; frame-src 'self' 'unsafe-inline' www.youtube.com form.lidl.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.google.com *.walls.io walls.io form.schwarz-digits.de form.beschaffung.schwarz; connect-src 'self' *.google-analytics.com *.google.com stats.g.doubleclick.net form.lidl.com *.uphotel.agency cdn.cookielaw.org *.onetrust.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.openstreetmap.org https://www.bing.com pagestrip.com *.pagestrip.com *.scon.schwarz wss://endpoint-prod.scon.schwarz scon-assets-hub-prod.apps.01.cf.eu01.stackit.cloud api.scon-assets.schwarz px.ads.linkedin.com *.azureedge.net *.dynamics.com; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.google-analytics.com; 2 font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com https://cdn.knightlab.com/; frame-ancestors 'self' https://*; 2 default-src 'self' ka-p.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com connect.facebook.net *.doubleclick.net *.linkedin.com *.licdn.com *.criteo.com *.criteo.net kit.fontawesome.com consent.cookiebot.eu consentcdn.cookiebot.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.google.com *.gwallet.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.it *.googletagmanager.com *.doubleclick.net hicmobile.go2cloud.org track.hicmobile.com www.facebook.com imgsct.cookiebot.com ciphercoin.com img.sct.eu1.usercentrics.eu; frame-src 'self' *.google.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.elegantthemes.com *.yousign.com *.criteo.com www.facebook.com consentcdn.cookiebot.eu app.powerbi.com; font-src 'self' data: fonts.gstatic.com ka-p.fontawesome.com; connect-src 'self' sst.bbbell.it *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com ka-p.fontawesome.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net *.doubleclick.net consentcdn.cookiebot.eu; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.se data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.se; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.se data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src 'self' api.whatsapp.com *.coveo.com analytics.tiktok.com *.chatlayer.ai *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com *.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com cdn.livechatinc.com themes.googleusercontent.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 2 frame-ancestors 'self' https://newapp.etracker.com; 2 frame-ancestors 'self' https://*.facebook.com 2 frame-ancestors 'self' *.biltrewards.com *.activebuilding.com *.avalonaccess.com *.henrihome.com avalonaccess.com www.hqo.co www.hqo.com www.hqoapp.com www.mrcooper.com *.loftliving.com mycommunity.americancampus.com americancampus.my.site.com; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://www.google.com https://www.gstatic.com https://beacon-v2.helpscout.net https://zencastr.com https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.ne https://js.zi-scripts.com https://js.hs-analytics.net https://socialannexinc.widget.insent.ai https://googleads.g.doubleclick.net https://tags.clickagy.com https://static.hsappstatic.net https://www.annexcloud.com https://annexcloud.com data: https://unpkg.com https://js.hubspot.com https://j.6sc.co/6si.min.js https://j.6sc.co/ https://b.6sc.co https://*.clarity.ms https://annexcloud-9462504.hs-sites.com blob: https://js.adsrvr.org/ https://www.opinionstage.com/ https://cdn-app.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.annexcloud.com https://unpkg.com https://cdn-app.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://dev.visualwebsiteoptimizer.com https://track.hubspot.com https://r2.visualwebsiteoptimizer.com https://aorta.clickagy.com https://sync.crwdcntrl.net https://dpm.demdex.net https://pixel-sync.sitescout.com https://cm.g.doubleclick.net https://aa.agkn.com https://idsync.rlcdn.com https://d.agkn.com https://www.annexcloud.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://validator.swagger.io https://us-u.openx.net https://perf-na1.hsforms.com https://j.6sc.co/ https://b.6sc.co/ https://*.clarity.ms https://c.bing.com https://annexcloud-9462504.hs-sites.com https://opinionstage-res.cloudinary.com/ https://assets.opinionstage.com/ https://cdn.optimizely.com https://cdn.annexcloud.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com https://forms.hscollectedforms.net https://r2.visualwebsiteoptimizer.com https://js.hs-banner.com https://js.zi-scripts.com https://api.hubapi.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://socialannexinc.api https://pagead2.googlesyndication.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://cdn.annexcloud.com https://cta-service-cms2.hubspot.com https://ipv6.6sc.co/ https://c.6sc.co/ https://epsilon.6sense.com/ https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://forms-na1.hubspot.com/ https://eps.6sc.co/ https://v.eps.6sc.co/ https://www.opinionstage.com https://jukebox.pathfactory.com https://spcollector.pathfactory.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://www.annexcloud.com https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://cdn.optimizely.com https://cdn.annexcloud.com; frame-src 'self' https://www.google.com https://www.youtube.com https://zencastr.com data: blob: https://socialannexinc.widget.insent.ai https://meetings.hubspot.com https://forms.hsforms.com https://annexcloudplatform-us.site24x7signals.com https://annexcloudplatform-us.site24x7statusiq.com https://*.site24x7signals.com https://annexcloudplatform-apregion-1600872281861.site24x7statusiq.com https://annexcloudplatform-euregion-1600872281864.site24x7statusiq.com https://cdn.annexcloud.com https://td.doubleclick.net https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://app.hubspot.com https://insight.adsrvr.org https://match.adsrvr.org https://www.opinionstage.com https://annexcloud.pathfactory.com https://loyaltylounge.annexcloud.com https://player.vimeo.com www.googletagmanager.com; manifest-src 'self' https://www.annexcloud.com; child-src 'self' www.googletagmanager.com; worker-src 'self' blob:; frame-ancestors 'none' https://loyaltylounge.annexcloud.com https://annexcloud.pathfactory.com; upgrade-insecure-requests; block-all-mixed-content; 2 child-src js.stripe.com www.facebook.com; connect-src 'self' https://faro-collector-prod-us-east-2.grafana.net sdk.iad-01.braze.com wss://ws-mt1.pusher.com sockjs-mt1.pusher.com api.segment.io api2.branch.io cdn.segment.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com maps.googleapis.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://analytics.google.com www.google.com translate.googleapis.com wss://cdn0.forter.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com privacyportal.onetrust.com geolocation.onetrust.com https://*.sendbird.com wss://*.sendbird.com cdn.cookielaw.org; frame-src js.stripe.com bid.g.doubleclick.net www.facebook.com www.googletagmanager.com td.doubleclick.net https://www.google.com; img-src 'self' cdn.branch.io https://file-us-3.sendbird.com https://s3.us-east-1.amazonaws.com/sendbird-us-3 pixel.pointmediatracker.com flask.nextdoor.com cdn.blisspointmedia.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com graph.facebook.com cdn.cookielaw.org https://braze-images.com data: blob:; script-src-elem 'self' 'unsafe-inline' https://d2aibw1rdya05u.cloudfront.net cdn.segment.com ads.nextdoor.com https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net wss://cdn0.forter.com *.prod.favor.dev *.pci-np.favor.dev www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link cdn.branch.io cdn.cookielaw.org https://www.gstatic.com; script-src 'self' 'unsafe-eval' cdn.segment.com ads.nextdoor.com cdn.branch.io https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.prod.favor.dev *.pci-np.favor.dev js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' web-assets.favordelivery.com www.gstatic.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.favordelivery.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/reportOnly; worker-src *.favordelivery.com 'self' blob:; frame-ancestors 'self' https://heb.com https://*.heb.com; 2 default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.gstatic.com cdn.evgnet.com *.evergage.com wompi.us-6.evergage.com https://cdn.jsdelivr.net https://npmcdn.com https://www.googletagmanager.com https://www.google.com http://www.googletagmanager.com https://snap.licdn.com http://www.google-analytics.com https://connect.facebook.net https://static.zdassets.com;media-src 'self' https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net galatea-dev.apps.ambientesbc.com;frame-src 'self' www.google.com *.evergage.com wompi.us-6.evergage.com cdn.evgnet.com *.email.wompi.com recaptcha.google.com youtube.com https://td.doubleclick.net https://www.youtube.com; img-src 'self' https://wompi.com *.email.wompi.com public-assets.wompi.com https://www.linkedin.com data: https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.co; font-src 'self' data: galatea-dev.apps.ambientesbc.com wompi.us-6.evergage.com; object-src 'self'; base-uri 'self';form-action 'self'; frame-ancestors 'self' *.evergage.com wompi.us-6.evergage.com *.email.wompi.com cdn.evgnet.com; connect-src 'self' ekr.zdassets.com cdn.evgnet.com wompi.us-6.evergage.com www.google.com https://*.wompi.co https://*.wompi.dev https://zendesk-eu.my.sentry.io https://wompipa.zendesk.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com px.ads.linkedin.com analytics.google.com ekr.zdassets.com https://px.ads.linkedin.com/wa wompi.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://www.google.com.co https://hook.us1.make.com;report-to https://api.wompi.co/v1/csp-report;report-uri https://api.wompi.co/v1/csp-report; 2 frame-ancestors 'self' https://hansa-autoversicherung.de https://lumen.da-dg.com https://www.wigger-versicherung.de https://www.elbtor-versicherungen.de https://www.sternauto-versicherung.de 2 content-security-policy: upgrade-insecure-requests; default-src 'self' https://*.1se.co https://*.wp.com; script-src 'self' https://*.1se.co https://*.wp.com https://cmp.osano.com https://www.googletagmanager.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; style-src 'self' https://*.1se.co https://*.wp.com 'unsafe-inline'; img-src 'self' https://*.1se.co https://*.wp.com data: https://secure.gravatar.com; font-src 'self' https://*.1se.co https://*.wp.com data:; frame-src 'self' https://*.1se.co https://*.wp.com https://cdn.forms-content.sg-form.com https://www.youtube.com; connect-src 'self' https://*.1se.co https://*.wp.com https://stats.wp.com https://pixel.wp.com https://www.google-analytics.com; object-src 'none'; base-uri 'self'; 2 default-src https: 'unsafe-inline'; frame-ancestors 'none' 2 default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ch data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ch; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.ch data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors https://*.letsdoeit.com 2 frame-ancestors 'self' https://www.broxxx.com https://www.broxxx2cn.com https://www.broxxx.pro 2 default-src 'none'; base-uri 'self'; frame-src 'self' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' https://get-vpn.site *:888; font-src 'self' data: https://get-vpn.site; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.google.com https://get-vpn.site trustzoneurl.com trustzonepost.xyz stats.g.doubleclick.net www.google-analytics.com *.twitter.com *.basemaps.cartocdn.com; manifest-src 'self' https://get-vpn.site; style-src 'self' 'unsafe-inline' https://get-vpn.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get-vpn.site trustzoneurl.com platform.twitter.com connect.facebook.net *.google-analytics.com *.twimg.com; report-uri https://get-vpn.site/_csp_log 2 default-src 'self'; style-src 'self'; script-src 'self' 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.hotjar.com https://maps.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://www.clarity.ms https://analytics.tiktok.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://stats.g.doubleclick.net https://www.surveygizmo.com https://www.gstatic.com https://go.botmaker.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://zn9gkcxz5j9zpe4fu-swissbrand.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://script.hotjar.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;connect-src 'self' https://metrics.hotjar.io https://maps.googleapis.com https://www.google.com https://analytics.google.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://mobileqa.swissmedical.com.ar https://mobilepre.swissmedical.com.ar https://mobile.swissmedical.com.ar https://stats.g.doubleclick.net https://api.whatsapp.com https://go.botmaker.com https://sgi.swissmedical.com.ar https://smed.beygoo.me https://swissbrand.qualtrics.com https://swissmedical.jobs2web.com https://swissmedicalgroup.sharepoint.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com wss://ws.botmaker.com https://storage.googleapis.com https://m-infra.appspot.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;img-src 'self' data: https://smed.beygoo.me https://www.facebook.com https://www.google.com.ar https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://imagenes.swissmedical.com.ar https://analytics.google.com https://www.clarity.ms https://c.clarity.ms https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://connect.facebook.net;media-src 'self' https://www.youtube.com https://player.vimeo.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;frame-src 'self' https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.swissmedical.com.ar https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://forms.office.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;worker-src 'self' blob: https://www.clubswiss.com.ar https://www.swissmedical.com.ar;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2 frame-ancestors https://app.kontent.ai; sandbox allow-popups allow-popups-to-escape-sandbox allow-forms allow-downloads allow-scripts allow-same-origin; 2 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 https://js.stripe.com https://vercel.live *.nymtech.net *.nymvpn.com *.vercel.app *.nymte.ch *.nyx.network *.nym.com https://nym.com https://nymvpn.com *.nymtech.cc https://api.nym.spectredao.net https://btcpay.nymte.ch; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://strapi-www-nym-com.sos-ch-dk-2.exo.io https://strapi-www-nym-com-production.sos-ch-dk-2.exo.io https://cdn-images-1.medium.com https://img.youtube.com https://btcpay.nymte.ch https://assets.nym.com *.vimeo.com *.vimeocdn.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; connect-src 'self' https://github.com *.vercel.app *.nymtech.net *.nymvpn.com *.nymte.ch *.nyx.network *.nym.com https://nym.com nymvpn.com https://nymvpn.com https://api.nym.spectredao.net https://btcpay.nymte.ch *.nymtech.cc https://vimeo.com; frame-src 'self' https://js.stripe.com https://js.stripe.com/v3 https://www.youtube.com https://www.youtube-nocookie.com https://vercel.live *.vercel.app *.nym.com https://nym.com https://btcpay.nymte.ch *.vimeo.com; worker-src 'self' blob: https://vercel.live *.vercel.app *.nym.com https://nym.com https://btcpay.nymte.ch; 2 base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=wO5hegQrT2jfBTHuIKhEcoP4OaK5LwEzFotWC6oFlB1QnAFVS8HI4SfcgwADtZc%3D 2 default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' *.uniqa.at app.storyblok.com; object-src 'none'; worker-src 'self' blob: https://*.uniqaat.link https://*.uniqa.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.eu1.fullstory.com https://rs.eu1.fullstory.com https://edge.fullstory.com https://rs.fullstory.com https://app.storyblok.com https://*.uniqa.at https://www.googletagmanager.com https://assets.adobedtm.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://cdn1.api.trustedshops.com https://api.trustedshops.com https://connect.facebook.net https://googleads.g.doubleclick.net https://uniqaitservicesgmbh.d3.sc.omtrdc.net https://uniqaitservicesgmbh.tt.omtrdc.net https://www.facebook.com https://www.google.com https://www.google.at https://www.googleadservices.com https://bot-t.testcloud.uniqa.at https://bot.cloud.uniqa.at https://smartform-react-t.testcloud.uniqa.at https://smartform-react.cloud.uniqa.at https://*.serving-sys.com https://*.mindtake.com https://maps.googleapis.com https://smartform-api.cloud.uniqa.at https://smartform-api-t.testcloud.uniqa.at https://www.gstatic.com https://w.usabilla.com https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://smartforms.ekomi.com https://prep-cookie-banner.unext-test.uniqa.cloud https://*.uniqaat.link; 2 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: data: * 2 base-uri zonapagos.com *.zonapagos.com 2 object-src 'none'; script-src * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 font-src * 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://connect.facebook.net https://www.google-analytics.com https://apis.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://wpe-plugin-updates.wpengine.com https://plugin-updates.wpengine.com https://connect.advancedcustomfields.com https://www.googletagmanager.com https://wpengine.com https://optimizingmatters.com https://misc.optimizingmatters.com https://sp-ao.shortpixel.ai https://criticalcss.com https://wpforms.com https://ssl.gstatic.com https://www.paypalobjects.com https://www.paypal.com https://app-customerrors-uat-cc-1.azurewebsites.net https://www.magazinesocan.ca https://www.socanmagazine.ca https://secure.gravatar.com https://ps.w.org https://s.w.org https://i.ytimg.com data:; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; connect-src 'self' https://www.google-analytics.com https://yoast.com; media-src 'self'; object-src 'none'; frame-src 'self' https://content.googleapis.com https://www.youtube.com https://accounts.google.com; frame-ancestors 'self'; form-action 'self'; worker-src 'self' blob:; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; frame-src 'self' *.teamviewer.com teamviewer8: tvassign1: tvsqcustomer1: tvcustomqs: intent: 2 frame-ancestors 'self' https://banner.interactivmanager.net 2 default-src 'self' 'unsafe-eval' https://content.sbuxtr.com https://firestore.googleapis.com https://api.sbux.retter.io https://www.google-analytics.com https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://analytics.google.com https://www.google.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://www.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://identitytoolkit.googleapis.com https://test.masterpassturkiye.com https://ui.masterpassturkiye.com https://mp-test-sdk.masterpassturkiye.com https://*.masterpassturkiye.com https://securetoken.googleapis.com https://order.sbuxtr.com https://api.sbuxtr.com https://cloudflare.sbuxtr.com https://ad.doubleclick.net https://www.facebook.com https://www.google.com.tr https://googleads.g.doubleclick.net https://starbucks-web-git-main-v2-retter.vercel.app/ data: https://www.youtube.com https://youtube.com https://d2eiylesx4iyph.cloudfront.net https://cdn.efilli.com https://gateway.efilli.com https://riza.efilli.com https://13291676.fls.doubleclick.net https://td.doubleclick.net https://riza2.efilli.com https://assets.efilli.com/efilli-logo-animated.svg https://region1.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://content.sbuxtr.com https://sl.setrowid.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://googleadservices.com https://mp-test-sdk.masterpassturkiye.com https://*.masterpassturkiye.com https://bundles.efilli.com https://bundles.efilli.com/starbucks.com.tr.prod.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://content.sbuxtr.com https://cdnjs.cloudflare.com blob:; font-src 'self' data: https://fonts.gstatic.com https://content.sbuxtr.com blob:; frame-src 'self' https://www.youtube.com https://youtube.com https://*.retter.io https://*.googleapis.com https://sbux-landing-page.vercel.app https://sbux-landing-page-eng.vercel.app https://test.masterpassturkiye.com https://ui.masterpassturkiye.com https://mp-test-sdk.masterpassturkiye.com https://*.masterpassturkiye.com https://testvpos.asseco-see.com.tr https://*.asseco-see.com.tr https://www.googletagmanager.com https://test.masterpassturkiye.com https://ui.masterpassturkiye.com https://13291676.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' data: https: https://api.sbuxtr.com https://cloudflare.sbuxtr.com https://api.b2btest.retter.io https://content.sbuxtr.com; connect-src 'self' https://api.sbuxtr.com https://cloudflare.sbuxtr.com https://api.b2btest.retter.io https://content.sbuxtr.com https://firestore.googleapis.com https://core-internal.rtbs.io https://api.sbux.retter.io https://auth-web.sbuxtr.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://*.retter.io https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://www.googleapis.com wss://*.retter.io https://core.rtbs.io https://core-internal.rtbs.io https://core-test.rtbs.io https://core-internal-beta.rtbs.io https://mp.sbuxtr.com https://riza.efilli.com https://riza2.efilli.com https://gateway.efilli.com https://test.masterpassturkiye.com https://ui.masterpassturkiye.com https://mp-test-sdk.masterpassturkiye.com https://*.masterpassturkiye.com https://maps.googleapis.com https://cms-bucket-8wv7ouwqhu51.s3.eu-west-1.amazonaws.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://www.google.com https://www.google.com.tr https://ad.doubleclick.net https://consent.efilli.com https://www.facebook.com https://www.facebook.com/privacy_sandbox/topics/registration/* https://region1.analytics.google.com https://www.google.com/gmp https://13291676.fls.doubleclick.net https://td.doubleclick.net https://adservice.google.com; worker-src 'self' blob: 2 default-src 'self' data: www.googletagmanager.com webcommon.easyweddings.com.au player.vimeo.com td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com cdn.landbot.io fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com *.wistia.net fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' cta-service-cms2.hubspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com google.com analytics.google.com *.facebook.net *.googletagmanager.com https://*.sendbird.com wss://*.sendbird.com *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.landbot.io *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: webcommon.easyweddings.com.au code.jquery.com cdn.landbot.io pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: js.hubspot.com script.hotjar.com static.hotjar.com consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com cdn.landbot.io *.firebaseio.com www.google.com;img-src 'self' data: blob: perf-na1.hsforms.com https://*.amazonaws.com https://*.sendbird.com hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 2 default-src 'self'; script-src 'self' https://js.stripe.com 'unsafe-inline'; frame-src 'self' https://js.stripe.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 2 frame-ancestors 'self' https://www.p3tips.com/ https://www.p3campus.com/ https://tips.sandyhookpromise.org/; 2 default-src * 'self' data: 'unsafe-inline'; 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://app.contentful.com https://app.mutinyhq.com; font-src 'self' https:; connect-src 'self' https:; frame-src 'self' https://app.contentful.com https://player.vimeo.com; worker-src 'self' blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; frame-ancestors 'self' 2 default-src 'self' *.platformsh.site *.rainfocus.com *.treasury-factory.com *.kyriba.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kyriba.com blob: *.kyriba.com *.company-target.com *.googletagmanager.com *.iubenda.com *.terminusplatform.com *.bing.com *.licdn.com *.ads-twitter.com *.demandbase.com *.facebook.net *.googleadservices.com https://googleads.g.doubleclick.net *.pardot.com *.storylane.io *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.visualwebsiteoptimizer.com app.vwo.com *.qualified.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://app.qualified.com *.6sc.co; connect-src 'self' *.6sc.co *.platformsh.site *.google-analytics.com *.doubleclick.net *.iubenda.com *.terminus.services https://gtm-t6gnrfj-njq1m.uc.r.appspot.com *.google.com wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://api.company-target.com *.demandbase.com *.storylane.io https://segments.company-target.com *.kyriba.com *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com *.vwo.com *.kyribalive.com *.rainfocus.com https://bat.bing.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com wss://*.qualified.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googletagmanager.com *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; img-src 'self' *.kyriba.com *.platformsh.site *.googletagmanager.com blob: data: *.google-analytics.com *.linkedin.com *.facebook.com *.doubleclick.net *.google.by *.googleusercontent.com *.google.com *.google.es *.google.it *.googleadservices.com *.iubenda.com *.cloudfront.net *.rlcdn.com *.bing.com *.co *.twitter.com *.storylane.io *.google.no *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.company-target.com *.zi-scripts.com *.zoominfo.com *.qualified.com *.treasury-factory.com *.kyriba.io; frame-src 'self' https://youtu.be *.appspot.com *.platformsh.site *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.iubenda.com *.doubleclick.net *.company-target.com *.storylane.io *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com app.vwo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; font-src 'self' data: https://fonts.gstatic.com *.gstatic.co; object-src 'none'; base-uri 'self' *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io; media-src 'self' https://*.qualified.com; form-action 'self'; frame-ancestors 'self' *.platformsh.site *.typeform.com *.calconic.com *.kyriba.com *.treasury-factory.com *.kyriba.io; worker-src 'self' blob:; upgrade-insecure-requests; 2 default-src https: https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline' data: blob:; object-src 'none'; font-src 'self' data: *.monito.com *.call-abroad.com fonts.googleapis.com script.hotjar.com cdn.reloadly.com; img-src * 'self' data: blob: https:; worker-src 'self' blob:; child-src * 'self' data: blob: https; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.bazaarvoice.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.clarity.ms *.paypal.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube-nocookie.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.pricespider.com *.mapbox.com https://www.googletagmanager.com/ *.clarity.ms *.facebook.net https://cdn-scripts.signifyd.com *.facebook.com https://google.com https://googletagmanager.com *.googletagmanager.com *.cloudflare.com https://paypal.com *.paypalobjects.com *.sentiyen.com *.jsdelivr.net *.klaviyo.com *.nr-data.net consentcdn.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com *.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.pricespider.com *.mapbox.com *.curalate.com https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ mcstaging.bestwayusa.com blob: *.clarity.ms *.facebook.net *.zonos.com https://cdn-scripts.signifyd.com *.amazonaws.com https://brxcdn.com *.facebook.com https://google.com *.google.com https://googletagmanager.com *.googletagmanager.com *.bing.com *.cloudflare.com https://paypal.com *.braintreegateway.com *.sentiyen.com *.jsdelivr.net *.klaviyo.com *.nr-data.net *.cloudfront.net *.bazaarvoice.com cdn.trieve.ai www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypal.com www.sandbox.paypal.com *.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.magento-datasolutions.com *.pricespider.com *.mapbox.com *.curalate.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.clarity.ms *.facebook.net https://maps.googleapis.com https://ajax.googleapis.com *.zonos.com https://*.online-metrix.net *.amazonaws.com *.facebook.com https://google.com https://googletagmanager.com *.googletagmanager.com *.bing.com *.cloudflare.com https://paypal.com *.paypal.com *.braintreegateway.com *.sentiyen.com *.jsdelivr.net *.klaviyo.com *.bazaarvoice.com consent.cookiebot.com consentcdn.cookiebot.com https://acsbapp.com *.acsbapp.com www.youtube.com *.trieve.ai unpkg.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.pricespider.com *.mapbox.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com use.typekit.net *.trieve.ai unpkg.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cookiebot.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io www.sandbox.paypal.com *.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com api.magento.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.pricespider.com *.mapbox.com *.curalate.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.clarity.ms *.facebook.net *.zonos.com https://*.online-metrix.net https://cdn-scripts.signifyd.com *.facebook.com https://google.com https://googletagmanager.com *.googletagmanager.com *.cloudflare.com https://maps.googleapis.com *.amazonaws.com https://paypal.com *.braintreegateway.com *.sentiyen.com *.jsdelivr.net *.klaviyo.com *.bazaarvoice.com consentcdn.cookiebot.com https://acsbapp.com *.acsbapp.com *.trieve.ai unpkg.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 connect-src 'self' *.tuerchen.com tuerchen.app *.tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.bing.net *.bing.com *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.fitrockr.com *.heyflow.com *.loyjoy.com *.moin.ai wss://bot.moin.ai *.qualtrics.com; default-src 'self'; font-src 'self' data: *.novomind.com font.gstatic.com *.tuerchen.app core.tuerchen.com *.loyjoy.com *.heyflow.cloud *.moin.ai; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu *.cmp.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur.de *.hansemerkur-video.de *.hanse-merkur.de *.ad-srv.net *.mein-hmrv.de *.criteo.com www.public-hansemerkur.de outlook.office365.com calendly.com *.qualtrics.com *.doubleclick.net *.googletagmanager.com; img-src 'self' data: *.tuerchen.app core.tuerchen.com *.hmrv.de *.hansemerkur.de tile.geofabrik.de *.etracker.de *.etracker.com *.gstatic.com *.google-analytics.com *.novomind.com *.bing.com *.doubleclick.net *.usercentrics.eu *.cmp.usercentrics.eu *.google.com *.google.de *.trbo.com ekomi-ui.s3.amazonaws.com www.facebook.com *.quantcount.com *.quantserve.com lantern.roeye.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.tradedoubler.com *.googletagmanager.com *.loyjoy.com *.heyflow.com *.moin.ai *.qualtrics.com; media-src 'self' *.hansemerkur-video.de *.youtube.com *.moin.ai; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tuerchen.app tuerchen.app www.happymo.re *.etracker.de *.etracker.com *.googletagmanager.com www.dwin1.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.bing.com *.google.com *.google-analytics.com *.kasko.io *.kaskojs.com *.ekomiapps.de *.doubleclick.net *.googleadservices.com *.trbo.com connect.facebook.net *.hanse-merkur.de *.quantserve.com *.quantcount.com lantern.roeyecdn.com *.signalize.com *.tradedoubler.com *.criteo.com *.fitrockr.com *.heyflow.com *.calendly.com *.loyjoy.com widget.moin.ai *.qualtrics.com; style-src 'self' 'unsafe-inline' *.tuerchen.app tuerchen.app www.etracker.de fonts.googleapis.com tagmanager.google.com *.googletagmanager.com *.novomind.com *.ekomiapps.de *.heyflow.com *.heyflow.cloud *.loyjoy.com *.moin.ai 2 default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com *.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com datawrapper.dwcdn.net cdn.rollbar.com; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com static.dwcdn.net datawrapper.dwcdn.net; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com unstats.un.org forms.office.com player.youku.com *.qq.com data.uninfo.org *.tableau.com *.un.org *.countryteam.org oembed.unct.ddev.site:8742 *.doubleclick.net w.soundcloud.com; frame-ancestors 'self' *.un.org *.countryteam.org *.ddev.site:8742; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com static.dwcdn.net; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com fonts.googleapis.com fonts.gstatic.com analytics.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com *.analytics.google.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com datawrapper.dwcdn.net *.doubleclick.net; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.webvisor.com https://metrika.yandex.ru/ https://www.copytrans.net 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://176-hnm-524.mktoutil.com https://actian.com https://api.neverbounce.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.intellimize.co/snippet/117629792.js https://cdn.neverbounce.com https://cdn.weglot.com https://challenges.cloudflare.com/turnstile/v0/api.js https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js https://connect.facebook.net https://connect.facebook.net/en_us/fbevents.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/p/4.40.32/js/player.module.js https://f.vimeocdn.com/p/4.40.32/js/vendor.module.js https://go.actian.com https://googlesyndication.com https://happy.teddybearmetal.com/i/d15a6c558f1e96ed3cc638309390ba9e.js https://joy.teddybearmetal.com https://js.adsrvr.org/universal_pixel.1.1.0.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.navattic.com/sdk.js https://js.zi-scripts.com https://munchkin.marketo.net/164/munchkin.js https://munchkin.marketo.net/munchkin.js https://player.vimeo.com https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://stage.actian.com/wp-content/uploads/2020/10/bcreate_insert_read_sample2.js https://static.cloud.coveo.com https://static.doubleclick.net/instream/ad_status.js https://tag.demandbase.com/53b235a8849bddd7.min.js https://ws-assets.zoominfo.com/formcomplete.js https://ws.zoominfo.com https://www.actian.com https://www.clarity.ms https://www.clarity.ms/s/0.8.1/clarity.js https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/base.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/embed.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/remote.js https://www.youtube.com/s/player/8a8ac953/www-embed-player.vflset/www-embed-player.js https://www.youtube.com/s/player/8a8ac953/www-widgetapi.vflset/www-widgetapi.js https://yoast.com; style-src 'self' 'unsafe-inline' https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.cookielaw.org https://f.vimeocdn.com/p/4.40.32/css/player.css https://go.actian.com https://static.cloud.coveo.com https://www.actian.com https://www.googletagmanager.com https://www.youtube.com/s/player/8a8ac953/www-player.css; img-src 'self' data: https://heyzine.com https://*.heyzine.com https://*.clarity.ms https://*.doubleclick.net https://actian.com https://adservice.google.com https://c.bing.com https://cdn-images-1.medium.com/max/2600/1*ebxc9ej1yrfltkni_djaaw.png https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://d.adroll.com https://go.actian.com https://googlesyndication.com https://i.vimeocdn.com https://i.ytimg.com/vi_webp/65ybu597sv0/default.webp https://i.ytimg.com/vi_webp/vdd7hrxzknk/default.webp https://id.rlcdn.com/1000.gif https://id.rlcdn.com/464526.gif https://joy.teddybearmetal.com https://px.ads.linkedin.com https://scout.us2.salesloft.com https://segments.company-target.com https://uploads-ssl.webflow.com/62163f5cc8a142313ee5a151/656a6573c1fc838c31e1c93b_popuppattern.jpeg https://www.actian.com https://www.facebook.com https://www.google-analytics.com https://www.google.co https://www.google.co.jp https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.np https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; font-src 'self' data: https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.neverbounce.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/roboto/v18/kfolcnqeu92fr1mmeu9fbbc4.woff2 https://fonts.gstatic.com/s/roboto/v18/kfomcnqeu92fr1mu4mxk.woff2 https://www.actian.com; connect-src 'self' https://heyzine.com https://*.heyzine.com https://*.analytics.google.com https://*.clarity.ms https://*.doubleclick.net https://*.zoominfo.com https://117629792.intellimizeio.com https://176-hnm-524.mktoresp.com https://176-hnm-524.mktoutil.com https://actianynmehrnx.analytics.org.coveo.com https://actianynmehrnx.org.coveo.com https://adservice.google.com https://analytics.google.com https://api.company-target.com https://api.intellimize.co https://api.weglot.com https://app.navattic.com https://c.bing.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://geolocation.onetrust.com https://go.actian.com https://googlesyndication.com https://insight.adsrvr.org https://joy.teddybearmetal.com https://js.zi-scripts.com https://log.intellimize.co https://match.adsrvr.org https://player.vimeo.com https://px.ads.linkedin.com https://s.company-target.com https://scout.salesloft.com https://segments.company-target.com https://static.cloud.coveo.com https://tag-logger.demandbase.com https://vimeo.com https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://www.google-analytics.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.by https://www.google.ca https://www.google.co https://www.google.co.in https://www.google.co.kr https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.eg https://www.google.com.hk https://www.google.com.mt https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.tr https://www.google.de https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; frame-src 'self' https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://117629792.intellimizeio.com https://capture.navattic.com https://go.actian.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://s.company-target.com https://www.googletagmanager.com https://www.youtube.com; media-src 'self' https://heyzine.com https://*.heyzine.com https://vod-adaptive-ak.vimeocdn.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https://*.actian.com https://www.actian.com; worker-src 'self' blob:; report-uri https://reddoor.domo.com/api/iot/v1/webhook/data/eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3NDQwNTk5NjEsInN0cmVhbSI6Ijk1NDg2NGM3NjEwNTQwNWJhMWFhYTAwZDJjYmY3OWFjOnJlZGRvb3I6MjAyMDA5NDcwMyJ9.JkfyugRtZ2oK3Gy9T4Z6VTVTkMFSZM_xDZLfMKVrboE 2 frame-src *; frame-ancestors *; 2 frame-ancestors https://development.maritim.de https://karriere.maritim.de https://www.maritim.de https://www.maritim.com https://www.maritim-hotels.cn https://www.orangerie-timmendorfer-strand.de https://www.maritim-reisedienst.de https://www.reinhardtundsander.de 2 script-src 'strict-dynamic' 'nonce-b8230b6de3' 'unsafe-inline' 'unsafe-eval' http: https: pentaho.com *.pentaho.com *.mktoresp.com *.ex.co *.cookiebot.com *.cookielaw.org;img-src https: data: *.mktoresp.com *.google-analytics.com *.googletagmanager.com; connect-src ibc-flow.techtarget.com pentaho.com *.onetrust.com *.cookielaw.org *.linkedin.com/* px.ads.linkedin.com *.mktoresp.com *.google-analytics.com *.googlesyndication.com *.ex.co *.pentaho.com, *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; base-uri 'none' 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; worker-src blob:; frame-ancestors 'none'; 2 script-src 'self' 'unsafe-inline' https://*.adobedtm.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://youtube.com https://www.youtube.com https://youtu.be https://ssl.google-analytics.com https://cds-sdkcfg.onlineaccess1.com;connect-src 'self' https://edge.adobedc.net https://adobedc.demdex.net *.tt.omtrdc.net https://valley-privacy.my.onetrust.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://*.fls.doubleclick.net https://*.doubleclick.net https://pixel-config.reddit.com https://www.clarity.ms https://*.clarity.ms https://calc-backend-prod.herokuapp.com https://cdn.segment.com https://*.segment.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.hotjar.io https://*.hotjar.com wss://ws.hotjar.com https://www.google-analytics.com https://siteimproveanalytics.com https://www.google.com https://www.google.com/recaptcha/api.js https://cdn.cookielaw.org https://analytics.google.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://*.us.yextapis.com https://conversions-config.reddit.com https://www.redditstatic.com https://*.amplitude.com https://cds-sdkcfg.onlineaccess1.com;script-src-elem 'self' 'unsafe-inline' https://admin4.testandtarget.omniture.com *.tt.omtrdc.net https://adobedtm.com https://*.adobedtm.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://*.fls.doubleclick.net https://www.clarity.ms https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://*.hotjar.com https://bat.bing.com https://aa.trkn.us https://analytics.newscred.com https://snap.licdn.com https://embed.signalintent.com https://www.youtube.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.segment.com https://cdn.jsdelivr.net https://www.redditstatic.com https://cdn.amplitude.com https://siteimproveanalytics.com https://cds-sdkcfg.onlineaccess1.com;frame-src 'self' https://x.adroll.com https://*.fls.doubleclick.net https://*.doubleclick.net https://youtu.be https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.googletagmanager.com https://aa.trkn.us https://td.doubleclick.net;frame-ancestors 'self' *.adobemc.com *.adobe.com *.assets.adobedtm.com https://youtu.be https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://cdn.segment.com;worker-src 'self' blob: https://cds-sdkcfg.onlineaccess1.com 2 frame-ancestors 'self' https://*.fdj.fr; 2 base-uri 'self'; default-src 'self'; connect-src 'self' https://*.ads.linkedin.com https://*.clarity.ms https://*.dyflexis.com https://google.com https://*.google.com https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://www.googleadservices.com; font-src 'self' https://*.wp.com https://fonts.bunny.net https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.dyflexis.com; frame-src 'self' https://*.dyflexis.com https://*.fls.doubleclick.net https://*.google.com https://*.trustpilot.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://player.vimeo.com https://anchor.fm https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.dyflexis.com https://*.googleadservices.com https://google.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vu https://*.google.ws https://*.googleusercontent.com https://api.taggrs.io https://appwiki.nl https://bat.bing.com https://bat.bing.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://img.sct.eu1.usercentrics.eu https://secure.gravatar.com https://stats.g.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.gstatic.com data:; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.activehosted.com https://*.adform.net https://*.clarity.ms https://*.google.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://www.googletagmanager.com https://www.gstatic.com data:; script-src-elem 'self' 'unsafe-inline' https://*.activehosted.com https://*.adform.net https://*.clarity.ms https://*.cloudflare.com https://*.google.com https://*.googlesyndication.com https://*.trustpilot.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://fonts.bunny.net https://googleads.g.doubleclick.net https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://unpkg.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com data: 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.bunny.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.bunny.net; worker-src 'self' blob:; report-uri https://webwhales.nl?gdsih-csp-report; report-to csp-endpoint 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.os.uk *.silktide.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com siteimproveanalytics.com www.googletagmanager.com www.google-analytics.com cdn.siteimprove.net *.recruitmentplatform.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; style-src 'self' 'unsafe-inline' *.os.uk *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com use.fontawesome.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; media-src 'self' *.somerset.gov.uk *.euw2.pure.cloud; frame-ancestors *.euw2.pure.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cdn.leadinfo.net *.seranking.com https://monitor.fraudblocker.com https://cdn-cookieyes.com https://asset-tidycal.b-cdn.net; object-src *; style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net fonts.googleapis.com https://www.googletagmanager.com; img-src * data:; media-src *; frame-src *; font-src *; connect-src *; 2 frame-ancestors 'self' https://portal.fibe.in/ https://webapp.fibe.in/ https://webapp-uat.fibe.in/ https://webportal.fibe.in/ https://webapp-v2.fibe.in/ https://lamf.fibe.in/ https://portal-qa.fibe.in/ 2 frame-ancestors 'self' https://*.ticombo.ae https://*.ticombo.al https://*.ticombo.ar https://*.ticombo.at https://*.ticombo.be https://*.ticombo.bg https://*.ticombo.ch https://*.ticombo.cn https://*.ticombo.com https://*.ticombo.com.br https://*.ticombo.com.tr https://*.ticombo.cz https://*.ticombo.de https://*.ticombo.dk https://*.ticombo.ee https://*.ticombo.es https://*.ticombo.eu https://*.ticombo.fi https://*.ticombo.fr https://*.ticombo.ge https://*.ticombo.gr https://*.ticombo.hk https://*.ticombo.hr https://*.ticombo.hu https://*.ticombo.ie https://*.ticombo.in https://*.ticombo.is https://*.ticombo.it https://*.ticombo.jp https://*.ticombo.kr https://*.ticombo.lt https://*.ticombo.lv https://*.ticombo.mk https://*.ticombo.mx https://*.ticombo.net https://*.ticombo.nl https://*.ticombo.no https://*.ticombo.pl https://*.ticombo.pt https://*.ticombo.qa https://*.ticombo.ro https://*.ticombo.rs https://*.ticombo.se https://*.ticombo.si https://*.ticombo.sk https://*.ticombo.sr https://*.ticombo.us https://*.ticomboinfo.hk; 2 default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline' 2 default-src * 2 frame-ancestors 'self' https://app.gather.town; 2 frame-ancestors 'self' https://social.zalopay.vn https://socialstg.zalopay.vn https://socialdev.zalopay.vn https://h5.zdn.vn 2 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' object-src ‘none’; 2 https: data: https://*.valantic.com wss://*.valantic.com https://*.hotjar.com https://*.hubspot.com https://*.hotjar.io wss://*.hotjar.com wss://*.cognigy.ai 'unsafe-eval' 2 default-src; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; prefetch-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors *.uaionline.edu.ar uaionline.edu.ar *.uai.edu.ar uai.edu.ar *.uai.edu.ar:8084 uai.edu.ar:8084 *.vaneduc.edu.ar vaneduc.edu.ar; form-action * 'self'; base-uri * 'self'; manifest-src * 'self'; plugin-types */*; report-uri; report-to 2 frame-ancestors 'self' versapay.com staging.versapay.com; 2 script-src 'nonce-6AfToNeC1jAlc1Gp78dNAA==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2 default-src 'self';script-src 'self' https://*.clarity.ms https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://www.google.com/recaptcha https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://form.typeform.com https://static.geetest.com https://snap.licdn.com https://*.hotjar.com http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://analytics.twitter.com https://t.co https://connect.facebook.net http://gcaptcha4.geetest.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://gcaptcha4.geevisit.com http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://*.clarity.ms https://*.difx.com wss://*.difx.com wss://*.firebaseio.com wss://*.zendesk.com https://*.zendesk.com https://ltp.linktr.ee https://ekr.zdassets.com https://*.googleapis.com https://www.gstatic.com https://*.hyperverge.co https://*.amazonaws.com https://stats.g.doubleclick.net https://vitals.vercel-insights.com/v1/vitals http://gcaptcha4.gsensebot.com https://*.hotjar.com wss://*.hotjar.com https://www.facebook.com https://*.hotjar.io https://o1100856.ingest.us.sentry.io https://www.google-analytics.com https://api.pushy.me https://api.pwnedpasswords.com https://api.alternative.me 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' https://*.clarity.ms https://www.gstatic.com https://*.linkedin.com https://www.google.com/recaptcha/enterprise.js https://*.zendesk.com https://static.zdassets.com https://assets.production.linktr.ee https://snap.licdn.com https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://*.amazonaws.com https://*.hotjar.com http://gcaptcha4.geevisit.com http://gcaptcha4.gsensebot.com https://static.ads-twitter.com http://static.ads-twitter.com https://analytics.twitter.com https://t.co https://connect.facebook.net https://www.google.com/recaptcha https://static.geetest.com http://static.geetest.com http://gcaptcha4.geetest.com http://static.geevisit.com/ https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';style-src 'self' http://static.geetest.com http://static.geevisit.com http://dn-staticdown.qbox.me https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ;style-src-elem 'self' https://www.googletagmanager.com https://www.google-analytics.com http://static.geetest.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval';img-src 'self' blob: https://*.difx.com data: https://difx.com https://*.amazonaws.com https://*.zendesk.com https://static.zdassets.com https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.ae http://*.cloudfront.net https://www.facebook.com https://t.co https://analytics.twitter.com http://static.geetest.com https://www.googletagmanager.com https://www.google-analytics.com http://static.geevisit.com http://dn-staticdown.qbox.me https://flagcdn.com 'unsafe-inline' 'unsafe-eval';frame-src 'self' data: https://*.twitter.com https://*.instagram.com https://www.instagram.com https://*.veriff.com https://*.veriff.me https://www.google.com https://www.typeform.com https://form.typeform.com/ https://www.facebook.com https://www.youtube.com https://*.hotjar.com https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com https://onramp.money https://*.onramp.money https://ezagauat.co.za/ https://*.paybis.com/ https://*.saber.money/;media-src 'self' https://*.difx.com 2 upgrade-insecure-requests; default-src 'self'; media-src 'self'; frame-src 'self' https://sightmap.com my.matterport.com https://matterport.com *.jkrenders.com *.tourmkr.com https://tourmkr.com *.pgtb.me *.cmpgn.page *.userway.org *.gradguard.com *.betterbot.com https://*.doubleclick.net/ https://*.googlesyndication.com https://*.google.com *.youtube.com *.hsforms.com *.hsforms.net https://*.hostedpayments.com www.facebook.com console.rul.ai https://*.redditstatic.com; script-src 'self' https://sightmap.com http://www.googleadservices.com/ *.cloudflare.com *.applicationinsights.azure.com *.cloudfront.net *.azure.com *.userway.org *.engine.betterbot.com *.betterbot.com *.gradguard.com *.userway.org *.tiktok.com https://*.redditstatic.com *.cookie-script.com *.jsdelivr.net https://*.reddit.com *.salesforce.com https://*.google.com https://*.gstatic.com *.googleapis.com connect.facebook.net js.hsforms.net px.ads.linkedin.com snap.licdn.com use.typekit.net www.facebook.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.youtube.com console.rul.ai *.loopme.me *.loopme.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.cloudfront.net *.userway.org *.betterbot.com fonts.googleapis.com *.typekit.net fast.fonts.net *.gstatic.com 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com use.typekit.net *.userway.org; connect-src 'self' https://sightmap.com *.azure.com *.betterbot.com *.tiktok.com *.pangle-ads.com *.userway.org *.cookie-script.com *.doubleclick.net/ *.googlesyndication.com *.google.com www.google-analytics.com *.googleapis.com stats.g.doubleclick.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io console.rul.ai *.loopme.me *.loopme.com; img-src 'self' https://*.americancampus.com https://americancampus.com https://sightmap.com *.userway.org *.amazonaws.com *.reddit.com *.linkedin.com www.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com www.wirtgen-group.com data: *.gstatic.com p.typekit.net *.hsforms.com i.ytimg.com *.bluemod.us www.facebook.com px.ads.linkedin.com static.rul.ai www.linkedin.com; frame-ancestors 'self' https://sightmap.com *.cmpgn.page *.acctest.net *.userway.org https://renterswidget.gradguard.com *.gradguard.com *.americancampus.com https://*.acctest.net https://*.bluemod.us https://*.bluemod.me *.applicationinsights.azure.com *.pgtb.me *.tourmkr.com https://tourmkr.com *.loopme.me *.loopme.com 2 upgrade-insecure-requests; form-action https://www.metrovalencia.es https://sis.redsys.es; 2 default-src 'self'; frame-ancestors 'self'; frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com data:; media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com; object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com https://cdn-fgicm.nitrocdn.com/ https://to.getnitropack.com/; script-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com blob: 'unsafe-eval' https://cdn-fgicm.nitrocdn.com/ https://nitroscripts.com/; style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com blob: 'unsafe-eval' https://cdn-fgicm.nitrocdn.com/; font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com https://cdn-fgicm.nitrocdn.com/; img-src * data: https://cdn-fgicm.nitrocdn.com/; report-to https://kmdg.report-uri.com/r/d/csp/wizard; worker-src 'self' blob: https://cdn-fgicm.nitrocdn.com/; child-src 'self' blob: 2 frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 2 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: dot.niiid.io jobs.b-ite.com cs-assets.b-ite.com; frame-ancestors 'self'; 2 object-src 'none'; script-src 'self' 'unsafe-inline' *.vimeo.com *.ampproject.org *.clarity.ms *.bing.com *.gstatic.com *.googleapis.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.g.doubleclick.net *.facebook.net chimpstatic.com *.sagepay.com *.elavon.com 2 default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 2 frame-ancestors 'self' https://*.felgenoutlet.de 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://translate.google.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://www.googleadservices.com/ https://assets.adobedtm.com/ https://assets.map.brightcove.com/ https://cdn.taboola.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://img.en25.com/i/elqCfg.min.js https://io.clickguard.com/s/cHJvdGVjdG9y/824tES5G https://players.brightcove.net/ https://s2448.t.eloqua.com/ https://sc.lfeeder.com/lftracker_v1_ywVkO4XRx1W8Z6Bj.js https://stats.wp.com/ https://trc.taboola.com/ https://vjs.zencdn.net/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.hotjar.com https://app.leadberry.com/ https://cdn.matomo.cloud/ https://ws.zoominfo.com/ https://snap.licdn.com/ https://j.6sc.co/; style-src 'report-sample' 'self' 'unsafe-inline' https://www.gstatic.com/ https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://smetrics1.experian.com/ https://www.google.co.uk/pagead/ http://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://dpm.demdex.net https://edge.api.brightcove.com https://google.com https://manifest.prod.boltdns.net https://psb.taboola.com https://pulse.clickguard.com https://region1.google-analytics.com https://trc-events.taboola.com https://www.experian.com https://www.google-analytics.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/; font-src 'self' data: https://*.hotjar.com; frame-src 'self' https://players.brightcove.net/ https://ecs.demdex.net https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com/; frame-ancestors 'self' https://ecs.demdex.net https://td.doubleclick.net https://www.google.com; img-src 'self' data: https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://secure.adnxs.com/ https://cf-images.us-east-1.prod.boltdns.net https://cm.everesttech.net https://metrics.brightcove.com https://pixel.wp.com https://s.ml-attr.com https://s2448.t.eloqua.com https://smetrics1.experian.com https://tr-rc.lfeeder.com https://www.facebook.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://attr.ml-api.io/ https://www.gstatic.com/ https://translate-pa.googleapis.com/ https://translate.google.com https://translate.googleapis.com/ https://fonts.gstatic.com/ https://experian.go-vip.net/; manifest-src 'self'; media-src 'self'; worker-src blob:; 2 frame-ancestors 'self' *.vietgiaitri.com *.vgt.vn 2 font-src * data: 'self';default-src *.2o7.net *.activitymap.adobe.com *.adnxs.com *.adobe.com *.ads-twitter.com *.cookielaw.org *.demdex.net *.eploy.net *.facebook.com *.facebook.net *.gstatic.com *.indeed.com *.linkedin.com *.omtrdc.net *.onetrust.com *.sc-static.net *.snapchat.com *.tiktok.com *.trendmicro.com *.twimg.com *.twitter.com *.vimeo.com *.vimeocdn.com *.x.com *.youtube.com ajax.googleapis.com assets.adobedtm.com callto: careers.aldirecruitment.co.uk careers.aldirecruitment.ie mailto: sc-static.net 'self' skype: snap.licdn.com stagingcareers.aldirecruitment.co.uk stagingcareers.aldirecruitment.ie tel: 'unsafe-eval' 'unsafe-inline' ws: www.google.com;frame-ancestors *.eploy.net careers.aldirecruitment.co.uk careers.aldirecruitment.ie 'self' stagingcareers.aldirecruitment.co.uk stagingcareers.aldirecruitment.ie 2 manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, frame-ancestors 'self'; 2 frame-ancestors https://*.wafdbank.com 2 report-uri https://dev.apicodo.de/csp/report/ 2 default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; connect-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; script-src-elem 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; img-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; style-src 'self' 'unsafe-hashes' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc='; frame-ancestors 'self'; form-action 'self'; manifest-src 'self'; font-src 'self'; frame-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ 2 default-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src *; media-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 2 default-src 'self' *.s3.amazonaws.com; font-src 'self' 'unsafe-inline' data: use.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.gstatic.com *.camuzzigas.com *.camuzzigas.com.ar raw.githack.com *.widergy.com *.widergydev.com ; img-src 'self' data: *.facebook.com *.qkdev.com *.amazonaws.com www.googletagmanager.com s.w.org *.camuzzigas.com.ar cdn.datatables.net *.google-analytics.com www.google.com.ar www.google.com www.mozilla.org cdn-production-opera-website.operacdn.com img-prod-cms-rt-microsoft-com.akamaized.net secure.gravatar.com *.camuzzigas.com; connect-src data: ws: *.tiktok.com *.amazonaws.com *.s3.amazonaws.com *.camuzzigas.com.ar analytics.google.com connect.facebook.com *.camuzzigas.com camuzzigas.com.ar camuzzigas.com stats.g.doubleclick.net yoast.com app-camuzziweb-prod-eus-02.azurewebsites.net *.directline.botframework.com *.google-analytics.com *.widergy.com *.widergydev.com *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.camuzzigas.com *.camuzzigas.com.ar connect.facebook.net analytics.google.com cdn.jsdelivr.net *.youtube.com api.w3-edge.com *.tiktok.com maxcdn.bootstrapcdn.com cdn.datatables.net oss.maxcdn.com www.google.com code.createjs.com www.gstatic.com www.googletagmanager.com *.widergy.com *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.camuzzigas.com *.camuzzigas.com.ar cdn.jsdelivr.net use.fontawesome.com maxcdn.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com fonts.googleapis.com *.widergy.com ; frame-src 'self' www.facebook.com td.doubleclick.net *.youtube.com *.vimeo.com www.google.com 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://sjcdedu.sharepoint.com 2 default-src 'self';script-src 'self' blob: https://www.google-analytics.com/ https://prep-edit.senedd.wales/ https://senedd.wales https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs=' 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline';child-src https://www.youtube.com/ https://www.google.com/;connect-src 'self' https://www.google-analytics.com https://prep-edit.senedd.wales/ https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com;font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales;img-src 'self' https://* data:;object-src 'none';frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 2 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://app.usercentrics.eu https://connect.facebook.net https://dmp.theadex.com https://maps.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://console.googletagservices.com https://*.adtrafficquality.google https://*.google.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.safeframe.googlesyndication.com https://api.theadex.com https://app.usercentrics.eu https://tpc.googlesyndication.com https://pagead2.googlesyndication.com *.googletagservices.com https://*.googletagmanager.com https://*.adtrafficquality.google; frame-ancestors 'self'; form-action 'self'; default-src 'self'; worker-src 'self'; object-src 'none'; img-src * 'self' data:; manifest-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.at https://*.google.de https://*.googleapis.com https://*.marktguru.at https://*.marktguru.de https://*.usercentrics.eu https://csi.gstatic.com https://mppx.marktguru.at https://mppx.marktguru.de https://pagead2.googlesyndication.com https://*.adtrafficquality.google https://dmp.theadex.com https://*.googleadservices.com https://*.googletagservices.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com *.consentmanager.net; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de *.consentmanager.net; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de *.consentmanager.net 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: noi.bg www.noi.bg nssi.bg www.nssi.bg; frame-ancestors 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob:; 2 default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 2 frame-ancestors 'self' https://*.foodinfluencersunited.nl https://*.foodinfluencersunited.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ga.dorcel.com contentnotif.dorcel.com www.dorcelclub.com www.account-dorcel.com cdnjs.cloudflare.com track.dorcelcash.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com bat.bing.com www.clarity.ms *.streaming.in2ip.nl; style-src 'self' 'unsafe-inline' ga.dorcel.com *.streaming.in2ip.nl; img-src 'self' data: https: blob:; media-src 'self' data: *.streaming.in2ip.nl blob:; font-src 'self' data: ga.dorcel.com fonts.gstatic.com *.streaming.in2ip.nl; frame-src 'self' contentnotif.dorcel.com *.netverify.com www.dorcelclub.com msurvey.orange.com as.sexad.net www.account-dorcel.com www.google.com; connect-src 'self' region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com bat.bing.net *.clarity.ms *.streaming.in2ip.nl; form-action 'self' https: http://*.streaming.in2ip.nl; worker-src blob:; 2 img-src * data:; frame-ancestors 'self' 2 default-src 'self'; style-src 'self' 'unsafe-inline' https://cdn.moengage.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://app-cdn.moengage.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.google.com https://search.google.com/search-console https://analytics.google.com https://www.gstatic.com https://etms.ktkbank.in https://www.w3.org https://ads.google.com; script-src 'self' 'unsafe-inline' https://cdn.moengage.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://app-cdn.moengage.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google.co.in https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://google.com https://www.w3.org https://search.google.com/search-console https://google-analytics.com https://analytics.google.com https://ads.google.com https://www.gstatic.com https://etms.ktkbank.in https://connect.facebook.net https://www.clarity.ms https://code.highcharts.com; img-src 'self' data: https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://*.cloudfront.net https://image-ap1.moengage.com https://d23wm3hwljelvs.cloudfront.net https://d3sdkw7nvdnqts.cloudfront.net https://general-iamdave-mumbai.s3.ap-south-1.amazonaws.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.w3.org https://www.w3.org https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.in https://www.google.com https://google.com https://pagead2.googlesyndication.com https://www.google.co.in https://google.co.in https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://www.facebook.com https://c.clarity.ms; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://d23wm3hwljelvs.cloudfront.net https://etms.ktkbank.in https://sdk-04.moengage.com https://www.google.analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://etms.ktkbank.in https://e.clarity.ms https://o.clarity.ms https://www.etms.ktkbank.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.w3.org https://*.google.com https://*.google.co.in https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://www.google.com https://www.google.co.in https://google.co.in https://connect.facebook.net https://www.clarity.ms; frame-src 'self' https://www.google.com https://google.com https://cdn.moengage.com https://app-cdn.moengage.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://fonts.bunny.net; font-src 'self' https://fonts.bunny.net https://www.google.com https://*.youtube.com https://www.recaptcha.net https://www.googletagmanager.com https://www.w3.org https://td.doubleclick.net; child-src 'self' https://www.facebook.com https://facebook.com https://*.facebook.net https://connect.facebook.net https://www.clarity.ms https://www.w3.org https://*.clarity.ms; 2 default-src https: data: *.googleadservices.com *.googletagmanager.com *.crisp.chat *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com wss://*.crisp.chat 'unsafe-inline' 'unsafe-eval' always; worker-src 'self' blob:; img-src 'self' *.googleadservices.com *.googletagmanager.com *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; media-src 'self' *.googleadservices.com *.googletagmanager.com *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; object-src 'self' https://* blob: data:; connect-src 'self' *.googleadservices.com *.googletagmanager.com *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' *.googleadservices.com *.googletagmanager.com *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; 2 frame-ancestors 'self' https://www.pornbl.com https://www.pornbl2cn.com https://www.pornblindia.pro 2 style-src 'unsafe-inline' 'self' https://*.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hospitalitysem.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.vizergy.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.googleapis.com https://*.clarity.ms; default-src 'self' https://*.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://player.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.fbcdn.net https://*.cdninstagram.com https://*.googleusercontent.com https://www.youtube.com https://*.clarity.ms data: 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.map.naver.com https://dapi.kakao.com http://dapi.kakao.com https://*.kakaocdn.net http://*.daumcdn.net https://*.daumcdn.net https://*.kakao.com http://*.kakao.com https://www.youtube.com http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; style-src 'self' 'unsafe-inline' http://*.daumcdn.net https://unpkg.com/ https://fonts.googleapis.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://www.kogl.or.kr https://i.ytimg.com https://*.kakao.com http://*.kakao.com http://*.daumcdn.net https://*.daumcdn.net https://chart.apis.google.com http://*.naver.net https://*.naver.net data: https://*.pstatic.net http://*.pstatic.net https://*.koreatech.ac.kr http://fonts.gstatic.com https://fonts.gstatic.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://webzine.koreatech.ac.kr http://webzine.koreatech.ac.kr https://*.cdninstagram.com https://static.xx.fbcdn.net https://satreci.recruiter.co.kr https://img.etnews.com https://api.qrserver.com; font-src 'self' data: https://unpkg.com/ https://fonts.googleapis.com https://fonts.gstatic.com/; connect-src 'self' https://nelo2-col.navercorp.com http://translate.googleapis.com https://translate.googleapis.com https://translate-pa.googleapis.com https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-src 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-ancestors 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; script-src-elem 'unsafe-inline' 'self' https://dapi.kakao.com http://dapi.kakao.com https://*.map.naver.com https://*.map.naver.net http://*.map.naver.net http://*.map.naver.com https://*.pstatic.net http://*.pstatic.net http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; 2 base-uri 'self'; upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; worker-src 'self' blob:; 2 frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com *.golfpass.com *.golfgenius.com golfgenius.com ggstest.com ggstest2.com 2 frame-ancestors https://*.rtl.de https://*.sharemagazines.de https://*.sharemagazines-dev.de 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' api.smulderstextiel.nl beheer.smulderstextiel.nl static.smulderstextiel.nl static.smulderstextiel.be static.smulderstextiles.be static.smulderstextiles.fr www.smulderstextiel.nl www.smulderstextiel.be www.smulderstextiles.be www.smulderstextiles.fr www.smulderstextiles.com activate.smulderstextiel.nl activate.smulderstextiel.be activate.smulderstextiles.be activate.smulderstextiles.fr *.kameleoon.com *.kameleoon.io *.kameleoon.eu www.mollie.com squeezely.tech bat.bing.com bat.bing-int.com c.clarity.ms p.clarity.ms www.clarity.ms cdn.mouseflow.com static.hotjar.com script.hotjar.com chimpstatic.com dynamic.criteo.com fledge.eu.criteo.com gum.criteo.com measurement-api.criteo.com sslwidget.criteo.com fonts.googleapis.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com stats.g.doubleclick.net td.doubleclick.net tpc.googlesyndication.com www.google.com www.google.nl www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com tr.snapchat.com www.facebook.com connect.facebook.net ct.pinterest.com s.pinimg.com sc-static.net static.ads-twitter.com t.co analytics.twitter.com analytics.tiktok.com; frame-ancestors 'self' https://app.kameleoon.com https://kameleoon.com https://www.kameleoon.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: 'self' blob:; 2 frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 2 default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src https: data:; form-action https:; connect-src https: wss:; object-src 'none'; worker-src https: wss: blob:; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.storyblok.com 2 default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://signrequest.com https://cdn.signrequest.com https://signrequest-static.s3.amazonaws.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.stripe.com https://*.zapier.com https://zapier.com https://www.dropbox.com https://*.cookiebot.com https://ct.capterra.com https://connect.facebook.net https://static.zdassets.com https://62vqqh6qv58h.statuspage.io https://snap.licdn.com https://survey.survicate.com https://surveys-static.survicate.com https://trackcmp.net https://diffuser-cdn.app-us1.com https://prism.app-us1.com ; style-src 'self' 'unsafe-inline' https://signrequest-static.s3.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://zapier.com https://*.webflow.com ; img-src * data:; font-src 'self' data: https://signrequest-static.s3.amazonaws.com https://assets.website-files.com https://assets-global.website-files.com https://*.website-files.com https://*.webflow.com https://fonts.gstatic.com; report-uri https://sentry.sr-staging-1.com/api/2/security/?sentry_key=a6f9acd3a2264908b8efd53f59f51fe3 2 img-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 2 frame-ancestors 'self' http://*.bokklubben.no:* https://*.bokklubben.no https://*.bokkilden.no 2 font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net *.criteo.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com amc.demdex.net js.playground.klarna.com js.klarna.com *.google.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com plugins.flockler.com checkoutapistage.svea.com/ batterylookupfi.yuasa.co.uk apps.ikh.fi *.giosg.com *.giosgusercontent.com map.karttapalvelut.fi *.maplet.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ * *.giosg.com *.giosgusercontent.com *.cookiefirst.com *.maksuturva.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ajax.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.avada.io https://api.unifaun.com data: www.google.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com js.klarna.com api.custobar.com connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.confirmit.com *.doubleclick.net plugins.flockler.com *.cdn.flockler.com checkoutapistage.svea.com/ cdn.cookielaw.org *.giosg.com *.giosgusercontent.com magento-recs-sdk.adobe.net *.clarity.ms *.cookiefirst.com *.maksuturva.fi https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com *.cdn.flockler.com/ *.giosg.com *.giosgusercontent.com consent.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io env-6410208.paas.datacenter.fi bam.nr-data.net eu.klarnaevt.com eu.playground.klarnaevt.com stats.g.doubleclick.net googleads.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.google.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com plugins.flockler.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com/ *.giosg.com *.giosgusercontent.com *.clarity.ms www.maksuturva.fi//GetPaymentMethods.pmt *.cookiefirst.com *.maksuturva.fi https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.giosg.com *.giosgusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' www.etracker.de code.etracker.com data:; child-src 'self' blob:; connect-src 'self' *.friendlycaptcha.com *.friendlycaptcha.eu www.etracker.de; frame-src 'self' www.youtube-nocookie.com *.frcapi.com *.friendlycaptcha.eu; img-src 'self' data:; frame-ancestors 'self' 2 frame-ancestors 'self' *, object-src 'none', font-src 'self' https://fonts.gstatic.com https://script.hotjar.com/, frame-src 'self' https://www.google.com/ https://consentcdn.cookiebot.com/ https://outlook.office365.com/ https://sflink.maltego.com/ https://www.youtube.com/ https://app.vwo.com/ https://www.youtube-nocookie.com/ https://forms.office.com/ https://maltego.jobs.personio.de/ https://cdn.openwidget.com/ https://open.spotify.com/, img-src 'self' data: https://analytics.twitter.com https://chart.googleapis.com https://company.g2.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://t.co https://useruploads.visualwebsiteoptimizer.com https://wingify-assets.s3.amazonaws.com https://www.google.com https://www.google.com.br https://imgsct.cookiebot.com/ https://www.google-analytics.com/ https://px4.ads.linkedin.com/ https://bat.bing.com/ https://www.fbi.gov/ https://static.maltego.com/cdn/ 2 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.ouhealth.com 2 object-src 'self'; connect-src 'self' ws: *.tiktok.com *.rimac.com experiencia.force.com *.youtube.com *.googletagmanager.com dynamic.criteo.com *.demdex.net rimacsegurosyreasegu.tt.omtrdc.net *.google-analytics.com *.facebook.net *.hotjar.com *.hotjar.io rimac.demdex.net cm.everesttech.net js-agent.newrelic.com bat.bing.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.com *.omtrdc.net *.demdex.net *.googlemaps.com *.googleapis.com *.nr-data.net stats.g.doubleclick.net *.dynatrace-managed.com *.youtube.com *.adobedtm.com hit.api.useinsider.com rimacperu.api.useinsider.com segment.api.useinsider.com inference.api.useinsider.com location.api.useinsider.com carrier.useinsider.com assets.api.useinsider.com cognito-idp.us-east-1.amazonaws.com cognito-idp.us-east-2.amazonaws.com tmyye0l8jl.execute-api.us-east-1.amazonaws.com hy3g990yo8.execute-api.us-east-1.amazonaws.com jiw3r1uxol.execute-api.us-east-2.amazonaws.com qotbbq902i.execute-api.us-east-2.amazonaws.com 3wxyj8a8th.execute-api.us-east-2.amazonaws.com 56w0ynzig7.execute-api.us-east-2.amazonaws.com 34qll44aol.execute-api.us-east-1.amazonaws.com t5pq62qop8.execute-api.us-east-2.amazonaws.com gnfomwolfj.execute-api.us-east-1.amazonaws.com 5wsimc5ap6.execute-api.us-east-1.amazonaws.com dxft9dkcc1.execute-api.us-east-2.amazonaws.com ue1stgtestas3ecm001.s3.us-east-2.amazonaws.com ue1stgprodas3ecm001.s3.us-east-1.amazonaws.com ue1stgprodas3ecm001.s3.amazonaws.com j89jgt7z8h.execute-api.us-east-2.amazonaws.com apitest.rimac.com cognito-identity.us-east-1.amazonaws.com *.hotjar.com *.hotjar.io *.teads.tv cognito-identity.us-east-2.amazonaws.com *.idx.lat *.force.com experiencia.force.com *.site.com; style-src 'self' 'unsafe-inline' *.force.com *.site.com experiencia.force.com assets.api.useinsider.com; font-src 'self' data: *.gstatic.com *.rimac.com; frame-src 'self' *.demdex.net *.dynatrace-managed.com *.criteo.com *.hotjar.com *.hotjar.io *.youtube.com *.retargetly.com *.force.com *.idx.lat *.site.com experiencia.force.com hit.api.useinsider.com rimacperu.api.useinsider.com segment.api.useinsider.com inference.api.useinsider.com location.api.useinsider.com carrier.useinsider.com assets.api.useinsider.com 2 frame-ancestors 'self' http://www.philips.com.au *.philips.com *.philips.com.au https://philipsigtdpv.com 2 object-src data: 'unsafe-eval' 2 default-src * 'unsafe-eval' 'unsafe-inline' data: about: 2 script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.onenorth.com https://goodwinlaw102u0.admin.oniqa.com *.oniqa.com *.onistaged.com public.flourish.studio *.amazonaws.com public.flourish.studio flo.uri.sh *.googletagmanager.com *.google-analytics.com *.google.com *.ceros.com *.cvent.com *.cventevents.com assets-usa.mkt.dynamics.com public-usa.mkt.dynamics.com *.azureedge.net clarity.ms *.clarity.ms *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.simplecast.com *.cookielaw.org *.typekit.net cdnjs.cloudflare.com us1.siteimprove.com cdnjs.cloudflare.com *.brightcove.net siteimproveanalytics.com cdn.yoshki.com 61282325.global.siteimproveanalytics.io w.soundcloud.com goodwin.photoshelter.com photoshelter.com player.vimeo.com cdn.cookielaw.org geolocation.onetrust.com drive.google.com code.jquery.com yoshki.com *.adnxs.com *.6sc.co *.hotjar.com *.hotjar.io *.cvent.com wss://*.hotjar.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com *.parsely.com https://my.walls.io ; img-src * data:; font-src 'self' data: *.typekit.net; 2 frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'https://*.sbernpf.ru' 'https://*.npfsb.ru' 'https://*.npfsberbanka.ru' 'https://npfsberbanka.ru'; 2 frame-ancestors 'self' https://*.revenue.io https://*.ringdna.net https://*.force.com 2 default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' nic.bradesco imprensa.bradesco vivaprime.bradesco assets.bradesco *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://canalconsorciado.bradesco.com.br *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br; img-src * 'self' data: https:; font-src * 'self' data:; frame-ancestors 'self'; 2 child-src blob: http://*.digipix.com.br https://*.digipix.com.br https://*.fotoregistro.com.br https://ads.stickyadstv.com https://gum.criteo.com https://ups.analytics.yahoo.com; connect-src 'self' http://*.digipix.com.br https://*.api.useinsider.com https://*.clarity.ms https://*.digipix.com.br https://*.facebook.com https://*.firebaseio.com https://*.fotoregistro.com.br http://*.fotoregistro.com.br https://*.google.com https://*.ingest.sentry.io https://*.sentry.io https://*.useinsider.com https://adservice.google.com https://analytics.ahrefs.com https://analytics.google.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://api-js.mixpanel.com https://api.pushowl.com https://api.reviews.io https://ara.paa-reporting-advertising.amazon https://bam.nr-data.net https://bat.bing.com https://cloud.umami.is https://ct.pinterest.com https://dev.visualwebsiteoptimizer.com https://fotoregistrobr.api.useinsider.com https://google.com https://hit.api.useinsider.com https://in-automate.brevo.com https://inference.api.useinsider.com https://landingpages.brevo.com https://locationv2.api.useinsider.com https://logger.uol.com.br https://measurement-api.criteo.com https://metrics.fotoregistro.com.br https://*.openpanel.dev https://*.trustvox.com.br https://pixel.byspotify.com https://pixels.spotify.com https://plausible.io https://region1.analytics.google.com https://s.amazon-adsystem.com https://segment.api.useinsider.com https://server-side-tagging-gbb3efdyoq-uc.a.run.app https://ssl.google-analytics.com https://stats.g.doubleclick.net https://the.sciencebehindecommerce.com https://trustvox.com.br https://upload.uploadcare.com https://ucarecdn.com https://uploadcare.s3-accelerate.amazonaws.com wss://ws.pusherapp.com ws://ws.pusherapp.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://www.google.com.br https://www.pinterest.com https://www.wepowerconnections.com https://648a146b4be7429c6dd2eac3.webloader.smooch.io https://648a146b4be7429c6dd2eac3.config.smooch.io wss://*.firebaseio.com wss://*.useinsider.com; default-src 'self' data: blob:; font-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://*.api.useinsider.com https://*.useinsider.com https://assets.reviews.io https://cdn.convrrt.com https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://*.trustvox.com.br https://use.typekit.net; frame-src 'unsafe-eval' 'unsafe-inline' 'self' blob: http://*.facebook.com https://*.digipix.com.br https://*.facebook.com https://*.firebaseio.com https://*.fotoregistro.com.br https://*.api.useinsider.com https://*.prismic.io https://*.useinsider.com https://*.criteo.com https://ct.pinterest.com https://digipix.prismic.io https://event.getblue.io https://fledge.us.criteo.com https://fotoregistrobr.api.useinsider.com https://gum.criteo.com https://indexanetwork.go2cloud.org https://m.youtube.com https://openpanel.dev https://platform.twitter.com https://s.amazon-adsystem.com https://server-side-tagging-gbb3efdyoq-uc.a.run.app https://sibautomation.com https://static.criteo.net https://td.doubleclick.net https://tm.uol.com.br https://social.uploadcare.com https://tpc.googlesyndication.com https://www.awin1.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: http://*.digipix.com.br http://*.fotoregistro.com.br https://*.api.useinsider.com https://*.clarity.ms https://*.criteo.com https://*.digipix.com.br https://*.facebook.com https://*.facebook.net https://*.fotoregistro.com.br https://*.liadm.com https://*.prismic.io https://*.useinsider.com https://aa.agkn.com https://ad.360yield.com https://ad.tpmn.co.kr https://ad.yieldlab.net https://ade.clmbtech.com https://adgen.socdm.com https://ads.stickyadstv.com https://adx.dable.io https://analytics.ahrefs.com https://analytics.google.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://api.amedigital.com https://assets.reviews.io https://bat.bing.com https://bh.contextweb.com https://c.bing.com https://c1.adform.net https://cdn.aralego.net https://cdn.convrrt.com https://cdn.smooch.io https://cdnjs.cloudflare.com https://cm.adform.net https://cm.adgrx.com https://cm.g.doubleclick.net https://cm.t.tailtarget.com https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://cs.adingo.jp https://csi.gstatic.com https://csm.va.us.criteo.net https://ct.pinterest.com https://dev.visualwebsiteoptimizer.com https://digipix.cdn.prismic.io https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://eugen.go2cloud.org https://exchange.mediavine.com https://fonts.gstatic.com https://fotoregistrobr.api.useinsider.com https://googleads.g.doubleclick.net https://hb.yahoo.net https://ib.adnxs.com https://id5-sync.com https://idsync.rlcdn.com https://img.mailinblue.com https://jadserve.postrelease.com https://live.rezync.com https://log.api.useinsider.com https://match.prod.bidr.io https://match.sharethrough.com https://matching.ivitrack.com https://p.rfihub.com https://pagead2.googlesyndication.com https://partner.mediawallahscript.com https://pixel-sync.sitescout.com https://pixel.rubiconproject.com https://pixel.tapad.com https://public-prod-dspcookiematching.dmxleo.com https://ucarecdn.com https://pr-bh.ybp.yahoo.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://simage2.pubmatic.com https://ssl.google-analytics.com https://*.trustvox.com.br https://stats.g.doubleclick.net https://sync.cootlogix.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.1rx.io https://sync.aralego.com https://sync.crwdcntrl.net https://sync.outbrain.com https://sync.targeting.unrulymedia.com https://syndication.twitter.com https://t.tailtarget.com https://tags.bluekai.com https://tapestry.tapad.com https://tg.socdm.com https://theme.zdassets.com https://tr.superoferta.online https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://wl-production-assets-uk.s3.eu-west-1.amazonaws.com https://www.awin1.com https://www.google-analytics.com https://www.google.ca https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.br https://www.google.com.np https://www.google.com.py https://www.google.com.sg https://www.google.com.uy https://www.google.dz https://www.google.fi https://www.google.nl https://www.google.pt https://www.googleadservices.com https://www.googletagmanager.com https://www.pinterest.com https://www.wepowerconnections.com https://x.bidswitch.net https://x.dlx.addthis.com; manifest-src 'self' blob:; media-src 'self'; object-src 'unsafe-eval' 'unsafe-inline' https://*.api.useinsider.com https://*.useinsider.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.digipix.com.br http://*.fotoregistro.com.br http://platform.twitter.com https://*.api.useinsider.com https://*.bing.com https://*.digipix.com.br https://*.facebook.net https://*.fotoregistro.com.br https://*.google.com https://*.useinsider.com https://analytics.tiktok.com https://assets.reviews.io https://b.t.tailtarget.comb https://bat.bing.combat.js https://c.amazon-adsystem.com https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.pushowl.com https://cloud.umami.is https://dynamic.criteo.com https://event.getblue.io https://googleads.g.doubleclick.net https://plausible.io https://s.pinimg.comct/core.js https://sibautomation.comsa.js https://sslwidget.criteo.comevent https://static.cdn.prismic.io/prismic.js https://the.sciencebehindecommerce.comd9core https://tm.jsuol.com.bruoltm.js https://tracker.bt.uol.com.brpartner https://tt-10162-1.seg.t.tailtarget.com https://ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js https://ucarecdn.com/libs/widget-tab-effects/1.x/uploadcare.tab-effects.js https://widget.getblue.io/event https://www.awin1.comsread.js https://www.dwin1.com17835.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com https://*.api.useinsider.com https://*.bing.com https://*.digipix.com.br https://*.facebook.net https://*.firebaseio.com https://*.prismic.io https://*.useinsider.com https://analytics.ahrefs.com https://analytics.tiktok.com https://apis.google.com https://b.t.tailtarget.com https://c.amazon-adsystem.com https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.pushowl.com https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://cloud.umami.is https://code.jquery.com https://rate.trustvox.com.br https://ct.pinterest.com https://dev.visualwebsiteoptimizer.com https://dynamic.criteo.com https://edge.fullstory.com https://event.getblue.io https://fotoregistrobr.api.useinsider.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.sentry-cdn.com https://metrics.fotoregistro.com.br https://metrics.fotoregistro.com.br/gtm.js https://pixel.byspotify.com https://openpanel.dev https://plausible.io https://prismic.io https://s.pinimg.com https://sibautomation.com https://*.googleapis.com https://ssl.google-analytics.com https://sslwidget.criteo.com https://static.cdn.prismic.io https://the.sciencebehindecommerce.com https://tm.jsuol.com.br https://tpc.googlesyndication.com https://tracker.bt.uol.com.br https://trustvox.com.br https://static.trustvox.com.br https://tt-10162-1.seg.t.tailtarget.com https://use.fontawesome.com https://widget.getblue.io https://widget.reviews.io https://widget.trustpilot.com https://www.awin1.com https://www.dwin1.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.api.useinsider.com https://fontes.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.useinsider.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' data: https://*.useinsider.com https://*.firebaseio.com https://assets.reviews.io https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.trustvox.com.br https://use.fontawesome.com; worker-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.api.useinsider.com https://*.useinsider.com https://api.useinsider.com; 2 frame-ancestors 'self' https://boobyday.com https://preprod.boobyday.com https://payment.morning.cat 2 default-src 'self'; script-src 'self' www.googletagmanager.com www.googleadservices.com maps.googleapis.com www.redditstatic.com appleid.cdn-apple.com stats.g.doubleclick.net googleads.g.doubleclick.net static.ads-twitter.com platform.iteratehq.com tagmanager.google.com googletagmanager.com connect.facebook.net cdnjs.cloudflare.com/ajax/libs/snowplow/ snippet.maze.co *.smooch.io *.verygoodvault.com *.gladly.com api.mapbox.com cdn.segment.com edge.fullstory.com cdn.plaid.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net analytics.tiktok.com websdk.appsflyer.com static.elfsight.com universe-static.elfsightcdn.com fpnpmcdn.net static.visible.xyz 'unsafe-eval' 'unsafe-inline'; style-src 'self' static.visible.xyz fonts.googleapis.com tagmanager.google.com *.gladly.com 'unsafe-inline'; img-src 'self' www.google.com www.google.com.ua www.googletagmanager.com www.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net/r/ static.visible.xyz t.co *.twitter.com *.gstatic.com *.amazonaws.com *.event.prod.bidr.io *.reddit.com *.gladly.com *.smooch.io *.adyen.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net *.ytimg.com files.elfsightcdn.com blob: data:; connect-src 'self' https://api.rent.app/api/ google.com maps.googleapis.com analytics.google.com iteratehq.com *.google-analytics.com *.reddit.com connect.facebook.net www.redditstatic.com conversions-config.reddit.com www.google.com/recaptcha/ www.google.com/ccm/ wa.onelink.me prompts.maze.co https://public-dev-nft-pictures-test.s3.us-east-1.amazonaws.com/ *.smooch.io *.verygoodvault.com gladly-production.sinter-collect.com *.gladly.com *.gladly.chat *.mapbox.com *.segment.io *.segment.com *.fullstory.com browser-intake-us5-datadoghq.com auth.rent.app *.auth0.com events.launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com *.adyen.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net ads.tiktok.com analytics.tiktok.com *.appsflyer.com *.elfsight.com api.fpjs.io *.api.fpjs.io ws:; font-src 'self' static.visible.xyz fonts.gstatic.com *.gladly.com analytics.tiktok.com; frame-src 'self' www.google.com www.googletagmanager.com td.doubleclick.net *.verygoodvault.com *.plaid.com auth.rent.app *.auth0.com notifications.wisepops.com wisepops.net *.adyen.com calendly.com youtube.com www.youtube.com www.m.youtube.com blob:; object-src 'self' blob:; media-src *.gladly.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; worker-src blob:; block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports; 2 default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: assets.adobedtm.com demdex.net edge.adobedc.net ajax.googleapis.com ajax.aspnetcdn.com *.doubleclick.net td.doubleclick.net *.td.doubleclick.net *.fitchsolutions.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.ampproject.org app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com *.googletagmanager.com players.brightcove.net *.google-analytics.com *.analytics.google.com analytics.google.com *.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com *.clearbitscripts.com *.clearbit.com *.clearbitjs.com fx.fitchgroup.co; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com *.googletagmanager.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net; object-src 'none'; frame-src 'self' *.fitchsolutions.com *.doubleclick.net *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net *.td.doubleclick.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com *.evidon.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.co.uk *.fitchsolutions.com metrics.brightcove.com *.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co *.google-analytics.com *.analytics.google.com www.google.com www.google.co td.doubleclick.net *.td.doubleclick.net www.google.co.uk www.google.com.sg; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net *.google-analytics.com *.analytics.google.com; connect-src 'self' blob: assets.adobedtm.com demdex.net edge.adobedc.net *.fitchsolutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io notify.bugsnag.com *.clearbit.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.clearbit.com *.linkedin.oribi.io td.doubleclick.net *.td.doubleclick.net *.google.com px.ads.linkedin.com 2 default-src 'self' https: wss:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; font-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; 2 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: ;frame-src 'self' *;frame-ancestors 'self' *; worker-src 'self' * blob:; 2 frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com automation.honeywell.com process.honeywell.com; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.westernstandard.news;block-all-mixed-content; 2 frame-ancestors 'self' https://kiosk.bluegreenowner.com https://hgvkiosk.bluegreenowner.com 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com https://www.googletagmanager.com https://cdn.privacy-mgmt.com https://tag.aticdn.net;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media https://www.google.com https://www.google.co.uk;media-src 'none';frame-src 'self' http://players.brightcove.net https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.privacy-mgmt.com;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com https://our.umbraco.com https://our.umbraco.org https://www.google-analytics.com https://stats.g.doubleclick.net https://log.xiti.com https://cdn.privacy-mgmt.com https://*.analytics.google.com/ https://*.google-analytics.com/ https://a1.api.bbc.com;report-uri /WebResource.axd?cspReport=true 2 frame-ancestors 'self' https://*.prepedu.com ; 2 default-src 'none'; script-src 'self' 'sha256-8utW+kKzeUlJv3uhUjjdPCEamVpNjhk4CpTE1oe3icY=' https://app.intercom.io https://widget.intercom.io https://*.intercomcdn.com https://plausible.io https://static.cloudflareinsights.com https://*.cloudflareaccess.com https://js.stripe.com; connect-src *; style-src 'self' 'unsafe-inline' https://*.cloudflareaccess.com https://fonts.googleapis.com; img-src data: blob: https://*.hoa-express.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.googleapis.com https://*.gstatic.com https://*.google.com; font-src 'self' data: https://*.hoa-express.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com; child-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.stripe.com; media-src 'self' https://js.intercomcdn.com; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io https://f4g8z0njphjx.statuspage.io; report-uri https://sparksuite.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; 2 base-uri 'self'; default-src *; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; img-src *; media-src *; font-src *; connect-src *; worker-src *; frame-src *; form-action *; 2 base-uri 'self'; frame-src 'self' https://*.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://*.tiqcdn.com https://match.adsrvr.org https://insight.adsrvr.org https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net https://td.doubleclick.net; default-src 'self'; script-src 'self' 'unsafe-inline' https://js.adsrvr.org https://*.tiqcdn.com https://www.googleadservices.com https://*.clarity.ms https://t.clarity.ms https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js https://tags.srv.stackadapt.com https://connect.facebook.net https://*.adform.net https://www.clarity.ms https://ads.nextdoor.com https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com https://www.trustedsite.com; img-src blob: data: 'self' https://www.facebook.com https://www.googleadservices.com https://tpc.googlesyndication.com https://insight.adsrvr.org https://dpm.demdex.net https://datacloud.tealiumiq.com https://cm.g.doubleclick.net https://match.adsrvr.org https://*.stackadapt.com https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://*.mdhv.io https://*.clarity.ms https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/ https://www.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/; connect-src 'self' https://connect.facebook.net https://www.googleadservices.com https://insight.adsrvr.org https://*.tealiumiq.com https://*.clarity.ms https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js https://y.clarity.ms https://t.clarity.ms https://tags.srv.stackadapt.com https://*.adform.net https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net; form-action 'none'; frame-ancestors 'self'; report-uri /api/sessions/CspViolationLog/ReportViolation/ 2 default-src 'self' http://apps.commbox.io https://apps.commbox.io//launcher/ https://apps.commbox.io https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://login.yahav.co.il; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://apps.commbox.io//Scripts/connect.js https://apps.commbox.io//launcher/ https://apps.commbox.io//Scripts/connect.js https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://apps.commbox.io//Scripts/connect.js https://apps.commbox.io//Scripts/connect.js https://apps.commbox.io///Styles/cb_extentions.css https://fonts.googleapis.com https://fonts.gstatic.com; img-src * 'self' data: https: ; 2 frame-ancestors ; connect-src www.mineraltree.com www.google-analytics.com analytics.google.com api.company-target.com company-target.com segments.company-target.com s.company-target.com rlcdn.com *.cookielaw.org *.popt.in *.demandbase.com *.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com *.onetrust.com *.cloudfront.net *.clarity.ms *.doubleclick.net; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com vimeo.com dev.visualwebsiteoptimizer.com *.popt.in *.cloudfront.net *.company-target.com *.demandbase.com *.rlcdn.com; font-src 'self' use.typekit.net fonts.gstatic.com *.popt.in *.cloudflare.com *.on.aws *.cloudfront.net *.amazonaws.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net *.company-target.com *.google.com *.visualwebsiteoptimizer.com app.vwo.com data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.company-target.com *.clarity.ms hostedseal.trustarc.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com cdn.jsdelivr.net cdnjs.cloudflare.com *.popt.in tag.demandbase.com tag-logger.demandbase.com scripts.demandbase.com www.google.com www.gstatic.com *.clarity.ms blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com *.popt.in *.cloudflare.com *.on.aws *.visualwebsiteoptimizer.com app.vwo.com; 2 frame-ancestors 'self' *.studis-online.de *.bafoeg-rechner.de *.netzseiten.de; 2 default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net js.hubspot.com *.amazonaws.com *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com.ar *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.bootstrapcdn.com *.amazonaws.com js.hubspot.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com; 2 frame-ancestors 'self' http://*.di.dk; 2 default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' connect.facebook.net ws.zoominfo.com www.google.com/recaptcha/enterprise.js js.hs-banner.com forms.hsforms.com js-na1.hs-scripts.com js.hsforms.net www.googletagmanager.com www.google-analytics.com *.ecrs.com ecrs.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net *.googleadservices.com *.amazonaws.com googleads.g.doubleclick.net www.google.com/recaptcha/api.js www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' *.ecrs.com ecrs.com *.googleapis.com; img-src 'self' data: *.hsforms.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.ecrs.com ecrs.com s3.amazonaws.com 2.gravatar.com secure.gravatar.com px.ads.linkedin.com 10.93.3.139 track.hubspot.com www.google.com p.adsymptotic.com *.amazonaws.com; media-src 'self' *.ecrs.com ecrs.com; frame-src 'unsafe-eval' 'self' clarity.microsoft.com static.hsappstatic.net app.hubspot.com forms.hsforms.com www.google.com player.vimeo.com www.youtube.com bid.g.doubleclick.net; font-src 'self' data: *.ecrs.com ecrs.com *.googleapis.com *.gstatic.com *.amazonaws.com; connect-src 'unsafe-eval' 'self' www.google-analytics.com forms.hsforms.com *.amazonaws.com builder.ecrs.com; 2 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: https: ; 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeos_google 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 frame-ancestors 'self' https://app.kontent.ai http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com;frame-src 'self' https://2486383.hs-sites.com https://app.hubspot.com https://s7.addthis.com https://players.brightcove.net https://fast.wistia.net/ https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.gartner.com https://www.google.com https://www.googletagmanager.com https://forms.hsforms.com https://forms.office.com https://app.kontent.ai https://forms.monday.com http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com https://js.stripe.com https://tribl.io https://platform.twitter.com https://www.youtube.com https://form.jotform.com https://issuu.com/ https://e.issuu.com/ https://fliphtml5.com/ https://*.fliphtml5.com/ https://player.vimeo.com https://www.surveymonkey.com/; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;connect-src 'self' https: wss: blob:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 2 default-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.google-analytics.com https://*.openstreetmap.org data: blob:; 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 2 base-uri 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://smc-lp.s4hana.ondemand.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.marketview.com https://webservice-eex.gvsi.com https://eex-group.com/ https://ecc.de/ https://www.eex.com https://queryeex.gvsi.com https://www.etracker.de https://etracker.com https://*.etracker.com data:; font-src 'self' data:; 2 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookielaw.org *.onetrust.com *.brightcove.com *.brightcove.net *.vimeo.com *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com *.cincopa.com *.google.com *.gstatic.com *.ceros.com *.qualtrics.com *.moatads.com;img-src 'self' data: about: t.co *.cookielaw.org *.onetrust.com *.twitter.com *.vimeocdn.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com *.cincopa.com *.linkedin.com *.google.com *.doubleclick.net *.qualtrics.com *.adsymptotic.com *.guggenheiminvestments.com;style-src 'self' 'unsafe-inline' *.twitter.com *.cincopa.com *.twimg.com;media-src 'self' blob: *.boltdns.net;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.cookielaw.org *.onetrust.com *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.cincopa.com *.visualstudio.com *.google-analytics.com *.qualtrics.com *.akamaihd.net;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.ceros.com *.guggenheimpartners.com *.knightlab.com *.vimeo.com https://vimeo.com *.captivate.fm; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com; 2 default-src 'self'; connect-src 'self' *.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://stats.g.doubleclick.net https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.vportal.ee/v1/search/transpordiamet https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/transpordiamet https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://www.transpordiamet.ee/ www.transpordiamet.ee https://digiajakiri.transpordiamet.ee/ www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://transpordiamet.ee https://v.postimees.ee/ https://public.tableau.com/app/profile/transpordiamet/viz/Ktused/Ktusekulukoond https://public.tableau.com/ https://gis.transpordiamet.ee/ https://droonid.transpordiamet.ee/ https://public.tableau.com/views/Ktused/Ktusekulukoond https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadegasaabunudinimesed https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadeklastusandmed https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com www.fbcdn.net www.cdninstagram.com www.facebook.com https://pixabay.com/ https://www.pexels.com/ http://www.w3.org/ http://www.bohemiancoding.com/sketch/* www.transpordiamet.ee https://stats.g.doubleclick.net/* https://www.transpordiamet.ee/ https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org www.facebook.com https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee/ www.transpordiamet.ee https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org www.facebook.com https://search.google.com/search-console https://transpordiamet.ee www.transpordiamet.ee https://www.facebook.com https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js https://public.tableau.com/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self' https://public.tableau.com/ 2 frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat https://*.3cat.cat http://*.3cat.cat; 2 frame-ancestors 'self' https://azusgb01--cms.vf.force.com 2 frame-ancestors 'self' https://app.safe.global https://dexscreener.com 2 default-src https:; frame-src https: blob:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 2 script-src 'unsafe-inline' 'self' 'unsafe-eval'; style-src * 'unsafe-inline' data: ; img-src * data: blob:; frame-src 'self' buildamerica.com creditsummaries.assuredguaranty.com *.lumesis.com munipoints.com www.munipoints.com; connect-src www.google-analytics.com 'self' ; default-src 'self' data:; report-uri /tmc/servlet/error/csp 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 base-uri 'self'; frame-ancestors 'none'; object-src 'none'; worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; frame-src *; worker-src blob:; form-action 'self'; frame-ancestors 'self' https://a.cms.omniupdate.com; 2 default-src 'self' *.sitevision-cloud.se *.sitevision.se data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.youtube.com *.sitevision-cloud.se *.sitevision.se *.tt.se *.rekai.se *.twitter.com blob:; style-src 'self' *.bootstrapcdn.com *.readspeaker.com *.sitevision-cloud.se *.sitevision.se 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com data: *.sitevision-cloud.se *.sitevision.se; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.rekai.se *.youtube.com *.vimeo.com *.bootstrapcdn.com *.sitevision.se *.sitevision-cloud.se blob:; 2 frame-ancestors bibliotekanauki.pl pon.edu.pl 2 script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.statcounter.com/counter/counter.js https://www.google.com/recaptcha/api.js; frame-ancestors 'none';child-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://vimeo.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.ise.fraunhofer.de leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.syndication.twimg.com/ http://*.tile.openstreetmap.org https://api.tiles.mapbox.com https://api.mapbox.com https://wisskomm.social/@energy_charts_d ; img-src data: 'self' blob: data: https://stats.ise.fraunhofer.de leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.syndication.twimg.com/ http://*.tile.openstreetmap.org https://api.tiles.mapbox.com https://api.mapbox.com https://wisskomm.social/@energy_charts_d ; style-src 'self' 'unsafe-inline' https://stats.ise.fraunhofer.de leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.syndication.twimg.com/ http://*.tile.openstreetmap.org https://api.tiles.mapbox.com https://api.mapbox.com https://wisskomm.social/@energy_charts_d ; font-src 'self' https://stats.ise.fraunhofer.de leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.syndication.twimg.com/ http://*.tile.openstreetmap.org https://api.tiles.mapbox.com https://api.mapbox.com https://wisskomm.social/@energy_charts_d ; frame-src https://stats.ise.fraunhofer.de leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.syndication.twimg.com/ http://*.tile.openstreetmap.org https://api.tiles.mapbox.com https://api.mapbox.com https://wisskomm.social/@energy_charts_d frame-ancestors leonid.muc.zae-bayern.de grizzly.rheintal-hosting.ch kkl.swissscreen.com ; object-src 'none' 2 default-src 'none'; script-src 'self' 'unsafe-inline' *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com *.recaptcha.net wasm-eval js.sentry-cdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com *.zendesk.com *.googletagmanager.com *.recaptcha.net; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io *.zendesk.com; media-src 'self' *.zdassets.com blob: data; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com *.recaptcha.net *.googletagmanager.com *.doubleclick.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 2 upgrade-insecure-requests 2 default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/ https://www.youtube.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/releases/ https://freegeoip.live/json/ https://www.google.com/recaptcha/api.js https://js.driftt.com/ https://sc.lfeeder.com/lftracker_v1_3P1w24dW9Ag7mY5n.js https://www.googletagmanager.com/gtag/js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com sha256-; object-src 'none'; base-uri 'self'; connect-src https://www.google-analytics.com/ https://reallyfreegeoip.org/json/ 'self'; font-src 'self' data: https://s0.wp.com/i/fonts/ https://fonts.gstatic.com; frame-src 'self' https://js.driftt.com https://www.google.com https://www.youtube.com/ ; img-src 'self' https://comosense.com/ https://i.ytimg.com/vi/ https://secure.gravatar.com https://www.google-analytics.com/ https://tr-rc.lfeeder.com/ https://wpengine.com/ data: https://static-mk.prod.bcomo.com; manifest-src 'self'; media-src 'self' https://js.driftt.com; worker-src 'self' blob:; 2 form-action 'self' https://forms.hsforms.com; 2 default-src https: http: blob: 'unsafe-inline' 'unsafe-eval' data:; 2 object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; connect-src * 2 frame-ancestors 'self' https://*.unanet.com https://*.cosential.com https://*.unanetuniversity.com https://unanet.pathfactory.com https://*.pathfactory.com https://unanet.partnerpage.io https://*.partnerpage.io https://*.championsconference.com; upgrade-insecure-requests 2 default-src 'self' mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src 'self' blob: 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 frame-ancestors https://*.cisin.com; 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com http://flex.msn.com http://www.googleadservices.com https://seal.digicert.com https://seal.verisign.com https://www.google.com https://www.googleadservices.com https://app-ab16.marketo.com https://www.gstatic.com https://www.googletagmanager.com https://s.go-mpulse.net https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' http://localhost:9002 https://magtek.acipayonline.com:9002 *.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.officialpayments.com https://www.google.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://privacy-policy.truste.com https://seal.digicert.com *.google-analytics.com https://app-ab16.marketo.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://app-ab16.marketo.com; style-src 'self' 'unsafe-inline' https://app-ab16.marketo.com; object-src 'self' *.google-analytics.com; report-uri https://acipayonline.com/CSPFailuresHandler; frame-ancestors 'self' https://sa.peralta.edu 2 frame-ancestors 'self' https://backoffice.shoppster.com 2 frame-ancestors *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.cz *.mcdonalds.sk *.mcdonalds360.cz *.mcdonalds360.sk; form-action *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.sk *.mcdonalds.cz tr.snapchat.com; object-src 'none'; 2 frame-ancestors https://www.rldatix.com/ https://rldatix.com/ https://cms.rldatix.com/ 2 frame-ancestors *.uniphore.com 2 default-src * gap:; script-src blob: 'self' http://* https://* * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai embed.chatnode.ai; form-action 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com 'report-sample'; font-src 'self' data: *.realperson.cloud; worker-src 'self' blob:; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de data: https://*.openstreetmap.org; frame-ancestors 'self'; report-uri https://www.stroeer.de/@http-reporting?csp=report&requestTime=1752171255955100&requestHash=0b6f7aebe74fdb0bc5b3c956453ccd3327e11d70 2 frame-ancestors 'self' kedge.edu *.kedge.edu outlook.office365.com; 2 default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.com https://refinemirror.com https://*.affirm.com https://mirror.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.com https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.com https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none' 2 font-src instantcredit.net test.instantcredit.net https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://cl.avis-verifies.com https://media.flixfacts.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com https://cl.avis-verifies.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com instantcredit.net test.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://www.google.com https://www.google.es https://oct8necdneu.azureedge.net https://static-eu.oct8ne.com https://integrations.etrusted.com https://imgsct.cookiebot.com https://cl.avis-verifies.com https://media.flixcar.com https://media.flixfacts.com https://www.puntronic.com https://www.miro.es https://www.electrodomesticsmiro.cat https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es chimpstatic.com downloads.mailchimp.com *.list-manage.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://static-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cl.avis-verifies.com https://www.puntronic.com https://www.miro.es https://www.electrodomesticsmiro.cat https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es downloads.mailchimp.com unsafe-inline assets.braintreegateway.com instantcredit.net test.instantcredit.net https://integrations.etrusted.com https://cl.avis-verifies.com https://media.flixcar.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com instantcredit.net *.instantcredit.net sandbox.sequracdn.com live.sequracdn.com sandbox.sequrapi.com live.sequrapi.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://availability.loadbee.com https://frontal-eu.oct8ne.com https://media.flixcar.com https://vc-service.saleago.com https://cl.avis-verifies.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors https://p-backoffice.b2c.gebr-heinemann.com/ 2 frame-ancestors 'self' builder.io code.gist.build 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.dropbox.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.cookie-script.com https://ajax.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://tag.demandbase.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://pi.pardot.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://*.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://riovizual.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://i.vimeocdn.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://v.fastcdn.co https://cdn.buttercms.com https://cdn.filestackcontent.com https://img.youtube.com https://i.ytimg.com https://www.googletagmanager.com https://storage.pardot.com https://grid-dynamics-blog.ghost.io https://secure.gravatar.com https://id.rlcdn.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://cdnjs.cloudflare.com https://*.onetrust.com; connect-src 'self' https://yoast.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://vimeo.com https://apis.google.com https://www.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com https://ipapi.co https://api.company-target.com https://tag-logger.demandbase.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.io wss://ws.hotjar.com https://segments.company-target.com https://cdn.buttercms.com https://*.onetrust.com; media-src 'self' https://*.griddynamics.net https://cdn.buttercms.com https://*.griddynamics.com; object-src 'none'; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.gstatic.com https://www.google.com https://player.vimeo.com https://www.googletagmanager.com https://*.griddynamics.net https://*.griddynamics.com https://s.company-target.com https://td.doubleclick.net; frame-ancestors 'self' https://*.griddynamics.net https://*.griddynamics.com; upgrade-insecure-requests 2 default-src 'self' *.amh.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amh.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.facebook.net *.launchdarkly.com *.stripe.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.crazyegg.com *.instagram.com *.skypack.dev *.meetelise.com; style-src 'self' 'unsafe-inline' *.amh.com *.googleapis.com *.typekit.net; img-src 'self' data: blob: *.amh.com *.umbraco.io *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.facebook.com *.instagram.com *.pinterest.com widgets.pinterest.com *.stripe.com *.plaid.com *.crazyegg.com *.box.com *.boxcloud.com *.youtube-nocookie.com *.insidemaps.com *.zillow.com; font-src 'self' *.amh.com *.gstatic.com *.typekit.net; connect-src 'self' ws: *.amh.com *.signalr.net *.launchdarkly.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.applicationinsights.azure.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.umbraco.io *.meetelise.pubnubapi.com *.grafana.net; media-src 'self' blob: *.amh.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.boxcloud.com *.box.com; frame-src 'self' *.amh.com *.facebook.com *.youtube-nocookie.com *.vimeo.com *.box.com *.insidemaps.com *.stripe.com *.pinterest.com *.zillow.com *.plaid.com *.myworkdayjobs.com; object-src 'none'; base-uri 'self'; form-action 'self' *.rcashqa.com; upgrade-insecure-requests; block-all-mixed-content; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com https://apps.usw2.pure.cloud https://privacyportal-cdn.onetrust.com https://rumiview.com https://www.rumiview.com https://s.yimg.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2 frame-ancestors 'self' https://staplesanz.lightning.force.com/ https://staplesanz.my.salesforce.com/; 2 frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 2 base-uri 'self'; font-src 'self' data: https:; form-action *; frame-ancestors 'self' https://*.e-spirit.hosting; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; default-src 'self'; media-src 'self' https:; script-src-elem 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://cdn.trkkn.com https://*.p7s1.io https://*.usercentrics.eu https://walls.io https://*.walls.io;style-src 'self' 'unsafe-inline';img-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.googletagmanager.com blob: data:;font-src 'self' blob: data:;object-src 'none';frame-src 'self' https://*.online-report.eu https://*.google.com https://*.eurolandir.com https://walls.io https://*.walls.io https://*.promeas.com;base-uri 'self';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests;connect-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.google-analytics.com 2 default-src 'self'; child-src 'self' blob: *.jobvite.com *.pagescdn.com zingtree.com *.ultralibrarian.com; connect-src 'self' *.power.com *.clickagy.com *.cookielaw.org *.yext-pixel.com *.yextevents.com *.yextapis.com *.hotjar.com *.hotjar.io *.llnw.net *.mktoutil.com *.mktoresp.com *.oemsecrets.com *.oemsecretsapi.com *.onetrust.com *.yext.com *.zi-scripts.com wss://ws.hotjar.com *.zoominfo.com *.paypal.com *.google-analytics.com *.nr-data.net *.doubleclick.net translate.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.baidu.com *.uplynk.com fast.wistia.net *.wistia.com *.litix.io; font-src 'self' data: *.oemsecrets.com *.jsdelivr.net *.gstatic.com fast.wistia.net; frame-src 'self' mailto: *.jobvite.com *.pagescdn.com zingtree.com *.ultralibrarian.com *.clickagy.com *.paypal.com if-cdn.com *.doubleclick.net www.paypalobjects.com *.youtube.com *.googletagmanager.com *.calendly.com calendly.com *.wistia.com; img-src * data:; media-src 'self' blob: *.video.llnw.net *.uplynk.com *.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.cookielaw.org *.hotjar.com *.zi-scripts.com *.clickagy.com *.oemsecrets.com *.jobvite.com *.pagescdn.com *.marketo.net zingtree.com *.paypal.com if-cdn.com *.newrelic.com *.googletagmanager.com *.google-analytics.com www.paypalobjects.com *.baidu.com *.limelight.com *.powerint.cn *.power.com fast.wistia.net *.sentry-cdn.com https://assets.calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fast.wistia.com https://moderate.cleantalk.org https://unpkg.com https://vod-tool.vod-qcloud.com; script-src-elem 'self' 'unsafe-inline' blob: *.cookielaw.org *.hotjar.com *.zi-scripts.com *.clickagy.com *.oemsecrets.com *.jobvite.com *.pagescdn.com *.marketo.net zingtree.com *.paypal.com if-cdn.com *.newrelic.com *.googletagmanager.com *.google-analytics.com www.paypalobjects.com *.baidu.com *.limelight.com *.powerint.cn *.power.com fast.wistia.net https://assets.calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fast.wistia.com https://moderate.cleantalk.org https://unpkg.com https://vod-tool.vod-qcloud.com; style-src 'self' 'report-sample' 'unsafe-inline' https://assets.calendly.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://di.oemsecrets.com https://unpkg.com https://web.sdk.qcloud.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' *.power.com *.powerint.cn *.powerint.com; frame-ancestors 'self'; upgrade-insecure-requests 2 default-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://*.clearbitjs.com https://*.clearbit.com data:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gleen.ai https://*.gleen.ai https://*.amazonaws.com https://*.cloudflareinsights.com https://*.cloudflare.com https://alhena.ai https://*.alhena.ai https://*.helix.im https://*.apollo.io https://*.clearbitscripts.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.clearbitjs.com https://*.clearbit.com https://connect.facebook.net https://cdn-cookieyes.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hscollectedforms.net https://snap.licdn.com https://b-code.liadm.com https://opps-widget.getwarmly.com; style-src 'self' 'unsafe-inline' https://alhena.ai https://*.alhena.ai https://*.helix.im https://fonts.cdnfonts.com https://fonts.googleapis.com https://*.clearbitjs.com https://*.clearbit.com https://www.googletagmanager.com; img-src 'self' data: *; font-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://fonts.cdnfonts.com https://fonts.gstatic.com https://*.clearbitjs.com https://*.clearbit.com; connect-src *; frame-src 'self' https://gleen.ai https://*.gleen.ai https://alhena.ai https://*.alhena.ai https://*.helix.im https://td.doubleclick.net https://www.google.com https://*.cloudflare.com https://*.clearbitjs.com https://*.clearbit.com https://www.googletagmanager.com https://www.youtube.com https://x.adroll.com; frame-ancestors 'self'; base-uri 'none'; form-action 'none'; object-src 'self' data:; 2 default-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com unpkg.com googletagmanager.com rum-static.pingdom.net www.google-analytics.com data: audio: kit.fontawesome.com ka-f.fontawesome.com fonts.gstatic.com rum-collector-2.pingdom.net connect.facebook.net www.facebook.com stats.g.doubleclick.net lifeblood.clevertar.app webau.blob.core.windows.net my-opa.donateblood.com.au www.youtube.com www.google.com oembed.libsyn.com fls.doubleclick.net dc.services.visualstudio.com js.clevertar.app https://bcvipsd20.rightnowtech.com/engagement/api/consumer/ https://my-opa.donateblood.com.au/web-determinations/redirectQuery aurcbloodservices.widget.custhelp.com region1.google-analytics.com region1.analytics.google.com https://aurcbloodservices.widget.custhelp.com https://characters.clevertar.app https://components.clevertar.app https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com www.google.com.au/ads/ga-audiences cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/; connect-src 'self' intercept.inmoment.com.au csc.inmoment.com www.google-analytics.com rum-collector-2.pingdom.net maps.googleapis.com aurcbloodservices.widget.custhelp.com doubleclick.net https://components.clevertar.app https://qa-lifeblood.clevertar.app/ azure.com/ api.experianaperture.io my-opa.donateblood.com.au intercept-client.inmoment.com.au analytics.google.com analytics.tiktok.com ads.linkedin.com https://bcvipsd20.rightnowtech.com reddit.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/; font-src 'self' kit.fontawesome.com cdnjs.cloudflare.com ka-f.fontawesome.com data: application: fonts.gstatic.com https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/euf/core/3.3/thirdParty/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads https://qa-lifeblood.clevertar.app/; frame-src 'self' www.youtube.com www.facebook.com oembed.libsyn.com www.google.com fls.doubleclick.net https://platform.twitter.com/ www.instagram.com www.linkedin.com https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au feedback.inmoment.com.au preview.analytics.lifeblood.com.au; img-src 'self' www.w3.org/* data: https: http: image: blob: region1.google-analytics.com region1.analytics.google.com snap.licdn.com ads.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.facebook.com kit.fontawesome.com www.google-analytics.com ka-f.fontawesome.com googleads.g.doubleclick.net www.w3.org code.jquery.com www.youtube.com clevertar.azureedge.net www.googletagmanager.com rum-static.pingdom.net img.en25.com rum-collector-2.pingdom.net lifeblood.clevertar.app my-opa.donateblood.com.au https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ aurcbloodservices.widget.custhelp.com/ci/oit https://aurcbloodservices.widget.custhelp.com https://www.rnengage.com/api https://api.experianaperture.io/ https://aurcbloodservices.widget.custhelp.com/s/oit/latest/common/v0/libs/oit/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com img.en25.com my-opa.donateblood.com.au rum-static.pingdom.net www.googleadservices.com/ www.w3.org/* code.jquery.com/jquery-3.5.0.min.js kit.fontawesome.com www.youtube.com www.googletagmanager.com connect.facebook.net www.google-analytics.com clevertar.azureedge.net googleads.g.doubleclick.net www.gstatic.com/recaptcha/releases/ aurcbloodservices.widget.custhelp.com https://my-opa.donateblood.com.au/web-determinations/staticresource/ www.rnengage.com/api/ https://platform.twitter.com/ https://www.instagram.com/ https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://components.clevertar.app/ https://qa-lifeblood.clevertar.app/ https://r.turn.com https://preview.analytics.lifeblood.com.au/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' ka-f.fontawesome.com/* https://fonts.googleapis.com/css https://clevertar.azureedge.net/UserInterface/evo/classic.css fonts.googleapis.com www.googletagmanager.com my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' maps.googleapis.com/* unpkg.com fonts.googleapis.com kit.fontawesome.com www.googletagmanager.com clevertar.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.lifeblood.com.au/report-uri/enforce; upgrade-insecure-requests 2 frame-ancestors https://eu.beanworks.com https://*.eu.beanworks.com https://*.beandev.com https://*.beanworks.ca https://*.beandev.eu https://*.sageapa.com https://beanworks.ca https://sageapa.com 2 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 2 default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com otp.tools.investis.com *.investisdigital.com www.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com *.investisdigital.com geoid.investisdigital.com cookiemanager.investisdigital.com *.investis.com plugins.flockler.com fl-cdn.scdn1.secure.raxcdn.com *.flockler.com www.recaptcha.net www.google-analytics.com otp.tools.investis.com page-group-v3.pid2-e1.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net geoid.investisdigital.com *.flockler.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.fonts.com geoid.investisdigital.com *.jsdelivr.net; connect-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com geoid.investisdigital.com stats.g.doubleclick.net cookiemanager.investisdigital.com https://assets.investisdigital.com ; report-uri /report-csp-violation 2 frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 2 default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com wss://*.amazonaws.com; media-src 'self' https://user-attachments-0-prod-us-east-2-135996661431.s3.us-east-2.amazonaws.com https://user-attachments-0-prod-us-west-1-135996661431.s3.us-west-1.amazonaws.com mediastream:; 2 default-src 'self' https:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; worker-src blob:; 2 frame-ancestors 'self' *.gomarquis.com *.zagclients.net 2 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://api.qooqie.com https://cdn.leadinfo.net https://infimv.com https://infirc.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://cdnjs.cloudflare.com https://tailwindcss.com https://tr.lfeeder.com https://tr-rc.lfeeder.com data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://collector.leadinfo.net https://api.leadinfo.com https://api.qooqie.com wss://api.qooqie.com https://https.overbridgenet.com https://sc.lfeeder.com https://overbridgenet.com https://region1.google-analytics.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net; object-src 'none'; 2 default-src 'self'; connect-src 'self' px.ads.linkedin.com accounts.google.com www.facebook.com tagmanager.google.com secure.adnxs.com *.6sc.co *.6sense.com vimeo.com cdn.linkedin.oribi.io log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com wss://ws.hotjar.com wss://wsp38.hotjar.com wss://ws3.hotjar.com wss://ws38.hotjar.com wss://ws47.hotjar.com *.hotjar.com *.hotjar.io cdn.cookielaw.org geolocation.onetrust.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net my.yoast.com yoast.com my.wpengine.com *.cloudfront.net *.wistia.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com rambus.wpenginepowered.com data:; form-action 'self' www.facebook.com; frame-ancestors 'self'; style-src 'self' rambus.wpenginepowered.com *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src 'self' connect.facebook.net rambus.wpenginepowered.com cdn-cookieyes.com/ www.youtube.com player.vimeo.com go.rambus.com cdn.c212.net c212.net pixel.mathtag.com cdn.cookielaw.org www.googletagmanager.com *.hotjar.com *.6sc.co *.6sense.com snap.licdn.com www.google-analytics.com pi.pardot.com cdnjs.cloudflare.com yoast.com accounts.google.com *.wistia.com beacon-v2.helpscout.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: rambus.wpenginepowered.com cdn-cookieyes.com googletagmanager.com *.6sc.co *.6sense.com px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.google.com www.facebook.com go.rambus.com secure.gravatar.com content.cdntwrk.com pixel.mathtag.com i.ytimg.com pbs.twimg.com wpengine.com *.wpengine.com ps.w.org yoa.st yoast.com storage.googleapis.com wp-rocket.me *.openstreetmap.org; frame-src 'self' www.facebook.com www.slideshare.net vars.hotjar.com player.vimeo.com go.rambus.com pixel.mathtag.com www.youtube.com app.essential-addons.com wp-rocket.me smartslider3.com; 2 frame-ancestors 'self' https://hotelnetsolutions.de 2 frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com; 2 frame-ancestors 'self' https://speak.com https://usespeak.com https://*.speak.com https://*.usespeak.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://tags.bkrtx.com https://stags.bluekai.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://programarcita.claro.com.sv/ https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://run.app https://*.twitter.com https://digitasgt.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.acuityplatform.com https://*.clarovideo.net https://*.claromusica.com https://i.ytimg.com https://*.seadform.net https://players.brightcove.net https://e.issuu.com https://*.claro.com.sv https://www.googleoptimize.com https://*.google.com https://cdnjs.cloudflare.com https://*.google.com.mx https://*.bing.com https://*.prod.clarodigital.net https://*.run.app https://*.google.com.gt https://*.claro.com.gt https://static.ads-twitter.com https://*.clarity.ms https://www.gstatic.com https://universalplus.com https://*.teads.tv https://*.tiktok.com https://*.googleadservices.com https://connect.facebook.net; media-src mediastream:; 2 frame-ancestors 'self'; report-to endpoint-1 2 default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.google.co.uk/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.g.doubleclick.net/ *.hotjar.io/ *.hotjar.com/ cdn.linkedin.oribi.io/ *.googlesyndication.com/ *.pardot.com/ *.optimizely.com/; frame-src calendly.com/ *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io *.doubleclick.net/ *.cdn.optimizely.com/ *.pardot.com/; style-src 'unsafe-inline' 'self' *.typekit.net/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.nextdoor.com/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.googletagmanager.com/ googleads.g.doubleclick.net/ cdn.pagesense.io/; child-src static.zohocdn.com/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.g.doubleclick.net/ smct.co/ *.optimizely.com/; 2 default-src 'self' data: blob: https: *.fls.doubleclick.net *.brightcove.com *.brightcove.net *.fmglobal.com local.fmglobal pbs.twimg.com *.googletagmanager.com http://manifest.prod.boltdns.net *.akamaihd.net;;font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com;;frame-ancestors 'self' ;media-src 'self' blob: *.fmglobal.com *.fm.com local.fmglobal;;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.brightcove.net *.fm.com local.fm *.bing.com cdn.datatables.net cdnjs.cloudflare.com connect.facebook.net js.adsrvr.org s.go-mpulse.net s7.addthis.com snap.licdn.com static.ads-twitter.com tag.demandbase.com www.google-analytics.com www.googletagmanager.com *.quantummetric.com z.moatads.com vjs.zencdn.net *.virtualearth.net www.googleadservices.com *.ceros.com *.cdn cdn.cookielaw.org;;style-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.bing.com cdn.datatables.net;; 2 frame-ancestors 'self' https://www.gayfucktube.xxx https://www.gayfucktubexxxindia.pro https://www.gayfucktubecnxxx.com 2 script-src 'self' 'report-sample' https://js.hsforms.net http://js.hsforms.net https://js.hs-scripts.com https://forms.hsforms.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://cdn.rudderlabs.com https://cdn.usefathom.com https://www.clarity.ms https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com 'sha256-M28mypAFwwpIwIF9e1/A6867PQiwVvOrdqFSTFSa8/U=' 'sha256-Tq4uREmlYInMCBRtudvmIOCc+VdyPNg3t18I9xtvdgs=' 'sha256-/mLWo7as1uoH7YxKP28RczpTaAJYtZFOdU0Okz4RWRo=' 'sha256-vHWNkFcRXsOiOWmmubySLtLeZ3xAubNJpC7UdmQgSQU=' 'sha256-FHfozmosNdt5yUG9l8OmVM1S/oTxw2TNWHPejSjEr58=' 'sha256-2VNfiq6Um2ua9MLfzend4JESqZeD1VSgkWvUrPvrlZE=' 'sha256-6Z9XwT1XsndpCDjoLgO3W3g2Dptc9WedO+nSCr9k3no='; object-src 'none'; base-uri 'self'; connect-src 'self' https://webhook.frontapp.com https://api.rebilly.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; form-action 'self' https://forms.hsforms.com https://webhook.frontapp.com; https:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; 2 child-src 'self'; connect-src 'self' https://*.googlesyndication.com https://*.hsforms.com https://*.hubspot.com https://api.hubspot.com https://api.leadinfo.com https://api.ldnfrpl.com https://cdn.linkedin.oribi.io https://collector.leadinfo.net https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://google.com https://www.google.com https://googleads.g.doubleclick.net https://in.hotjar.com https://li-replay.s3-accelerate.amazonaws.com https://metrics.hotjar.io https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com https://x.clarity.ms wss://ws.hotjar.com; default-src 'self'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://*.hs-sites.com https://app.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://player.vimeo.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.googletagmanager.com/ https://s.pointerpro.com; img-src 'self' data: https://*.ads.linkedin.com https://*.hsforms.com https://*.hubspot.com https://facebook.com https://www.facebook.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://static.hsappstatic.net/ https://track.hubspot.com https://www.google.com https://www.google.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://*.googlesyndication.com http://js.hs-scripts.com https://cdn.leadinfo.net https://cdn.ldnfrpl.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com/web-interactives-embed.js https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.clarity.ms https://www.facebook.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; 2 default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 2 base-uri 'self'; default-src 'self' 'unsafe-inline' *.mediresource.com www.medbroadcast.com medbroadcast.com www.santecheznous.com santecheznous.com www.google.com www.google.ca analytics.google.com fundingchoicesmessages.google.com *.googletagmanager.com tpc.googlesyndication.com pagead2.googlesyndication.com fonts.googleapis.com *.adtrafficquality.google www.gstatic.com fonts.gstatic.com csi.gstatic.com securepubads.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net code.jquery.com cdn.jsdelivr.net tag.contextweb.com unpkg.com cdnjs.cloudflare.com api.receptivity.io localhost:62543 wss://tm.filter:1502; object-src 'none'; upgrade-insecure-requests; form-action 'self'; frame-src googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com td.doubleclick.net *.adtrafficquality.google; frame-ancestors 'none' 2 connect-src 'self' *.googlesyndication.com *.adtrafficquality.google *.doubleclick.net widget.lex4web.app consentcdn.cookiebot.com analytics.pangle-ads.com www.google.com pagead2.googlesyndication.com analytics.tiktok.com https://euc-widget.freshworks.com https://realsociedad.freshdesk.com https://firebaseinstallations.googleapis.com *.doubleclick.net https://www.google-analytics.com https://open.http.mp.streamamg.com *.matterport.com *.schema.org *.streamamg.com https://cf.vod.mp.streamamg.com *.matterport.com http://www.aragontelevision.es *.twitch.tv *.cloudfront.net *.yourcommunify.com yourcommunify.com *.google-analytics.com *.analytics.google.com *.realsociedad.eus https://firebase.googleapis.com https://www.googleapis.com cloudflareinsights.com; default-src www.google.com *.doubleclick.net *.realsociedad.com *.realsociedad.eus blob: 'self'; style-src 'self' widget.lex4web.app https://euc-widget.freshworks.com 'unsafe-inline' *.doubleclick.net *.realsociedad.eus *.schema.org *.streamamg.com *.cloudfront.net *.googleapis.com; img-src 'self' *.googlesyndication.com *.adtrafficquality.google imgsct.cookiebot.com *.lex4web.app pagead2.googlesyndication.com https://euc-widget.freshworks.com *.schema.org *.realsociedad.eus *.streamamg.com http://placehold.it https://twitter.github.io https://stats.g.doubleclick.net https://www.google.com https://www.facebook.com/ https://www.google.es https://www.googletagmanager.com http://realsociedadcdnpre.barrabes.biz https://cdn.realsociedad.eus https://cdntienda.realsociedad.eus https://cdntienda.realsociedad.com http://twemoji.maxcdn.com https://pbs.twimg.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.cloudfront.net *.vimeo.com https://img.youtube.com *.genial.ly *.azureedge.net *.google-analytics.com https://cdn.realsociedad.com https://firebaseinstallations.googleapis.com data: *.doubleclick.net *.schema.org *.streamamg.com https://maps.googleapis.com https://open.http.mp.streamamg.com https://cdn.bleacherreport.net/ *.w55c.net *.gstatic.com; media-src 'self' *.schema.org *.streamamg.com https://cdn.realsociedad.eus https://tag.realsociedad.eus https://cdntienda.realsociedad.com https://cdntienda.realsociedad.eus http://twemoji.maxcdn.com https://pbs.twimg.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.vimeo.com *.genial.ly https://img.youtube.com *.matterport.com http://www.aragontelevision.es *.twimg.com; font-src 'self' *.doubleclick.net *.schema.org *.streamamg.com https://open.http.mp.streamamg.com *.gstatic.com; script-src 'self' *.doubleclick.net *.adtrafficquality.google widget.lex4web.app consent.cookiebot.com consentcdn.cookiebot.com analytics.tiktok.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com https://www.google.com https://euc-widget.freshworks.com https://entradium.com/ *.googlesyndication.com 'unsafe-inline' https://*.vimeocdn.com/ https://stats.mp.streamamg.com http://open.http.mp.streamamg.com https://www.realsociedad.com https://www.realsociedad.eus https://mkt.realsociedad.eus https://www.googletagmanager.com http://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.vimeo.com *.genial.ly https://www.youtube.com *.twitch.tv https://connect.facebook.net *.ytimg.com *.cloudfront.net *.w55c.net *.hspvst.com *.yourcommunify.com yourcommunify.com https://maps.googleapis.com https://www.gstatic.com https://apis.google.com ajax.cloudflare.com static.cloudflareinsights.com; object-src https://www.realsociedad.eus https://fundazioa.realsociedad.eus; frame-src *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google consentcdn.cookiebot.com https://www.googletagmanager.com tpc.googlesyndication.com securepubads.g.doubleclick.net *.realsociedad.com https://www.google.com *.realsociedad.eus https://entradium.com/ https://kuula.co/ *.cloudfront.net outlook.office365.com *.yourcommunify.com yourcommunify.com *.vimeo.com *.genial.ly http://www.youtube.com https://www.youtube.com https://youtu.be https://connect.facebook.net https://www.facebook.com https://open.http.mp.streamamg.com/ https://www.eitb.eus *.matterport.com https://www.aragontelevision.es http://www.aragontelevision.es *.twitch.tv *.powerbi.com *.flipsnack.com https://realzale-pro.firebaseapp.com https://firebaseinstallations.googleapis.com https://gameside.playeron.es https://mycrocast-webplayer.s3.eu-central-1.amazonaws.com https://forms.office.com https://view.genially.com; 2 frame-ancestors 'self' mopinion.com app.mopinion.com 2 script-src 'self' 'unsafe-inline' blob: *.sentry-cdn.com consent.cookiebot.com *.cloudflare.com *.cloudflareinsights.com consentcdn.cookiebot.com sentry.io js.sentry-cdn.com www.sentry.io www.google.com www.gstatic.com www.googletagmanager.com www.youtube.com *.googleapis.com *.googletagmanager.com cdn-cookieyes.com ; style-src 'unsafe-inline' https://baltichub.com www.google.com www.gstatic.com *.google-analytics.com *.cloudflare.com *.googleapis.com *.googletagmanager.com cdn-cookieyes.com ; frame-src 'unsafe-inline' consentcdn.cookiebot.com www.google.com google.com recaptcha.google.com www.youtube.com *.googleapis.com *.googletagmanager.com cdn-cookieyes.com; report-to https://o399291.ingest.sentry.io/api/4506393645809664/security/?sentry_key=4257efa34b4f93aed0eb561f4d551fa0 2 object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2 require-trusted-types-for 'script';report-uri /_/MeetingsUi/cspreport 2 default-src 'self' 'unsafe-inline' https://*.enahost.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrap.com https://*.fontawesome.com https://code.jquery.com; object-src 'none'; frame-ancestors 'self'; 2 frame-ancestors 'self' t.co twitter.com; block-all-mixed-content; script-src 'self' 'sha256-8aUfZ6OfkbCvDlwL3X6v8O9A1hr/8YqzQCWm+QOkViQ=' 'sha256-FZnoKeHcfXkrkiuKx3GZh0WU3kO/th0WOkS7pr0ItWU=' 'sha256-LCTxXkd3guWgmVlqVe2udJCJ+Rym798wMUvLlv6365Q=' 'sha256-h9drxXDJnKxzozUKKGq2WFRPSK3Tsxgj7pCkKr0diRE=' 'sha256-vPUfbaHq9rZbd/RaSkAV1CXDxte8tJqZMhEcbyaeZKk=' 'sha256-wOoB7PackRG1ZntccQg3MFGznphhf4p4QCrF+jZVjGo=' 'sha256-d/d3L2uVri+tpvEWC1iR9dH/WT1Ec2yIwbIhpocYxxo=' 'sha256-WLg7p6AInstQdLsXMhbpWmn6B0j3OnLaNEc3s9sZk7w=' 'sha256-2wH0B0yJ4ArnRr/aWfcn2UuA7ACS1qCMp8txWrGljsw=' 'sha256-vI/vbRhxmjoU0jkdu63unk/rGDDg0oPeI5fm3YtsENs=' 'sha256-d/d3L2uVri+tpvEWC1iR9dH/WT1Ec2yIwbIhpocYxxo=' 'sha256-WLg7p6AInstQdLsXMhbpWmn6B0j3OnLaNEc3s9sZk7w=' 'sha256-2wH0B0yJ4ArnRr/aWfcn2UuA7ACS1qCMp8txWrGljsw=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.moatads.com https://ajax.googleapis.com https://analytics.twitter.com https://browser-update.org https://cdn.syndication.twimg.com https://en.twitter.com https://google-analytics.com https://googletagmanager.com https://kit.fontawesome.com https://m.addthis.com https://m.youtube.com https://platform.twitter.com https://s7.addthis.com https://static.ads-twitter.com https://ssl.google-analytics.com https://tagmanager.google.com https://t.co https://use.fontawesome.com https://v1.addthisedge.com https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://api-public.addthis.com https://*.azureedge.net https://public.flourish.studio https://play.libsyn.com https://www.bugherd.com https://flo.uri.sh https://*.svc.dynamics.com https://nefeorg.bamboohr.com https://www.youtube.com https://embed-cdn.gettyimages.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://gdpr-api.sharethis.com https://public.tableau.com https://my.visme.co https://www.bugherd.com https://sidebar.bugherd.com https://whova.com https://d1keuthy5s86c8.cloudfront.net https://www.google.com https://www.gstatic.com https://*.taggbox.com https://*.tagbox.com https://static-bundles.visme.co; style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com ajax.googleapis.com fonts.googleapis.com platform.twitter.com tagmanager.google.com ton.twimg.com www.googletagmanager.com *.taggbox.com *.tagbox.com; object-src 'none'; child-src 'self' platform.twitter.com *.svc.dynamics.com flo.uri.sh public.flourish.studio play.libsyn.com s7.addthis.com www.googletagmanager.com www.youtube.com *.gettyimages.com gdpr-api.sharethis.com; base-uri 'self' *.moatads.com; form-action 'self' *.twitter.com; worker-src 'self'; frame-src 'self' public.tableau.com *.youtube.com flo.uri.sh play.libsyn.com *.svc.dynamics.com *.azureedge.net embed.gettyimages.com my.visme.co sidebar.bugherd.com whova.com player.captivate.fm www.google.com td.doubleclick.net *.taggbox.com *.tagbox.com *.issuu.com app.powerbi.com; 2 frame-ancestors 'self' https://*.trendmicro.com https://*.trendmicro.net; 2 script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.g2crowd.com *.cookielaw.org *.vimeocdn.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.googletagmanager.com api.hubapi.com *.hsappstatic.net *.jsdelivr.net *.typeform.com *.fontawesome.com *.licdn.com *.google-analytics.com *.facebook.com *.facebook.net googleads.g.doubleclick.net *.usemessages.com ws.zoominfo.com bat.bing.com *.hotjar.com *.gstatic.com *.google.com *.hsforms.net *.6sc.co *.eventbrite.com *.onetrust.com *.xtm.cloud *.demoboost.com *.pendo.io *.hubspot.com *.apollo.io *.api.irisagent.com *.convertexperiments.com player.vimeo.com plugin.sopro.io cdn.taboola.com trc.taboola.com a.quora.com tracking-api.g2.com www.clarity.ms yoast.com www.clickcease.com www.youtube.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://www.googleadservices.com https://*.g.doubleclick.net https://*.extellio.com https://*.analytics.google.com https://google.com https://*.google.com https://cdn.cookielaw.org https://maps.googleapis.com https://*.e-space.se https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://*.googlesyndication.com https://privacyportal-de.onetrust.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io https://*.facebook.net https://snap.licdn.com https://*.omappapi.com https://px.ads.linkedin.com https://pi.pardot.com https://www.recaptcha.net https://*.gstatic.com https://*.fossanalytics.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fossanalytics.com https://apps.sitecore.net https://*.googleadservices.com https://*.g.doubleclick.net https://cdn.cookielaw.org https://maps.googleapis.com https://script.e-space.se https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://snap.licdn.com https://*.extellio.com https://*.omappapi.com https://*.recaptcha.net https://*.gstatic.com https://*.googlesyndication.com https://www.google.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://*.omappapi.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; child-src 'self' 'unsafe-inline' https://*.fossanalytics.com https://www.youtube.com https://www.recaptcha.net https://www.facebook.com https://player.youku.com https://*.doubleclick.net https://*.googletagmanager.com https://www.podbean.com; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors http://www.teleb.ch https://www.teleb.ch http://www.karoag.ch https://www.karoag.ch http://www.qline.swiss https://www.qline.swiss http://lkwg.ch https://lkwg.ch http://gbm-muri.ch https://gbm-muri.ch https://www.lkwg.ch http://relaunch.ga-weissenstein.ch http://www.ga-weissenstein.ch http://ga-weissenstein.ch http://www.cubera.ch http://www.gbm-muri.ch https://lkw004.dev.cubera.ch http://renet-ag.ch https://renet-ag.ch https://www.yetnet.swiss https://www.ziknet.ch http://www.ziknet.ch https://www.kfn-ag.ch http://www.kfn-ag.ch https://www.valaiscom.ch http://www.valaiscom.ch https://ggs.ch http://ggs.ch https://intergga-ag.ch http://intergga-ag.ch https://www.intergga-ag.ch http://www.intergga-ag.ch https://intergga.ch http://intergga.ch https://www.intergga.ch http://www.intergga.ch https://www.flimselectric.ch http://www.flimselectric.ch http://qline.swiss https://qline.swiss http://www.ewaarberg.ch https://www.ewaarberg.ch https://www.renet-ag.ch https://energie-belp.ch https://esag-lyss.ch http://ewaarberg.ch https://www.ews-energie.ch https://www.flimselectric.ch https://ewk.ch https://www.gagnet.ch https://www.ga-weissenstein.ch https://www.gbm-telecom.ch https://natuerlich-luthertal.ch https://ggs.ch https://kfn-ag.ch https://www.lkwg.ch https://www.localnet.ch https://qline.swiss https://www.renet-ag.ch https://www.valaiscom.ch https://willisau.ch https://www.wwz.ch https://www.yetnet.swiss https://www.ziknet.ch https://www.feracom.ch https://stage.quickline.ch https://dev.quickline.ch https://natuerlich-luthertal.ch https://gfa.testkopie.ch https://glasfaser-fuer-alle.ch https://natuerlich-luthertal.ch/ https://quickline.energie-belp.ch/ https://www.yetnet-seon.ch/ https://yetnet-seon.ch/ https://www.yeru.ch/ https://yeru.ch/ http://www.agh-unzenschwil.ch/ http://agh-unzenschwil.ch/ https://www.ags-schafisheim.ch/ https://ags-schafisheim.ch/ https://fg-dulliken.ch/ https://www.fg-dulliken.ch/ https://www.yetnet-gipf-oberfrick.ch/ https://yetnet-gipf-oberfrick.ch/ https://www.kabelnetz-schoenenwerd.ch/ https://kabelnetz-schoenenwerd.ch/ http://localhost:2937/ https://order-office.quickline.ch https://order-office.quickline.ch/ https://ql.bytesatwork.de https://ql.bytesatwork.de/ https://quickline.ch/ https://www.dev.ga-buchsi.ch/ https://dev.ga-buchsi.ch/ https://www.ga-buchsi.ch/ https://ga-buchsi.ch/ https://ewaarberg.visions.page/ https://ewn.testkopie.dev/ https://kfn.testkopie.dev/ https://stage.qline.swiss/ http://www.esag-lyss.ch https://www.esag-lyss.ch http://esag-lyss.ch https://esag-lyss.ch http://www.evolon.ch https://www.evolon.ch http://evolon.ch https://evolon.ch 2 upgrade-insecure-requests; frame-ancestors 'self' *.empro.com.br *.riopreto.sp.gov.br; 2 img-src https: cdn.galxe.com/galaxy/obolnetwork *.obol.tech *.obol.org *.ethpandaops.io 'self' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org blob: *.rpgf.obol.org data:; font-src *; connect-src https: *.ethpandaops.io obol.tech obol.org *.obol.tech *.obol.org api.splits.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org holesky.beaconcha.in mainnet.beaconcha.in gnosis.beaconcha.in sepolia.beaconcha.in *.cloudflareinsights.com *.cloudflare-eth.com 'self' api.thegraph.com api.studio.thegraph.com *.publicnode.com wss://relay.walletconnect.org wss://relay.walletconnect.com *.ethpandaops.io; media-src https: *.obol.tech *.obol.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org 'self'; object-src https: *.obol.tech *.obol.org 'self'; child-src https: *.obol.tech *.obol.org 'self'; frame-src https: *.obol.tech *.obol.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org 'self'; worker-src https: *.obol.tech *.obol.org 'self' blob:; frame-ancestors https: *.obol.tech *.obol.org 'self'; form-action https: *.obol.tech *.obol.org; base-uri https: *.obol.tech *.obol.org; script-src https: *.obol.tech *.obol.org 'self' 'unsafe-inline' 'unsafe-eval' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org; style-src https: *.obol.tech *.obol.org 'self' 'unsafe-inline' 'unsafe-eval' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hackerone.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com *.moatads.com *.qualtrics.com *.createjs.com *.ceros.com *.mobular.com js.hsforms.net; style-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.twitter.com *.datatables.net *.twimg.com *.mobular.com *.googleapis.com; img-src 'self' *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com *.adsymptotic.com *.qualtrics.com *.mobular.com; media-src 'self' blob: *.boltdns.net *.akamaihd.net; font-src 'self' data: *.zencdn.net fonts.gstatic.com; object-src 'self'; connect-src 'self' *.cookielaw.org *.onetrust.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.qualtrics.com *.mobular.com *.mobular.net cdn.linkedin.oribi.io fonts.googleapis.com; frame-src 'self' hackerone.com *.twitter.com *.google.com *.addthis.com *.brightcove.net *.issuu.com *.qualtrics.com *.pardot.com *.ceros.com *.captivate.fm embed.mobular.com; 2 img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com https://*.creativecdn.com https://*.rokt.com https://*.mypurecloud.com.au; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://flowise-dev.dse.fctg.global https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com https://*.usabilla.com https://*.creativecdn.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; report-uri /api/csp_report 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.clientpay.com/scripts/embed.js http://us2.siteimprove.com/js/siteanalyze_17084.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline' https://cloud.typography.com/ https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com/ https://player.vimeo.com/ https://app.clientpay.com/ https://www.youtube-nocookie.com; img-src 'self' data: https://17084.global.siteimproveanalytics.io https://www.google-analytics.com https://i.vimeocdn.com/ https://i.ytimg.com/; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; worker-src * 'self' blob: 2 default-src 'self' *.nrw.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; font-src data: *; img-src data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; worker-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; object-src 'self'; connect-src 'self' *.nrw.de svc.webspellchecker.net; media-src *; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.voya.com https://mybetterworld.es https://*.mybetterworld.es; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; base-uri 'none'; 2 font-src 'self' prd-cdn.abrdn.com https://*.evergage.com https://*.salesforce.com data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com *.qumucloud.com *.abrdn.com *.aberdeenplc.com *.aberdeeninvestments.com *.aberdeenadviser.com *.aberdeenpersonal.com https://*.evergage.com https://*.salesforce.com; frame-ancestors 'self' *.abrdn.com *.aberdeenplc.com *.aberdeeninvestments.com *.aberdeenadviser.com *.aberdeenpersonal.com *.qumucloud.com https://www.asia-focus.co.uk https://www.asian-income.co.uk https://www.abrdnchina.co.uk https://www.abrdndiversified.co.uk https://www.abrdnequityincome.com https://www.eurologisticsincome.co.uk https://www.abrdnjapan.co.uk https://www.latamincome.co.uk https://www.newdawn-trust.co.uk https://www.abrdnnewindia.co.uk https://www.abrdnpeot.co.uk https://www.abrdnpit.co.uk https://www.abrdnsmallercompaniesincome.co.uk https://www.abrdnuksmallercompaniesgrowthtrust.co.uk https://www.asiadragontrust.co.uk https://www.ceibalimited.co.uk https://www.dunedinincomegrowth.co.uk https://www.murray-income.co.uk https://www.murray-intl.co.uk https://www.shiresincome.co.uk https://www.northamericanincome.co.uk https://www.ukcpreit.com https://www.invtrusts.co.uk https://dqm.crownpeak.com https://*.evergage.com https://*.salesforce.com; upgrade-insecure-requests; 2 frame-ancestors 'self' *.e-spirit.hosting; base-uri 'self' 2 default-src 'self';report-uri https://sentry.ladderlife.com/api/5/security/?sentry_key=256f94429c2e43ef8fadcb036d4c7e92;manifest-src https://ddw3p1oh0ex89.cloudfront.net;script-src https://*.adroll.com https://*.facebook.net https://sdk.twilio.com https://cdn.humanapi.co/ https://ekr.zendesk.com 'sha256-c7M5EaJ4WdOCgAf4VR5PNAIx8Tfot/Q3Nsu8lkLFXlU=' https://static.zdassets.com https://cdn.jsdelivr.net/fingerprintjs2/1.5.1/fingerprint2.min.js 'sha256-28pWGDRYnND+KcXkQSsC8a7TlpIi4HPpfQ4OvqTUNY8=' https://*.zopim.com 'sha256-ZKu42s6NuuaVSSaKshRcJFOs1ctAeLMINp2+/JEaBWM=' https://*.linkedin.com/ https://ddw3p1oh0ex89.cloudfront.net https://*.adnxs.com/ https://www.googletagmanager.com https://*.twitter.com https://app.getsentry.com https://*.g.doubleclick.net https://maps.googleapis.com https://*.plaid.com wss://ladderlife.zendesk.com https://cdn.pbbl.co https://*.googlesyndication.com https://ads.nextdoor.com/public/pixel/ndp.js https://collector-9169.us.tvsquared.com/tv2track.js 'sha256-+9xfK56z1o8LjCn+r6aZvibnWQ4slrvpI04piONRQ5U=' 'sha256-I4sssOimP4aqQ3guQTL1/GuKKN/qcNxjkHE09MYMLQA=' https://www.google-analytics.com/analytics.js https://*.bizographics.com/ https://*.newrelic.com https://ekr.zdassets.com https://bam.nr-data.net https://www.google.com https://qp.delty.io/q1/HdwFxDxD.js https://zendesk-eu.my.sentry.io https://cdn.cookielaw.org/scripttemplates/ wss://api.smooch.io 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' 'sha256-EhImtpQrxfrzkUueM3popkaGrI5KZmBuHLwfmTZTphA=' https://*.bing.com 'sha256-lpUhVVDo2EzRH5vTU08BulB+rpSke0YpGJ6ZmllJNys=' https://api.smooch.io https://qp.delty.io/q1/t/client.min.js https://media.smooch.io https://static.ads-twitter.com/uwt.js https://*.licdn.com/ 'sha256-a9K368kgMI7sk9t0Bk3PLOztxYxCDfIYzxgb6aA1dEg=' https://ladderlife.zendesk.com wss://voice-js.roaming.twilio.com 'sha256-LROnOwSP0gZe2prEj+944RV8WJ3wSYUdpLr1amrGxFE=' https://*.googleadservices.com https://*.stripe.com;child-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;frame-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';media-src https://static.zdassets.com https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net;img-src https://static.zdassets.com https://ddw3p1oh0ex89.cloudfront.net https: data: blob: https://accounts.zendesk.com https://*.zdusercontent.com https://media.smooch.io https://ladderlife.zendesk.com 'self';font-src https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net data: https://fonts.gstatic.com;connect-src https://www.google-analytics.com/ https://ekr.zendesk.com https://adservice.google.com https://eng.trkcnv.com/postBack https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net https://api.segment.io https://*.twitter.com https://maps.googleapis.com https://*.google.com https://www.facebook.com wss://ladderlife.zendesk.com https://stats.g.doubleclick.net/ https://*.googlesyndication.com https://ekr.zdassets.com https://cdn.cookielaw.org/ https://bam.nr-data.net https://www.google.com https://geolocation.onetrust.com/ wss://api.smooch.io https://*.bing.com https://stripe.com https://api.smooch.io https://sentry.ladderlife.com wss://*.zopim.com https://ladderlife.zendesk.com https://fonts.googleapis.com https://out.stashinvest.com/event https://*.stripe.com 'self' https://privacyportal.onetrust.com/;frame-ancestors https://banking.radiusbank.com/ https://*.lendingclub.com/; 2 default-src 'self' *.synthetix.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.licdn.com *.52enterprisingdetails.com https://platform.twitter.com *.synthetix.com *.synthetix.com *.googletagmanager.com *.googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net *.youtube.com *.google.com;style-src 'self' *.googleapis.com *.synthetix.com *.cloudfront.net *.googletagmanager.com 'unsafe-inline';connect-src 'self' *.facebook.com *.bing.com *.getaddress.io *.doubleclick.net *.linkedin.com *.clarity.ms *.google.com *.hotjar.io *.hotjar.com *.google-analytics.com *.synthetix.com *.fullstory.com *.amazonaws.com wss://ws.hotjar.com/api/v2/client/ws;font-src 'self' *.gstatic.com *.hotjar.io *.hotjar.com;img-src 'self' data: https: syn-document-manager.s3.amazonaws.com *.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;object-src 'none';frame-ancestors 'self' self;frame-src 'self' *.sfmc-content.com *.googletagmanager.com *.office.com *.youtube.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk https://wjec-cbac.leadfamly.com *.issuu.com;base-uri 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org https://*.ten.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com https://sdk.companywebcast.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com; report-uri /report-csp-violation 2 frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; 2 default-src 'self'; font-src 'self' data:; img-src 'self' data:; 2 object-src 'self';frame-ancestors 'self'; 2 default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.blanc.ru wss://*.vestabankdev.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://*.facct.ru https://*.facct.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com https://px.adhigh.net/; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 2 default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi 'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2 frame-ancestors 'self' https://students.elearner.net.au https://vastosoft.com https://elearner.net.au; 2 default-src 'self' https://storage.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://script.tapfiliate.com https://superal.github.io https://app.termly.io https://www.google.com https://cdn.plot.ly https://maps.googleapis.com https://storage.googleapis.com https://static.cloudflareinsights.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://storage.googleapis.com https://cdn.jsdelivr.net;img-src 'self' data: https://bitcoin.org https://i.ytimg.com https://storage.googleapis.com https://cdn.jsdelivr.net https://flagcdn.com;font-src 'self' https://storage.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://www.google.com https://storage.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://*.bitcoinmagazinepro.com wss://*.bitcoinmagazinepro.com ws://*.bitcoinmagazinepro.com https://region1.google-analytics.com https://tapi.tapfiliate.com https://www.gstatic.com https://recaptcha.google.com;frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://app.termly.io;frame-ancestors 'self' https://*.bitcoinmagazinepro.com https://*.bitcoinmagazine.com https://bitcoinmagazine.com https://www.theblockchain-group.com https://bmpackagedev.wpengine.com/ https://*.upstream.so https://upstream.so http://stream.upstream.so/ https://stream.upstream.so/ http://bitcoin-for-corporations.webflow.io/ http://corporations.b.tc/ https://b.tc; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' nasdaqbaltic.com *.nasdaqbaltic.com *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net virtualearth.net *.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com *.virtualearth.net virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 2 default-src 'self'; style-src 'self'; script-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; 2 child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net https://*.plausible.io; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.co.uk https://googleads.g.doubleclick.net https://googletagmanager.com https://www.google-analytics.com https://www.google.com https://google.com https://*.google.com https://*.hotjar.com https://images.prismic.io https://*.internal.prismic.io/* https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://red-sift.cdn.prismic.io https://images.prismic.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.redsift.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://*.internal.prismic.io/* https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://plausible.io/js/script.js https://js.driftt.com https://widget.drift.com https://js.sentry-cdn.com https://challenges.cloudflare.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://cdn.jsdelivr.com https://cdn.jsdelivr.net; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://*.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://www.youtube.com https://www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://widget.drift.com https://challenges.cloudflare.com https://hemsync.clickagy.com; connect-src https://radar-lite.redsift.cloud 'self' https://*.redsift.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://*.google.com https://*.google.de https://*.google.no https://*.google.ca https://*.google.ch https://*.google.es https://*.google.it https://*.google.co.uk https://*.google.co.nz https://*.google.co.au https://*.google.nl https://*.google.fr https://*.google.be https://*.google.se https://*.google.pt https://images.prismic.io https://red-sift.cdn.prismic.io https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://*.internal.prismic.io/* https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://hook.integromat.com/ https://api-eu.customer.io/v1/webhook/40a4a49d472519b0 https://webto.salesforce.com https://api.github.com/repos/redsift/red-sift-website/dispatches https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://ipforensics-svc.redsift.io/graphql https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.6sc.co/ https://c.6sc.co/ https://ipv6.6sc.co/ https://*.6sense.com/ https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://secure.adnxs.com/getuidj https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://plausible.io/api/event https://api.ipify.org wss://presence.api.drift.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://data.hockeystack.com https://browser-intake-datadoghq.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.redsift.com https://app.drift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 2 frame-ancestors 'self' *.wpenginepowered.com *.wpengine.com https://cid.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: blob:; img-src 'self' https: data:; frame-ancestors 'self' 2 default-src: self'; 2 frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.cookiebot.com https://*.artis.nl https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.hotjar.com https://analytics.tiktok.com https://snap.licdn.com https://www.youtube.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.artis.nl https://*.typekit.net; img-src 'self' data: https://dashboard.umbraco.com https://*.doubleclick.net https://*.cookiebot.com https://*.hotjar.com https://px.ads.linkedin.com https://www.facebook.com https://www.googletagmanager.com https://www.googleadservices.com https://*.google.com https://*.google.de https://i.ytimg.com https://i.vimeocdn.com https://*.mapbox.com; font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://use.typekit.net https://use.typekit.com; connect-src 'self' https://*.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com https://www.gstatic.com https://*.facebook.net https://*.hotjar.com https://analytics.tiktok.com https://px.ads.linkedin.com https://snap.licdn.com https://player.vimeo.com https://api.typekit.net https://vimeo.com https://*.mapbox.com https://*.googlesyndication.com https://*.facebook.com; frame-src 'self' https://*.cookiebot.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://*.vimeo.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; form-action 'self' *.adyen.com *.adyen.link *.ideal.nl https://www.facebook.com; frame-ancestors 'self'; worker-src 'self' blob: 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com https://player.vimeo.com/api/player.js platform.linkedin.com https://www.linkedin.com cdn.linkedin.oribi.io https://px.ads.linkedin.com/ *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ analytics.google.com www.google-analytics.com ajax.googleapis.com *.bc0a.com *.b0e8.com cmp.osano.com static.addtoany.com https://www.googletagmanager.com snap.licdn.com boards.greenhouse.io js.driftt.com scout-cdn.salesloft.com *.osano.com https://td.doubleclick.net https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.guidepoint.com guidepoint.com https://fonts.googleapis.com platform.twitter.com maxcdn.bootstrapcdn.com fast.fonts.net *.osano.com; img-src * 'self' www.googletagmanager.com; font-src * 'self' data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com www.guidepoint.com *.guidepoint.com; connect-src 'self' https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io ixfd1-api.bc0a.com analytics.google.com *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google-analytics.com stats.g.doubleclick.net boards-api.greenhouse.io guidepoint.com consent.api.osano.com tattle.api.osano.com scout.salesloft.com https://*.googleapis.com *.google.com https://*.gstatic.com *.osano.com; media-src * 'self'; frame-src 'self' https://td.doubleclick.net/ https://snazzymaps.com platform.twitter.com boards.greenhouse.io cmp.osano.com is.driftt.com js.driftt.com youtube.com youtu.be www.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.google.com https://www.linkedin.com *.osano.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; worker-src 'self' *.osano.com blob:; frame-ancestors www.youtube.com youtube.com youtu.be 2 base-uri 'self'; connect-src 'self' https: wss:; default-src 'none'; media-src 'self' https://banners.wesendit.com; img-src 'self' https://*.gleap.io https: data: blob:; font-src 'self' data: https://fonts.gstatic.com https://widget.crowdswap.org; form-action 'self'; frame-src 'self' https://*.gleap.io https://player.vimeo.com https://td.doubleclick.net https://*.sandbox.dat https://*.datatrans.com https://*.paypal.com https://*.cloudflare.com https://*.payrexx.com https://hooks.stripe.com https://verify.walletconnect.com https://*.googletagmanager.com https://banners.wesendit.com; frame-ancestors 'self' https://banners.wesendit.com; manifest-src 'self'; object-src 'none'; script-src 'self' https://*.gleap.io https://*.googletagmanager.com https://*.google-analytics.com https://*.trstplse.com https://*.googleapis.com https://*.doubleclick.net https://*.datatrans.com https://*.paypal.com https://*.gstatic.com https://*.crowdswap.org https://*.cloudflare.com https://*.payrexx.com https://*.hotjar.com https://*.facebook.net https://*.clarity.ms https://*.facebook.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 2 frame-ancestors 'self' https://my.cermo360.de https://my.matterport.com; 2 frame-ancestors 'self' *.comune.milano.it 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: data: ms-word: ms-powerpoint: ms-excel: ms-visio: ms-access: ms-project: ms-publisher: ms-infopath: vnd.libreoffice.command: 2 default-src 'self'; font-src 'self' cdn.taxsee.com fonts.gstatic.com https://*.gstatic.com data: fonts.gstatic.com *.imgsmail.ru *.mail.ru *.mradx.net cdn.taxsee.ru; frame-src 'self' https://*.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.youtube.com www.google.com mediacdn.mediaad.org *.yektanet.com *.fls.doubleclick.net www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com challenges.cloudflare.com sgtm.taxseepro.com sgtm.taxsee.pro; img-src 'self' data: cdn.taxsee.com *.gstatic.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md data: www.google.com www.google.ru www.google.kz log.adtimaserver.vn analytics.pangle-ads.com *.imgsmail.ru *.mail.ru mail.ru trustseal.enamad.ir t.co analytics.twitter.com; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://top-fwz1.mail.ru https://analytics.tiktok.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://*.youtube.com 'unsafe-eval' *.yektanet.com *.mediaad.org unpkg.com www.gstatic.com *.yandex.net *.google.ru *.google.kz *.g.doubleclick.net gstatic.com s.zzcdn.me www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com *.ads-twitter.com challenges.cloudflare.com; media-src 'self' https://*.youtube.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://top-fwz1.mail.ru https://analytics.tiktok.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md www.google.com https://*.doubleclick.net *.yektanet.com api.mediaad.org ma-cdn.pegah.tech log.adtimaserver.vn analytics.pangle-ads.com *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com sgtm.taxseepro.com sgtm.taxsee.pro; form-action 'self'; manifest-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.taxsee.com fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com unpkg.com *.imgsmail.ru *.mail.ru *.mradx.net; worker-src 'self'; frame-ancestors DENY; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self'; frame-src 'self' katadyngroup.com *.katadyngroup.com katadyngroup.ladesk.com *.google.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.ladesk.com; 2 frame-ancestors 'self' https://desa.cencopay.ar; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com https://nordfx.com https://nuode.me https://nuode.info/, object-src 'self' 2 frame-ancestors https://modelcentro.com/ 2 2 2 frame-ancestors https://*.kaiserpermanente.org; frame-src 'none' 2 connect-src *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' * blob:; frame-src 'self' https://forms.hsforms.com/ https://job-boards.greenhouse.io/ https://irhythm2024rd.q4web.com/ https://privacyportal-na01.onetrust.com/ https://www.googletagmanager.com/ *.my.site.com *.salesforce-sites.com *.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.vimeo.com *.youtube.com; frame-ancestors *.irhythmtech.com; default-src https://job-boards.greenhouse.io/ *.googlesyndication.com *.my.site.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.google.com *.googletagmanager.com *.adobeaemcloud.com *.irhythmtech.com *.salesforce-sites.com *.hsforms.com https://forms-eu1.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com *.zoominfo.com *.hsforms.net *.zi-scripts.com 'unsafe-inline' data:; script-src 'self' *.cqc.org.uk *.vimeo.com *.youtube.com https://cdn.cookielaw.org/ *.zoominfo.com *.adobeaemcloud.com assets.adobedtm.com *.googletagmanager.com *.hsforms.net *.zi-scripts.com *.irhythmtech.com 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://i.vimeocdn.com/ https://help-corp.myzio.com/ https://help.myzio.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com *.hsforms.net *.hsforms.com *.adobeaemcloud.com *.irhythmtech.com *.day.com data:; 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: https://cdnjs.cloudflare.com; connect-src *; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.cloudflare.com *.cookiepro.com *.addtoany.com unpkg.com *.licdn.com; img-src 'self' data: https: *.google-analytics.com *.googletagmanager.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com; base-uri 'self'; frame-ancestors https://*.avoltaworld.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https: https://static.addtoany.com; 2 font-src *.agrialpro.fr *.lamaison.fr fonts.gstatic.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors dynamic.criteo.com api.oney.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com gum.criteo.com youtu.be facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.agrialpro.fr *.lamaison.fr maps.gstatic.com maps.google.com maps.googleapis.com cl.avis-verifies.com www.google.fr www.facebook.com *.dmxleo.com *.bidswitch.net *.adform.net *.casalemedia.com *.criteo.com sync.1rx.io sync.targeting.unrulymedia.com *.id5-sync.com id5-sync.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.yieldmo.com *.yieldlab.net *.emxdgt.com *.doubleclick.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.net *.3lift.com *.omnitagjs.com *.360yield.com *.sharethrough.com *.tremorhub.com *.krxd.net *.join-stories.com ade.googlesyndication.com *.hsforms.net *.hsforms.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.google.com maps.googleapis.com *.agrialpro.fr *.lamaison.fr cdn.jsdelivr.net cl.avis-verifies.com connect.facebook.net js-agent.newrelic.com *.criteo.com bam.nr-data.net *.join-stories.com cdn.webotit.ai secure.adnxs.com *.hsforms.net *.hsforms.com s7.addthis.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.8/pwacompat.min.js https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agrialpro.fr *.lamaison.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.join-stories.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agrialpro.fr *.lamaison.fr stats.g.doubleclick.net bam.nr-data.net *.criteo.com maps.googleapis.com *.stories.studio t.elasticsuite.io *.hsforms.net *.hsforms.com ekr.zdassets.com/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://adservice.google.com https://ajax.googleapis.com https://analytics.google.com https://apis.google.com https://assets.calendly.com https://bt.fraud0.com https://cdn.jsdelivr.net https://cdn.podigee.com https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://hm.baidu.com https://js.braintreegateway.com https://maps.googleapis.com https://omicron.matomo.cloud https://player.podigee-cdn.net https://px.ads.linkedin.com https://script.hotjar.com https://script.hotjar.com/modules.e3a39d3073324bf160dc.js https://snap.licdn.com https://static.hotjar.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://player.podigee-cdn.net ; object-src 'none' ; connect-src 'self' data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.linkedin.com https://adservice.google.com https://analytics.google.com https://api.fraud0.com https://api.sandbox.braintreegateway.com https://bt.fraud0.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://content.hotjar.io https://cpqshowroom.omicronenergy.com https://cpqshowroom-staging.omicronenergy.com https://cpqshowroom-test.omicronenergy.com https://img.youtube.com https://maps.googleapis.com https://metrics.hotjar.io https://omicron.matomo.cloud https://origin-analytics-sand.sandbox.braintree-api.com https://pagead2.googlesyndication.com https://play.google.com https://player.podigee-cdn.net https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://stats.g.doubleclick.net/g/collect https://vc.hotjar.io https://www.googleadservices.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.googletagmanager.com https://www.youtube.com wss://ws.hotjar.com ; font-src 'self' data: https://fonts.gstatic.com https://player.podigee-cdn.net https://staging-www.omicronenergy.com https://www.omicronenergy.com ; frame-ancestors 'self' https://www.omicroncybersecurity.com https://staging-www.omicroncybersecurity.com https://www.omicroncybersecurity.com.docker ; frame-src 'self' https://*.doubleclick.net https://assets.braintreegateway.com https://calendly.com https://cdn.podigee.com https://consentcdn.cookiebot.com https://data.omicronenergy.com https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://my.omicronenergy.com https://player.bilibili.com https://player.podigee-cdn.net https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.omicronenergy.com https://www.omicronenergy.com.cn https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' data: https: https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://adservice.google.com https://analytics.google.com https://api.fraud0.com https://bt.fraud0.com https://csi.gstatic.com https://cpqshowroom.omicronenergy.com https://cpqshowroom-staging.omicronenergy.com https://cpqshowroom-test.omicronenergy.com https://fonts.gstatic.com https://hm.baidu.com https://i.ytimg.com https://img.youtube.com https://images.podigee-cdn.net https://imgsct.cookiebot.com https://lh3.ggpht.com https://main.podigee-cdn.net https://maps.googleapis.com https://maps.gstatic.com https://omicron.matomo.cloud https://player.podigee-cdn.net https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/collect https://streetviewpixels-pa.googleapis.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.googletagmanager.com ; media-src 'self' data: blob: ; worker-src data: blob: ; report-to default-1; 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; 2 frame-ancestors 'self' *.einnews.com *.einpresswire.com; 2 default-src * https: data: 'unsafe-inline' 'unsafe-eval' p11.techlab-cdn.com 2 frame-ancestors 'self' https://californiaclosets.mx; 2 frame-ancestors 'self' https://app.kameleoon.com https://app.contentful.com; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss: data:; img-src https: http: data:; object-src 'none'; 2 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; worker-src 'self' blob:; manifest-src 'self'; block-all-mixed-content; report-uri https://677d811dcfdd640ab319ce51.endpoint.csper.io?builder=true&v=2; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.6sc.co https://*.6sense.com https://www.gstatic.com https://*.googletagmanager.com https://*.sentry.io https://*.wistia.com https://*.wistia.net https://*.wp.com https://boards.greenhouse.io https://browser.sentry-cdn.com https://cdn.dreamdata.cloud https://cdn.mouseflow.com https://cdn.mouseflow.com/projects/*.js https://connect.facebook.net https://cpwebassets.codepen.io https://fast.wistia.com https://fast.wistia.net https://forms.hsforms.com https://google-analytics.com https://googleadservices.com https://googleads.g.doubleclick.net https://googletagmanager.com https://graph.facebook.com https://js-na1.hs-scripts.com https://js.facebook.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://js.hubspotfeedback.com https://js.sentry-cdn.com https://js.usemessages.com https://kit.fontawesome.com https://ml314.com https://pagead2.googlesyndication.com https://public.codepenassets.com https://sc.lfeeder.com https://src.litix.io https://ssl.google-analytics.com https://static.addtoany.com https://static.hsappstatic.net https://stats.wp.com https://tagmanager.google.com https://use.fontawesome.com https://ws.zoominfo.com https://www.clarity.ms https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com ; style-src 'self' 'report-sample' 'unsafe-inline' blob: https://*.fontawesome.com https://*.wp.com https://themoduscreate.wpenginepowered.com https://cdn2.hubspot.net https://fast.wistia.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://themodusstage.wpengine.com https://use.fontawesome.com https://www.googletagmanager.com ; object-src https://embedwistia-a.akamaihd.net; child-src 'self' blob: https://*.facebook.com https://*.mouseflow.com https://app.hubspot.com https://connect.facebook.net https://forms.hsforms.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.usemessages.com https://www.googletagmanager.com ; connect-src 'self' https://*.6sc.co https://*.6sense.com https://secure.adnxs.com https://*.analytics.google.com https://*.bing.ms https://*.clarity.ms https://*.g.doubleclick.net https://*.google.com https://*.google.* https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://api.hubapi.com https://api.nelioabtesting.com https://boards-api.greenhouse.io https://cdn.dreamdata.cloud https://cta-service-cms2.hubspot.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://forms.hsforms.com https://forms.hubspot.com https://google.com https://h.clarity.ms https://js.hscta.net https://js.hsforms.com https://pagead2.googlesyndication.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com https://www.google.com.mx https://www.google.es https://www.googleadservices.com ; font-src 'self' data: https://fast.wistia.net https://fonts.gstatic.com https://use.fontawesome.com https://themoduscreate.wpenginepowered.com ; frame-src 'self' https://*.greenhouse.io https://boards.greenhouse.io https://job-boards.greenhouse.io https://forms.hsforms.com https://forms.hubspot.com https://play-eu1.hubspotvideo.com https://play.hubspotvideo.com https://static.addtoany.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.google.com ; img-src 'self' data: https://*.6sc.co https://*.6sense.com https://*.g.doubleclick.net https://*.google.com https://*.google.* https://*.google-analytics.com https://*.googletagmanager.com https://1907998.fs1.hubspotusercontent-na1.net https://c.bing.com https://c.bing.ms https://c.clarity.ms https://cdn1.iconfinder.com https://cdn2.hubspot.net https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://forms-na1.hsforms.com https://google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://www.gstatic.com https://i.ytimg.com https://loadus.exelator.com https://no-cache.hubspot.com https://pagead2.googlesyndication.com https://perf-na1.hsforms.com https://pixel.wp.com https://ssl.gstatic.com https://themoduscreate.wpenginepowered.com https://tr-rc.lfeeder.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.google.com. https://www.googletagmanager.com ; form-action 'self' https://*.facebook.com https://connect.facebook.net https://forms.hsforms.com https://forms.hubspot.com ; media-src 'self' blob: https://themoduscreate.wpengine.com https://themoduscreate.wpenginepowered.com https://themodusstage.wpengine.com https://themodusstage.wpenginepowered.com ; 2 child-src 'self' ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.favi.cz *.favi.sk bat.bing.net *.seznam.cz bianopixel.com *.biano.sk *.bianopixel.com *.heureka.group *.zbozi.cz *.sjwoe.com *.cj.com *.consentmanager.net *.googlesyndication.com *.smartlook.cloud *.exponea.com *.creativecdn.com *.sentry.io *.lmc.cz *.ecomailapp.cz *.googleapis.com *.google-analytics.com *.google.com *.g.doubleclick.net *.google.cz *.google-analytics.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.bing.com *.biano.cz *.amazonaws.com *.pinterest.com *.clarity.ms *.mczbf.com *.facebook.com *.homecredit.cz *.jsdelivr.net *.packeta.com ws: ; default-src 'self' ; font-src 'self' *.zbozi.cz *.cj.com *.mapy.cz *.lmc.cz *.typekit.net *.gstatic.com *.mczbf.com *.clarity.ms data: ; form-action * 'unsafe-inline' ; frame-src 'self' *.gls-czech.cz *.google.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.sproutvideo.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.facebook.com *.vub.sk *.zbozi.cz *.szn.cz *.packeta.com ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' bat.bing.net *.360yield.com *.openx.net *.smartadserver.com *.outbrain.com *.3lift.com *.adscale.de *.casalemedia.com *.taboola.com *.udmserve.net *.zbozi.cz *.teads.tv *.emjcd.com *.blob.core.windows.net *.orangeclickmedia.com *.sonobi.com *.rubiconproject.com *.seedtag.com *.adnxs.com *.mapy.cz *.typekit.net *.gstatic.com *.googleapis.com *.zasilkovna.cz *.zasielkovna.sk *.packeta.com *.packeta.sk *.google.cz *.google.com creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.mczbf.com *.pinterest.com *.consentmanager.net *.seznam.cz *.bing.com *.cloudfront.net *.google-analytics.com *.facebook.com *.clarity.ms *.rooom.com *.yahoo.com *.amazonaws.com *.consentmanager.net *.ecpaper.cz *.doubleclick.net *.homecredit.cz *.creativecdn.com *.payu.com *.googlesyndication.com *.smartsuppcdn.com *.kdukvh.com *.googletagmanager.com *.heureka.cz *.heureka.sk *.heureka.group *.dotomi.com data: ; manifest-src 'self' ; media-src 'self' *.smartsuppcdn.com ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.biano.sk *.bianopixel.com *.heureka.cz *.heureka.sk *.heureka.group *.zbozi.cz *.cj.com *.exponea.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.bianopixel.com *.jsdelivr.net *.exponea.com *.mapy.cz *.lmc.cz *.twitter.com *.packeta.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.typekit.net *.etargetnet.com *.googlesyndication.com *.googleapis.com *.zbozi.cz *.heureka.cz *.heureka.sk *.heureka.group *.im9.cz im9.cz *.googleadservices.com googleadservices.com ; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.zbozi.cz *.cj.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.mapy.cz *.lmc.cz *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz; worker-src 'self' *.mczbf.com ; 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 2 default-src 'self' data: blob: *.isportgenius.com.au cdn.gtgnetwork.com cdn.geniusgames.com.au fonts.googleapis.com csi.gstatic.com fonts.gstatic.com ssl.gstatic.com *.cloudflare.com *.neds.com.au *.googletagmanager.com *.google-analytics.com *.wistia.com *.litix.io *.jquery.com *.fontawesome.com *.google.com *.gstatic.com browser.sentry-cdn.com 'unsafe-inline' 'unsafe-eval'; frame-src *; 2 frame-ancestors ptisp.pt my.ptisp.pt oppwa.com; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline'; 2 default-src 'self' vercel.live; frame-src 'self' https://www.googletagmanager.com/ https://*.youtube.com https://td.doubleclick.net/ https://docs.google.com/ http://assets.ctfassets.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.youtube-nocookie.com/ https://cdn.croct.io/; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.vercel-insights.com vercel.live https://www.googletagmanager.com https://www.googleoptimize.com https://*.hotjar.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://websdk.appsflyer.com https://analytics.tiktok.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel http://cdnjs.cloudflare.com/ajax/libs/pdf.js/3.11.174/pdf.worker.js http://unpkg.com/pdfjs-dist@4.4.168/build/pdf.worker.min.mjs http://*.s.decidata.tv https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.croct.io/ https://www.youtube.com/iframe_api https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com http://cdnjs.cloudflare.com/; img-src * blob: data:; worker-src * blob: data:; media-src 'self' http://videos.ctfassets.net; connect-src *; font-src 'self' https://fonts.gstatic.com https://cdn.appsflyer.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/; frame-ancestors 'none'; 2 default-src 'self' *.wirth-horn.de *.payengine.de *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; img-src data: 'self' res.cloudinary.com *.amazonaws.com www.youtube-nocookie.com *.wirth-horn.de *.matomo.cloud; media-src data: 'self' res.cloudinary.com www.youtube-nocookie.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.wirth-horn.de *.payengine.de *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de *.matomo.cloud; font-src data: 'self' *.matomo.cloud; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com tagmanager.google.com fonts.googleapis.com *.doubleclick.net *.clarity.ms *.gravatar.com *.hotjar.com *.aparat.com *.mediaad.org *.tavoos.net *.yektanet.com *.sanjagh.com *.sabavision.com *.najva.com *.jsdelivr.net *.googleapis.com *.pegah.tech *.w.org *.wp.com *.openstreetmap.org; 2 block-all-mixed-content; connect-src 'self' https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://*.cloudflare.com 'self'; img-src 'self' data: about: https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 2 frame-ancestors *.muctr.ru 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' 796-pbw-559.mktoresp.com *.algolianet.com *.twitter.com *.company-target.com *.qualified.com *.teamme.link teammate.link *.greenhouse.io *.g2.com google.com *.teamme.link teamme.link cdn.cookielaw.org content.hotjar.io ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.supabase.co *.wistia.com embedwistia-a.akamaihd.net *.wistia.net *.onetrust.com *.orca.security googleads.g.doubleclick.net *.googleusercontent.com *.marketo.net orca.security *.wp.com *.linkedin.com static.ads-twitter.com *.hotjar.com stats.g.doubleclick.net t.co *.demandbase.com tracking.g2crowd.com *.hotjar.io wss wss://ws.hotjar.com wss://ws.qualified.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.googleoptimize.com www.googletagmanager.com www.youtube.com *.gravatar.com ad.doubleclick.net analytics.twitter.com *.g2.com google.com *.teamme.link teammate.link *.greenhouse.io *.teamme.link teamme.link fonts.gstatic.com mc.yandex.ru pagead2.googlesyndication.com pos.baidu.com translate.googleapis.com *.bing.com region1.analytics.google.com api.mkmediaworks.com blob: https://orca.security/5fc9ffbb-97f6-4f2c-b9d4-572461ee66bf cdn.linkedin.oribi.io obseu.segreencolumn.com www.google.cn www.google.com.eg www.google.kg www.google.tm www.gstatic.com www.google.com.bo *.adsrvr.org sentry.io euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms www.googleadservices.com 5f6b2d0bd0ea9d00689c778b.services.infinigrow.com lh7-us.googleusercontent.com cm.g.doubleclick.net ssl.google-analytics.com www.facebook.com id.rlcdn.com dsum-sec.casalemedia.com partners.tremorhub.com pixel.rubiconproject.com s.w.org token.rubiconproject.com rapidsec.com munchkin.marketo.net o95209.ingest.sentry.io s3.eu-west-1.amazonaws.com translate-pa.googleapis.com *.linkedin.com *.algolia.net orca-2024.go-vip.net *.6sc.co *.6sense.com js.zi-scripts.com ws.zoominfo.com secure.adnxs.com *.redditstatic.com *.reddit.com *.litix.io *.parsely.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.teamme.link teammate.link *.greenhouse.io *.g2.com google.com cdn.cookielaw.org ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net euob.segreencolumn.com *.supabase.co fast.wistia.com fast.wistia.net go.orca.security googleads.g.doubleclick.net js.qualified.com munchkin.marketo.net orca.security pi.pardot.com script.hotjar.com static.ads-twitter.com static.hotjar.com stats.wp.com tag.demandbase.com tracking.g2crowd.com try.orca.security www.google-analytics.com www.googleoptimize.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com js.adsrvr.org edge.marker.io obseu.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com www.clarity.ms www.googleadservices.com tpc.googlesyndication.com snap.licdn.com *.6sc.co *.6sense.com; script-src-elem 'self' data: 'unsafe-inline' app.vwo.com *.teamme.link teammate.link *.greenhouse.io *.g2.com google.com *.teamme.link teamme.link cdn.cookielaw.org cdnjs.cloudflare.com connect.facebook.net ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.supabase.co *.wistia.com *.wistia.net *.orca.security googleads.g.doubleclick.net *.qualified.com munchkin.marketo.net orca.security *.hotjar.com ssl.google-analytics.com static.ads-twitter.com *.wp.com *.demandbase.com tpc.googlesyndication.com tracking.g2crowd.com *.googleapis.com *.google.com www.google-analytics.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com yoast.com rapidsec.com s3.eu-central-1.amazonaws.com www.gstatic.com www.youtube.com js.adsrvr.org edge.marker.io api.company-target.com euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms obseu.segreencolumn.com snap.licdn.com shortstack.services.atlassian.com *.google.ca *.6sc.co *.6sense.com js.zi-scripts.com *.redditstatic.com *.parsely.com *.sentry-cdn.com *.bing.com *.cloudflareinsights.com blob:; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' orca.security *.orca.security fonts.googleapis.com; style-src-elem 'self' data: 'unsafe-inline' *.teamme.link teamme.link *.qualified.com fonts.googleapis.com *.orca.security orca.security www.googletagmanager.com www.gstatic.com p.typekit.net *.wp.com; style-src-attr 'unsafe-inline'; font-src 'self' data: assets.qualified.com *.supabase.co fast.wistia.com fast.wistia.net fonts.gstatic.com github.com *.fontawesome.com orca.security themes.googleusercontent.com use.typekit.net fonts.cdnfonts.com static.zip.co fonts.googleapis.com at.alicdn.com *.orca.security *.wp.com; media-src 'self' app.qualified.com *.supabase.co *.wistia.com embedwistia-a.akamaihd.net *.wistia.net ssl.gstatic.com blob: data: www.youtube.com; object-src 'self' *.supabase.co *.wistia.com embedwistia-a.akamaihd.net orca.security; child-src 'self' app.qualified.com *.teamme.link teammate.link *.greenhouse.io *.g2.com google.com *.teamme.link teamme.link *.supabase.co fast.wistia.com fast.wistia.net go.orca.security s.company-target.com try.orca.security www.youtube.com blob: *.google.com *.adsrvr.org insight.adsrvr.cn; frame-src 'self' 5gtvu7km85.execute-api.us-east-1.amazonaws.com *.google.com app.qualified.com *.opendns.com *.teamme.link teammate.link *.greenhouse.io *.g2.com google.com *.teamme.link teamme.link *.supabase.co fast.wistia.com fast.wistia.net *.orca.security orca.security s.company-target.com td.doubleclick.net tpc.googlesyndication.com www.googletagmanager.com www.youtube.com *.adsrvr.cn *.adsrvr.org app.marker.io lsrelay-config-production.s3.amazonaws.com obseu.segreencolumn.com obseu.itstarsbuilding.com schools-blocked.s3-website-us-east-1.amazonaws.com login.microsoftonline.us widgets.wp.com wordpress.com; worker-src blob:; frame-ancestors 'self'; form-action 'self' *.orca.security orca.security; manifest-src 'self' orca.security *.orca.security; report-uri https://osweb25b8034a79abb3.report-uri.com/r/t/csp/reportOnly 2 upgrade-insecure-requests; frame-ancestors 'self'; report-uri /.well-known/csp/398de7fd-3691-4d9b-a659-e942c814ea97 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com http://static.clevertap.com https://d2r1yp2w7bby2u.cloudfront.net https://in1.clevertap-prod.com https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://www.clarity.ms https://connect.facebook.net https://googleads.g.doubleclick.net https://eu1.clevertap-prod.com https://anuvadak.in https://staging.anuvadak.in/ https://hspx.hotstar.com/;style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://anuvadak.in/ https://staging.anuvadak.in/;img-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google.co.in/ https://bat.bing.com/ https://www.google.com/ https://www.google-analytics.com https://ssl.gstatic.com/ https://ad.doubleclick.net https://www.googletagmanager.com/ https://marktech-images.mstock.com/ data:;font-src 'self';frame-src 'self' https://www.youtube.com/ https://11843339.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://anuvadak.in/ https://www.google.com/;object-src 'none';media-src 'self';form-action 'self' https://ekyc.mstock.com/Register-with-us https://affiliate.miraeassetpartners.com/;worker-src 'self';manifest-src 'self'; 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' https://bat.bing.com https://ftlaunchpad.ai https://hits3.livemarketshoppers.com https://build.1pdata.app https://cdn.omniconvert.com https://*.clopay.com/ https://*.clopaydoor.com/ https://*.googleapis.com https://*.dynatrace.com https://rawgit.com https://*.jquery.com https://*.jsdelivr.net https://www.youtube.com/ https://www.google-analytics.com https://*.googletagmanager.com https://*.freshchat.com https://*.cloudflare.com http://www.pagespeed-mod.com https://*.google-analytics.com https://*.google.com https://*.bazaarvoice.com https://*.monitor.azure.com https://*.pinimg.com https://*.marketingcloudfx.com https://*.leadmanagerfx.com https://*.adsrvr.org https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.cornellcookson.com https://www.gstatic.com https://acsbapp.com https://*.dstillery.com https://*.media6degrees.com https://*.iesnare.com https://acuityplatform.com https://ct.pinterest.com/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://*.clopay.com/ https://*.clopaydoor.com/ https://*.bazaarvoice.com https://*.googleapis.com/ https://*.cornellcookson.com https://*.clopaydoor.com https://*.freshchat.com; img-src 'self' data: blob: https://c.webfxcapi.com/ https://www.google.com https://bat.bing.com https://ftlaunchpad.ai https://hits3.livemarketshoppers.com https://build.1pdata.app https://*.azurewebsites.net/ https://www.google-analytics.com/ https://i.ytimg.com/ https://www.facebook.com https://*.pinterest.com https://*.googleapis.com https://*.gstatic.com https://www.googletagmanager.com https://www.google.co.in https://*.linkedin.com https://*.clopaydoor.com https://*.doubleclick.net https://*.bazaarvoice.com https://*.adsrvr.org https://*.rubiconproject.com; object-src 'none'; form-action 'self'; base-uri 'none'; font-src 'self' data: https://*.gstatic.com https://*.googleapis.com; default-src 'self' https://app.omniconvert.com https://*.clopay.com/ https://*.clopaydoor.com/ https://*.linkedin.com https://*.applicationinsights.azure.com https://*.google.com https://*.acsbapp.com https://*.marketingcloudfx.com https://*.doubleclick.net wss://ws.hotjar.com https://*.hotjar.io https://*.dynatrace.com https://*.facebook.com/ https://*.leadmanagerfx.com https://acsbapp.com/ https://*.cornellcookson.com https://*.freshchat.com https://*.adsrvr.org https://www.google-analytics.com https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.akamaized.net https://*.bazaarvoice.com https://*.googleapis.com https://restapi https://ct.pinterest.com/ https://www.googletagmanager.com/; 2 frame-ancestors 'self' https://ibexa.vonovia.de 2 frame-ancestors 'self' https://*.kontent.ai https://app.kontent.ai 2 report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org https://*.forethought.ai live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ *.addtoany.com *.sharethis.com google-analytics.com googletagmanager.com piper.filecamp.com public.tableau.com sf.wildapricot.org viewer.mapme.com youtube.com; img-src * data: blob:; media-src * blob:; font-src * https://*.aptrinsic.com data:; 2 base-uri self; frame-ancestors https://app.makeswift.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://claro.clientcampaigns.live https://*.google.com.mx https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.com.hn https://*.google-analytics.com https://*.acuityplatform.com https://*.google.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.cloudflare.com https://*.twitter.com https://t.co https://*.doubleclick.net https://clarity.ms https://*.bing.com https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://*.clarodigital.net https://*.ytimg.com https://stackpath.bootstrapcdn.com https://*.claro.com.hn https://*.clarity.ms https://www.gstatic.com https://universalplus.com https://*.googleadservices.com https://*.google.com.gt https://*.teads.tv https://*.tiktok.com https://claro.clientcampaigns.live https://*.dearflip.com https://*.zencdn.net; media-src mediastream: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: https://*.claro.com.hn https://*.dearflip.com; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.onestopenglish.com; 2 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests;media-src blob: data: https:; 2 default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: https://*.cookiebot.com ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://*.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://*.cookiebot.com https://edgecdnhd2-vh.akamaihd.net 2 default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://col.eum-appdynamics.com https://*.google-analytics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpsrv-vh.akamaihd.net https://vc.hotjar.io https://stats.g.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.adsymptotic.com https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.force.com wss://*.salesforce-sites.com https://*.google.com https://*.cookielaw.org https://*.clarity.ms;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.linkedin.com https://*.linkedin.oribi.io https://chimpstatic.com https://*.mailchimp.com https://*.vimeo.com https://*.vimeocdn.com https://*.licdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.cookielaw.org https://*.clarity.ms;img-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.adnxs.com https://*.hotjar.com https://*.hotjar.io https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.doubleclick.net https://*.linkedin.com https://*.linkedin.oribi.io https://openbadges.blob.core.windows.net https://*.vimeo.com https://*.vimeocdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.cookielaw.org https://www.googleadservices.com https://www.googletagmanager.com https://*.clarity.ms https://*.bing.com https://placehold.co;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andanet.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.andameds.com https://*.googleapis.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com https://*.mailchimp.com https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.google.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.cybersource.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://col.eum-appdynamics.com https://*.mailchimp.com https://*.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.clarity.ms https://*.googletagmanager.com 2 frame-ancestors 'self' app.makeswift.com 2 default-src 'self' blob: https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: http://*.limbo.techland.pl/ https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/; frame-src 'self' http://*.limbo.techland.pl/ https://*.limbo.techland.pl/ https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com wss://testy.limbo.techland.pl:9509 https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com https://region1.analytics.google.com; style-src-elem 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; script-src-elem 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 2 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2 default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.blob.core.windows.net https://*.googleapis.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.msecnd.net https://*.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://s.pinimg.com https://snap.licdn.com https://*.pinterest.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net https://*.sharethis.com https://www.google.com https://*.mouseflow.com https://*.gstatic.com https://*.youtube.com https://*.googlesyndication.com; img-src 'self' data: https://www.niko.eu https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.be https://*.google.nl https://*.google.fr https://*.google.dk https://*.google.sk https://*.google.se https://*.google.de https://*.google.es https://www.facebook.com https://*.linkedin.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://*.mouseflow.com https://*.sharethis.com; style-src 'self' 'unsafe-inline' https://*.blob.core.windows.net https://*.googleapis.com; font-src 'self' https://*.gstatic.com https://*.id.niko.eu https://*.mouseflow.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://td.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com http://*.pinterest.com https://*.clickdimensions.com https://*.mouseflow.com https://*.google.com; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://*.typesense.net https://dc.services.visualstudio.com https://*.google.com https://*.google.be https://*.google.nl https://*.google.fr https://*.google.dk https://*.google.sk https://*.google.se https://*.google.de https://*.google.es https://www.facebook.com https://*.doubleclick.net https://*.linkedin.com https://*.pinterest.com https://google.com https://*.googlesyndication.com https://*.mouseflow.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.sharethis.com; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self' http: https: data: blob: 'unsafe-inline'; 2 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io ; 2 default-src 'self'; connect-src 'self' https://cdn-cookieyes.com https://*.cookieyes.com https://form.jotform.com https://submit.jotform.com https://*.google-analytics.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.analytics.google.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cookieyes.com https://submit.jotform.com https://form.jotform.com; img-src 'self' https://*.elliottmgmt.com *.elliottmgmt.com https://elliottmgmt.com https://dev-elliott-mgmt.pantheonsite.io https://test-elliott-mgmt.pantheonsite.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://cdn-cookieyes.com https://*.cookieyes.com https://secure.gravatar.com blob: data:; object-src; script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://cdn-cookieyes.com https://*.google-analytics.com 'unsafe-inline'; style-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 2 form-action 'self' *.coworkingresources.org *.getkisi.com *.hsforms.com *.hsforms.net *.hubspot.com coworkingresources.org getkisi.com production-b3jhdbaf6q-uk.a.run.app staging-b3jhdbaf6q-uk.a.run.app www.facebook.com; script-src 'self' 'unsafe-inline' *.clearbit.com *.clearbitjs.com *.clearbitscripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.smartlook.cloud *.smartlook.com *.typekit.net a.omappapi.com a.optmnstr.com ajax.googleapis.com api.na.chilipiper.com assets.apollo.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org fonts.googleapis.com fonts.gstatic.com googleads.g.doubleclick.net idsync.rlcdn.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.na.chilipiper.com js.usemessages.com netlify-cdp-loader.netlify.app optimize.google.com production-b3jhdbaf6q-uk.a.run.app s.adroll.com script.hotjar.com snap.licdn.com ssl.google-analytics.com staging-b3jhdbaf6q-uk.a.run.app static.ads-twitter.com static.hotjar.com tagmanager.google.com w.appzi.io www.chatbase.co www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.youtube.com 2 default-src 'self' maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net *.localhost; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.pardot.com landing.daikinapplied.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.typekit.net *.fontawesome.com *.wistia.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.bing.com *.licdn.com *.stackadapt.com *.google.com cdnjs.cloudflare.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.srv.stackadapt.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.wistia.com *.akamaihd.net dotcom.blob.core.windows.net *.g.doubleclick.net *.google.com *.bing.com *.linkedin.com *.adsymptotic.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.fontawesome.com; frame-src 'self' *.doubleclick.net *.daikinapplied.com daikinapplied.secure.force.com *.google.com *.twitter.com *.four51.com *.salesforce-sites.com web-chat.nativechat.com; connect-src accounts.google.com *.google-analytics.com *.googleadservices.com *.mktoresp.com *.wistia.com *.litix.io *.akamaihd.net *.stackadapt.com *.google.com *.doubleclick.net *.fontawesome.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.com dotcom.blob.core.windows.net *.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.daikinapplied.com daikinapplied.secure.force.com *.google.com blob: 'self' web-chat.nativechat.com; frame-ancestors 'self' *.google.com *.daikinapplied.com *.localhost 2 frame-ancestors 'self' https://www.racq.com.au https://rac.com.au https://our.raa.com.au; 2 frame-ancestors *.myshopify.com https://admin.shopify.com; 2 frame-ancestors 'self' https://*.house.gov; form-action 'self' https://*.house.gov https://congress.gov https://www.congress.gov https://www.google.com https://vekeo.com https://republicanwhip.us21.list-manage.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://maps.google.com https://cse.google.com https://ajax.googleapis.com https://maps.googleapis.com https://video.teleforumonline.com https://platform.twitter.com https://widgets.twimg.com https://cdn.syndication.twimg.com https://static.sk.facebook.com https://connect.facebook.net https://www.instagram.com/embed.js https://js.arcgis.com https://video.foxbusiness.com https://rumble.com https://code.jquery.com https://platform-api.sharethis.com https://ws.sharethis.com https://s7.addthis.com https://s3.amazonaws.com; object-src 'none';; upgrade-insecure-requests 2 script-src 'self' blob: *.klikmbc.co.id *.klikmbc.biz *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.jquery.com *.gstatic.com *.tailwindcss.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none'; 2 default-src 'self' https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://*.mouseflow.com; img-src 'self' https://*.mouseflow.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com https://*.giosgusercontent.com https://images.ctfassets.net https://bat.bing.net data:; media-src https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*; style-src 'unsafe-inline' 'self' https://*; connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://*; worker-src blob:; child-src https://*.mouseflow.com blob:; font-src 'self' https://*.googleapis.com/ https://*.gstatic.com https://*.giosgusercontent.com https://*.mouseflow.com; 2 default-src 'self' 'unsafe-inline' https://play.hubspotvideo.com *.hs-sites.com https://platform.twitter.com https://player.vimeo.com https://web.cvent.com https://83340.fs1.hubspotusercontent-na1.net https://ncontracts.applytojob.com https://fonts.googleapis.com https://www.facebook.com https://forms.hsforms.com https://view.ceros.com https://app.qualified.com https://cdnjs.cloudflare.com https://www.youtube.com/ *.hubspot.com *.hs-banner.com *.hsleadflows.net *.hs-analytics.net *.hsforms.net *.hsadspixel.net https://tracking.g2crowd.com *.cloudfront.net https://ws.zoominfo.com https://kit.fontawesome.com https://js.hs-scripts.com https://static.hsappstatic.net https://js.qualified.com https://rum-static.pingdom.net https://static.oktopost.com https://assets.revsure.cloud https://okt.to https://www.googletagmanager.com https://td.doubleclick.net https://snap.licdn.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://js.usemessages.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com *.fontawesome.com; script-src 'self' 'unsafe-inline' https://platform.twitter.com https://platform.linkedin.com https://static.hsappstatic.net/ https://web.cvent.com/ https://www.ncontracts.com https://view.ceros.com https://tracking.g2crowd.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com https://ws.zoominfo.com *.hsforms.net https://kit.fontawesome.com https://static.oktopost.com https://js.qualified.com https://assets.revsure.cloud https://okt.to *.hsleadflows.net *.hubspot.com *.hs-banner.com https://www.googletagmanager.com *.cloudfront.net https://www.google.com https://snap.licdn.com https://www.gstatic.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://googleads.g.doubleclick.net https://js.usemessages.com; img-src 'self' https://www.trupointpartners.com https://c.clarity.ms https://www.googletagmanager.com https://83340.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://px.ads.linkedin.com *.hsappstatic.net *.hs-embed-reporting.com https://b.6sc.co https://bat.bing.com *.esnlocco.com *.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px4.ads.linkedin.com; connect-src 'self' https://vimeo.com https://www.google-analytics.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://secure.adnxs.com https//c.6sc.co https://www.facebook.com https://ws.zoominfo.com *.clarity.ms *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.fontawesome.com https://settings.luckyorange.net https://app.qualified.com https://api.rudderstack.com wss://ws.qualified.com https://analytics.revsure.cloud https://px.ads.linkedin.com *.google.com https://ipv6.6sc.co *.esnlocco.com https://e.clarity.ms https://epsilon.6sense.com https://rum-collector-2.pingdom.net https://google.com;; upgrade-insecure-requests 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self' https://*.franceolympique.com; 2 frame-ancestors 'self' *.cdc2vckncu-lederands1-p1-public.model-t.cc.commerce.ondemand.com:443 2 “script-src 'none';†2 default-src 'self'; style-src * 'unsafe-inline'; img-src * 'self' data:; media-src * 'self'; font-src * 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; frame-src * 'self'; worker-src * 'self' blob: 2 frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 2 default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com; frame-ancestors 'self' *.jobbern.ch; 2 default-src 'self'; connect-src 'self' *.prosoft.io *.belden.io prosoft.io belden.io cdn.cookielaw.org *.statuspage.io privacyportal.onetrust.com geolocation.onetrust.com *.prosoft-technology.com www.google-analytics.com *.googleapis.com *.mailgun.net *.intercom.io *.s3.us-west-2.amazonaws.com wss:; media-src 'self' *.intercomcdn.com www.google-analytics.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; img-src 'self' blob: data: maps.google.com cdn.cookielaw.org maps.gstatic.com *.googleapis.com www.google-analytics.com *.intercomcdn.com *.intercomassets.com *.ggpht *.prosoft-technology.com *.mailgun.net; font-src 'self' data: fonts.gstatic.com *.intercomcdn.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.intercomassets.com *.prosoft-technology.com *.mailgun.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com *.intercom.io *.intercomassets.com *.intercomcdn.com polyfill.io *.prosoft-technology.com *.mailgun.net cdn.cookielaw.org; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com *.intercom.io *.intercomassets.com *.intercomcdn.com polyfill.io *.prosoft-technology.com *.mailgun.net cdn.cookielaw.org *.statuspage.io; frame-src 'self' *.statuspage.io 2 frame-ancestors 'self' covideo.com *.covideo.com vidmails.com *.vidmails.com eleadcrm.com *.eleadcrm.com forddirectcrm.com *.forddirectcrm.com usherpa.com *.usherpa.com *.autoipacket.com *.autoipacket.net *.ipacket.us *.ipacket.info dealersocket.com *.dealersocket.com dealersocket.engineering *.dealersocket.engineering bb.local.dealersocket.com murraychevbrandon.com *.murraychevbrandon.com linkedin.com *.linkedin.com *.kennected.video watch.kennected.video; 2 frame-ancestors 'self' https://app.storyblok.com https://editor.storyblok.com https://m.storyblok.com; 2 connect-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; font-src 'self'; frame-src 'self' https://www.youtube.com/; img-src 'self' https://cdn.redoc.ly/redoc/ https://i.ytimg.com/ data: 'unsafe-eval'; object-src 'self'; script-src 'self' 'unsafe-inline' https://matomo.heinlein-support.de https://numbers.heinlein-support.de https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.heinlein-support.de/report-uri/enforce 2 default-src https:; font-src https: data:; frame-src https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; connect-src https: http: wss: ws:; 2 frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/ https://www.gstatic.com/ https://va.vercel-scripts.com/ https://player.vimeo.com/ https://widget.trustpilot.com/ https://vercel.live/ https://*.org.coveo.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://cdn.cookielaw.org/ https://*.youtube.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://ade.googlesyndication.com/ https://adservice.google.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.datadoghq-browser-agent.com https://*.crazyegg.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://googletagmanager.com/ https://tagmanager.google.com/ https://*.crazyegg.com; img-src 'self' blob: data: https://*.sitecorecloud.io https://wst-p-001.sitecorecontenthub.cloud https://cdn.cookielaw.org http://*.googletagmanager.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://google.com/ https://ade.googlesyndication.com/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com/ https://www.linkedin.com https://www.facebook.com/ https://*.crazyegg.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com/ https://*.vimeo.com https://widget.trustpilot.com https://vercel.live/ https://*.youtube.com http://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com https://*.crazyegg.com; connect-src 'self' https://*.sitecorecloud.io https://platform.cloud.coveo.com https://analytics.cloud.coveo.com https://*.org.coveo.com https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com http://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com https://www.facebook.com https://browser-intake-us3-datadoghq.com https://*.crazyegg.com https://api.zippopotam.us https://privacyportal.onetrust.com; object-src 'none'; base-uri 'self'; form-action 'self' https://*.worldstrides.net https://*.worldstrides.com/ https://*.explorica.com/ https://*.explorica.ca/ https://portail.educatours.com/ https://www.facebook.com; frame-ancestors https://*.sitecorecloud.io/; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml; 2 frame-ancestors 'self' https://www.twinkmovies.xxx https://www.twinkmovies1cn.com https://www.twinkmovies.pro 2 frame-ancestors 'self' https://manage.probuilder.com https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2 default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 2 default-src 'self' ; style-src https: 'unsafe-inline'; script-src https://*.ispserver.com/ https://*.ispserver.ae/ https://ispserver.ae/ https://ispserver.ru/ https://ispserver.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://chat.hoztnode.net:3000 https://chat.ispsystem.net:3001 https://www.googletagmanager.com/ https://www.google.com/ https://my.ispserver.ru/ https://my.ispserver.com/ https://my.ispserver.ae/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://tag.marinsm.com/ https://mc.yandex.ru/ https://top-fwz1.mail.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pixel-geo.prfct.co/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://*.chathost.ru/ https://*.carrottrack.io/ https://chat.hoztnode.net:3000/ wss://chat.hoztnode.net:3000/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://top-fwz1.mail.ru/ https://mc.yandex.ru/; frame-src 'self' https://www.google.com/ https://bid.g.doubleclick.net/; font-src 'self' https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'self'; frame-ancestors 'self' https://metrika.yandex.ru; 2 child-src 'self' https://ksms-p-001.sitecorecontenthub.cloud/;connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com localhost:44001 *.hotjar.com *.hotjar.io *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.sumo.com sumo.com *.bc0a.com *.brightedge.com *.vidyard.com *.comm100.io *.googleadservices.com *.google.com *.milestoneinternet.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sumome.com https://sumome.com *.surveymonkey.com *.fontawesome.com google.com *.rakanto.com *.demdex.net;default-src 'self' *.googleapis.com *.gstatic.com fonts.gstatic.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.gstatic.com www.google.com *.comm100.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' share.kelsey-seybold.com https://apps.sitecore.net https://ksms-p-001.sitecorecontenthub.cloud/;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.fontawesome.com;frame-ancestors 'self' *.kelsey-seybold.com *.promotionsdev.com promotionsdev.com *.whyilike.com whyilike.com *.mykelseyonline.com https://www.clinicadekelsey.com https://temp-www.kelsey-seybold.com temp-www.kelsey-seybold.com www.mykelseyonline.com https://www.kelsey-seybold.com *.kelsey-seybold.com *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;frame-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net fonts.gstatic.com www.googletagmanager.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.vidyard.com *.addthis.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.google.com *.kelsey-seybold.com *.mykelseyonline.com *.whyilike.com whyilike.com *.promotionsdev.com promotionsdev.com *.googleservices.com *.doubleclick.net webto.salesforce.com *.salesforce.com *.podsnack.com *.flipsnack.com *.youtube.com *.understand.com *.typeform.com *.mykelseyonline.com https://www.clinicadekelsey.com https://www.kelsey-seybold.com *.kelsey-seybold.com https://www.facebook.com https://mykelseyonline.com/ *.adsrvr.org *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com https://temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud *.surveymonkey.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.doubleclick.net *.google-analytics.com www.googletagmanager.com *.vidyard.com *.kelsey-seybold.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.b0e8.com *.simpli.fi *.googleadservices.com *.bc0a.com *.pro-market.net *.igodigital.com *.google.com *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pippio.com pippio.com *.apxlv.com *.trueleadid.com *.cogocast.net *.comm100.io *.hotjar.com https://*.hotjar.com https://usermatch.krxd.net https://beacon.krxd.net https://sync.mathtag.com *.adsrvr.org *.nextdoor.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ https://sumome.com *.sumome.com *.surveymonkey.com https://s3-eu-west-1.amazonaws.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com smetrics.optum.com;media-src 'self' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com code.jquery.com 'unsafe-eval' 'unsafe-inline' *.hotjar.com unpkg.com *.cloudflare.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.googleservices.com *.doubleclick.net *.google.com *.sumo.com sumo.com *.bc0a.com *.b0e8.com *.igodigital.com *.googleadservices.com geo-targetly.com *.mykelseyonline.com *.comm100.com *.comm100vue.com *.typeform.com browser-update.org *.milestoneinternet.com mykelseyonline.com *.mykelseyonline.com kelsey-seybold.com *.nextdoor.com *.kelsey-seybold.com *.adsrvr.org *.googletagmanager.com mycharttst.kelsey-seybold.com *.mycharttst.kelsey-seybold.com *.kelsey-seybold.com temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com *.sumome.com *.surveymonkey.com *.fontawesome.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.rakanto.com *.adobedtm.com;style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.typeform.com mykelseyonline.com *.mykelseyonline.com temp-www.kelsey-seybold.com *.kelsey-seybold.com mycharttst.kelsey-seybold.com www.kelsey-seybold.com share.kelsey-seybold.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.fontawesome.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.acsbapp.com acsbapp.com *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com *.cookiebot.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com https://cms-liquidstate-cloud.s3.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.cookiebot.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com *.sonichealth.us *.cookiebot.com; object-src 'none'; 2 report-uri https://together.ltimindtree.com/; report-to csp-endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com assets.adoberesources.net documentcloud.adobe.com unpkg.com *.jotform.com *.calendly.com calendly.com *.googleapis.com *.linkedin.com *.cookielaw.org *.yoast.com *.cloudfront.net *.ltimindtree.com *.en25.com acsbapp.com *.acsbapp.com *.acsbap.com *.cookielaw.org *.mouseflow.com *.doubleclick.net *.marketo.net *.hotjar.com *.licdn.com *.demandbase.com *.techtarget.com *.terminus.services *.zoominfo.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.influ2.com *.cloudflare.com *.github.io *.jsdelivr.net *.jquery.com *.unpkg.com *.clarity.ms *.youtube.com; object-src *.youtube.com 'self' *.vimeo.com *.calendly.com *.jotform.com; form-action 'self' https://together.ltimindtree.com *.jotform.com *.calendly.com; frame-ancestors 'self' https://next.brella.io/; child-src 'self' 'unsafe-inline' assets.adobedtm.com *.calendly.com calendly.com *.vimeo.com *.linkedin.com *.dionglobal.in *.jotform.com *.cloudfront.net *.youtube.com *.ltimindtree.com *.en25.com *.acsbapp.com *.acsbap.com *.cookielaw.org *.mouseflow.com *.doubleclick.net *.marketo.net *.hotjar.com *.licdn.com *.demandbase.com *.techtarget.com *.terminus.services *.zoominfo.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.influ2.com *.cloudflare.com *.github.io *.jsdelivr.net *.jquery.com *.company-target.com assets.adoberesources.net documentcloud.adobe.com ltim-crystal.itonics.io 2 upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' blob: mailto: tel: *; font-src 'self' data: blob: * ; img-src 'self' data: blob: * ; object-src 'none'; worker-src blob: * ; form-action 'self' 2 default-src 'self' https://optimize.google.com; frame-src 'self' data: bytedance: sslocal: https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://oc-assets.klarnaservices.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.trustpilot.com; script-src 'self' data: https://*.adsrvr.org https://*.adunion.com.au https://t.cfjump.com https://*.criteo.com https://*.criteo.net https://oc-library.klarnaservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.api.useinsider.com https://*.useinsider.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.ozsale.com.au https://*.singsale.com.sg https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com https://*.openpay.com.au/ https://*.trustpilot.com https://tools.luckyorange.com analytics.tiktok.com https://*.roeyecdn.com https://*.zip.co https://zip.co 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.google.com; style-src 'self' https://*.klarnacdn.net https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://*.googleapis.com https://*.api.useinsider.com https://*.useinsider.com https://*.zip.co 'unsafe-inline'; font-src 'self' data: https://*.api.useinsider.com/ https://*.useinsider.com/ https://font.static.useinsider.com/ https://static.zipmoney.com.au https://*.klarnacdn.net https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.zip.co https://roktcdn1.akamaized.net; connect-src 'self' https://*.adunion.com.au https://*.adsrvr.org https://*.criteo.com https://*.klarnaservices.com https://*.useinsider.com https://*.api.useinsider.com https://*.g.doubleclick.net https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbcb.nzsale.co.nz wss://fbcb.identitydirect.com.au https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://*.useinsider.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 2 default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; media-src * data: 'unsafe-eval'; font-src * data: 'unsafe-eval'; frame-src * blob:; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; 2 frame-ancestors 'none'; style-src https: blob: 'unsafe-inline' 'self' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.priv.center *.truendo.com https://cdn.jsdelivr.net https://embed.typeform.com *.popupsmart.com blob: 2 frame-ancestors 'self' levelone.com *.levelone.com www.realpage.com 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self'; 2 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc=' 'sha256-jrgkEqFIwhymCeRxfh3RHm2ssvwC2lNerrrYfQZiAMA=' 'sha256-E6VSHz7prXjxYy3IswjAT2XLomQQ+UmhLBThJZm+dGs=' https://script-staging.wiz.gov.sg/customs-script.js https://script.wiz.gov.sg/customs-script.js blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ https://*.onemap.gov.sg/ https://maps.hack2025.gov.sg https://maps.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://chat.vica.gov.sg/ https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; 2 frame-ancestors www.happymeal.com; 2 frame-ancestors 'self' https://twinrivers.catapultcms.com 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; 2 frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 2 frame-ancestors 'self' *.psplugin.com 2 default-src 'self' https://videos.ctfassets.net/; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 2 frame-ancestors mechannext.nl mechanisatie.bmb-bruggeman.nl groenoordbv.nl www.tractors-and-machinery.com lmbdewith.nl csb-mechanisatie.nl www.vidbag.nl www.agrideals.nl unicomoost.nl favandervegt.nl geert-jandekok.com berhuynen.nl www.lmbgeertsema.nl www.kempmechanisatie.nl www.uildriksmechanisatie.nl www.farmstore.nl abekservice.nl vandeglindmechanisatie.nl westerinklandbouwmachines.nl www.peijnenburgmachines.nl www.robertusmechanisatie.nl lmbdebruin.nl marijsse.eu www.vandersluisbv.nl lmbdebruijn.nl www.roeleveld-mech.nl hbeekhof.nl pkriesels.nl www.kooijkervandieren.nl debruijn-zundert.nl www.lmbvermeulen.nl lmbvermeulen.nl www.koolslmb.nl www.lmbvandermeij.nl vandalmc.nl perdaems.com vismechanisatie.nl meekes-groenlo.nl dmservice.nl www.vanderwerfbv.nl www.hofstede-machinery.com www.roeszevenaar.nl dekruyf.nl vandermaar.eu www.boomsma-mechanisatie.nl www.wijha.nl frens.nl www.demminkmechanisatie.nl www.vantigchelt.be www.lthnijmeijer.nl www.dijkstramechanisatie.com www.boma-lmb.nl martienvisser.nl www.bomech.nl www.schoutenmechanisatie.nl www.gebrheemskerk.nl www.vosmechanisatie.nl www.lmbstemerdink.nl www.derooy-tractors.nl verburgwaarder.nl www.vanderweerdkampen.nl www.heuvelmansbv.nl www.markdebresser.nl dekruyf.nl sarinkelfrink.nl www.lmbvdlaan.nl hofmechanisatie.com www.hoekengamechanisatie.nl www.rutgersmechanisatie.nl www.lmbvorden.nl exalto-renswoude.nl www.bijkernijeveen.nl www.landbouwmechanisatiedenandel.nl www.bolexlexmond.nl mcv.nu mc-p.nl www.akkermanmechanisatie.nl www.joldersma.com veenstramechanisatie.nl wagricom.com lmbprins.nl www.wopamechanisatie.nl www.kortiermechanisatie.nl ezendamborne.nl www.evenhuis.nl kuperus.frl wasse.nl smb-genderen.nl agrotechniekoosterink.nl www.bemumarknesse.nl meerkerktraktoren.nl www.lmbdenotter.nl www.bmb-bruggeman.nl www.lmbwielink.nl www.rogo.nu www.weeversbv.nl www.groenewoud-tractoren.nl www.mechatec.nl www.weeversbv.nl www.betuwemechanisatie.nl suichies.nl www.rovadi.nl www.flierman-wilp.nl vdiauctions.com www.dijkstramechanisatie.nl www.grsmachines.nl www.mechanisatiehaarlemmermeer.nl www.lmbguusgiesen.nl www.hamoen-tractoren.nl www.lmb-oosterhof.nl vrielink-machinehandel.nl lmbvanlochem.nl blokmechanisatie.nl vanrossenberg.com lmb-deweertbakel.nl www.denekkerenelzinga.nl www.hofstede-machinery.com www.vdbergmastenbroek.nl www.lmbdenotter.nl hanssenagro.nl ebbersmechanisatie.nl zeelandtrac.nl veenma.nl www.vofbouwmeester.nl www.stolkmechanisatie.nl brienen-mechanisatie.nl www.peeters-vortum.nl www.firmatenberge.nl www.niensbv.nl kamminga-haarlo.nl www.lmbdoornbos.nl www.dikkemamachines.nl lmbdenengelsman.nl dijk-ureterp.nl schop-mechanisatie.nl vandenbergmechanisatie.nl rovem.com tuijtelaars.nl hollandsnoordkop.com www.lmbverkuijlen.com www.lmbschouten.nl www.agriservicegerarddebruijn.nl www.agroserviceoosterhof.nl peetersgroup.com vankalsbeek-gaast.nl peetersgroup.com www.bezooijen-schreuders.nl www.kleinnibbelink.nl www.magielselmb.nl toonsmink.nl aldenzeelmb.nl www.lmbhuurnink.nl veenstramechanisatie.nl berkerslandbouwmachines.nl ko-bo.nl oudealinktractoren.nl www.msholdenburger.nl www.seehoo.nl vd-riet.nl www.mhtractoren.nl www.evenboer.nl brakagro.nl www.vandersluis.nl www.bartagromechanisatie.nl www.goversmechanisatie.nl smederijhoekstra.nl rosiergreidanus.nl denboeragri.nl www.schouten.ws www.eissestechniek.nl lugtenberg.nl www.franspiek.nl www.lmbmegens.nl www.valkering-used-machines.com www.lmbw.nl smitenalles.nl www.smitenalles.nl www.agromachineryholland.com www.vlaming-groep.nl www.texelsunmechanisatie.nl www.kubota-gelderland.nl www.mechanisatiebedrijfhknoll.nl m.hoekengamechanisatie.nl everaardtechniek.nl postel.nl www.lesscher-lmb.nl www.bertverhoef.nl www.pater-deklomp.nl heijmansagroservice.nl www.vanderwerfbv.nl combiwestmechanisatie.nl www.holaras.com www.markdebresser.nl www.arjanvanlierop.nl www.rademakermachines.nl stefanruizmechanisatie.nl www.next-machinery.com multimachinery.nl kraakman.com basagriservice.eu ho-agrab.nl frakoolmb.nl www.haank.nl www.dehaaragri.nl www.agrotechniekflevoland.nl vanderveenlmb.frl www.thijskwakkenbos.nl www.hofstede-machinery.com simulator.tractors-and-machinery.nl www.henkslager.nl henkslager.nl damhuis-tractoren.nl www.damhuis-tractoren.nl lmbvandermeij.nl www.lmbvandermeij.nl giantknikladernoord.nl www.giantknikladernoord.nl www.abekservice.nl abekservice.nl www.bandenservicereusel.nl; 2 frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; worker-src 'self' data:; font-src 'self' https://*.rocketcdn.me https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com https://www.shopperapproved.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com ; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net https://play.vidyard.com https://*.googletagmanager.com https://*.wp-rocket.me; media-src 'self' https://*.rocketcdn.me; manifest-src 'self' https://*.rocketcdn.me; 2 default-src 'self'; connect-src https:; frame-src https:; font-src https:; img-src https:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; base-uri 'self'; report-uri https://dline.ua/report-uri; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: * blob:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-jul67AIsahKKkPeo3UaUAafT'; upgrade-insecure-requests; 2 img-src 'self' data: https: images.ctfassets.net cookie-cdn.cookiepro.com lux.speedcurve.com *.reciteme.com *.googleapis.com; media-src 'self' https: *.ctfassets.net/; connect-src 'self' https: cookie-cdn.cookiepro.com *.applicationinsights.azure.com *.google-analytics.com *.reciteme.com *.googletagmanager.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.googletagmanager.com js.monitor.azure.com cookie-cdn.cookiepro.com cdn.speedcurve.com www.youtube.com api.reciteme.com; style-src 'self' 'unsafe-inline' api.reciteme.com fonts.googleapis.com fast.fonts.net *.typekit.net; frame-src 'self' *.googletagmanager.com www.youtube.com www.instagram.com my.matterport.com viewings.ehouse.co.uk www.google.com universe.queue-it.net universe.com *.universe.com; 2 default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com; img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ; connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com; script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com www.bugherd.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net www.bugherd.com data: 'unsafe-eval'; 2 frame-ancestors 'self' https://*.opsm.com.au https://*.luxottica.com https://*.essilorluxottica.com; 2 default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src 'self' blob: https://www.paypal.com https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://accounts.google.com https://*.adtrafficquality.google https://fundingchoicesmessages.google.com https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://t.paypal.com https://www.paypalobjects.com https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.adtrafficquality.google https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://cdn.ampproject.org https://www.gstatic.com https://*.adtrafficquality.google https://www.paypal.com https://www.paypalobjects.com 'sha256-b+mf6EIMFYxuAIdk6/2IF09zTUsJrlW6qZaw4opG6QU=' 'sha256-f5g6BkxJ1yWIe/gRp3R+jf8SkUVo9bSekseH2x1cB+k=' https://adservice.google.com https://fundingchoicesmessages.google.com https://accounts.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com https://*.adtrafficquality.google https://www.paypal.com https://www.paypalobjects.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data:; connect-src 'self' cloudflareinsights.com *.cloudflareinsights.com; prefetch-src 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.gstatic.com; script-src-elem 'self' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline'; connect-src 'self' https://rest.zse.hr https://*.google-analytics.com https://consentcdn.cookiebot.com; frame-src 'self' https://consentcdn.cookiebot.com https://youtube.com https://www.youtube.com https://www.google.com; img-src 'self' https://imgsct.cookiebot.com https://zse.hr data:; style-src 'self' 'unsafe-inline' 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 2 default-src 'none'; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self'; object-src 'self'; font-src 'self' data: *; frame-src 'self' *; frame-ancestors 'none'; connect-src 'self' data: *; worker-src 'self' blob: *; 2 default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com; 2 default-src * data:; media-src * 'self' blob: data: https:;img-src * 'self' data: https:; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 connect-src 'self' wss: ws: *.doubleclick.net *.googlesyndication.com *.klaviyo.com *.klarnacdn.net *.cookiebot.com *.termly.io cloudflareinsights.com *.facebook.com *.dojo.tech *.salesfire.co.uk *.onlinesizing.bike *.tawk.to cdn-cookieyes.com *.cookieyes.com *.klaviyo.com *.appspot-preview.com *.bing.com *.clarity.ms *.fontawesome.com *.google-analytics.com *.google.com *.google.co.uk *.googleapis.com *.googletagmanager.com *.hotjar.com *.iubenda.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.luckyorange.net *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.smartlook.cloud *.visitors.live api.getaddress.io bat.bing.com content.hotjar.io eu.klarnaevt.com js.klarna.com live.smartmetrics.co.uk manager.eu.smartlook.cloud maps.googleapis.com metrics.hotjar.io na.klarnaevt.com stats.g.doubleclick.net vc.hotjar.io www.google.se centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com *.googleadservices.com *.google.com *.google.*; default-src 'self' *.klaviyo.com *.dojo.tech *.salesfire.co.uk *.googleapis.com *.trustpilot.com; font-src 'self' *.klaviyo.com *.dojo.tech *.pushsales.app *.tawk.to *.salesfire.co.uk *.klaviyo.com fonts.gstatic.com *.cloudflare.com *.fontawesome.com *.typekit.net x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consent.cookiebot.com; form-action 'self' *.list-manage.com translate.googleapis.com pay.realexpayments.com *.klaviyo.com *.dojo.tech *.facebook.com *.paypal.com *.sagepay.com *.worldpay.com eu-library.klarnaservices.com gateway.cardstream.com live.opayo.eu.elavon.com mdepayments.epdq.co.uk test.opayo.eu.elavon.com js.stripe.com *.sandbox.paypal.com *.paypal.com *.accounts.google.com; frame-ancestors 'self'; frame-src *.outfindo.com youtu.be *.klaviyo.com hubtiger.com app.bikerentalmanager.com connect.garmin.com widgets.sociablekit.com *.paypalobjects.com www.googletagmanager.com bikesizing.cube.eu www.paypal.com bookings.hubtiger.com challenges.cloudflare.com *.onlinesizing.bike consentcdn.cookiebot.com *.termly.io *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.greencommuteinitiative.uk greencommuteinitiative.uk *.instagram.com *.paymentsense.cloud *.sharethis.com *.strava.com *.trustpilot.com *.vimeo.com *.youtube-nocookie.com *.youtube.com www.komoot.com cdn.salesfire.co.uk jejames.checkfront.co.uk js.klarna.com td.doubleclick.net www.cyclescheme.co.uk osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com js.stripe.com forms.office.com ridewithgps.com platform.twitter.com *.webgains.com *.recaptcha.net *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; img-src 'self' 'unsafe-inline' data: https: *.klaviyo.com *.dojo.tech *.google-analytics.com *.googletagmanager.com *.gravatar.com 0.gravatar.com l.sharethis.com www.gravatar.com www.specialized.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com platform.twitter.com *.consentprotect.com www.googletagmanager.com www.youtube.com *.livechatinc.com *.kaspersky-labs.com *.googlesyndication.com analytics.tiktok.com *.googleadservices.com *.paypal.com widget.privy.com *.list-manage.com *.amazonaws.com *.mailchimp.com *.klaviyo.com *.checkfront.co.uk *.klarnacdn.net *.pushsales.co.uk challenges.cloudflare.com static.cloudflareinsights.com ajax.cloudflare.com *.dojo.tech *.cube.eu *.klarnaservices.com *.clarity.ms *.hotjar.com *.bing.com *.salesfire.co.uk js.klarna.com *.onlinesizing.bike *.clarity.ms *.tawk.to *.avln.me *.bing.com *.webgains.io *.klaviyo.com cdn-cookieyes.com *.chimpstatic.com chimpstatic.com *.googleapis.com *.getaddress.io *.iubenda.com *.addthis.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.instagram.com *.klarna.com *.klarnaservices.com *.luckyorange.com *.newrelic.com *.nr-data.net *.paymentsense.cloud *.pushsales.app *.salesfire.co.uk *.sharethis.com *.trustpilot.com *.typekit.net *.vimeo.com cdn.jsdelivr.net cdn.salesfire.co.uk cdnjs.cloudflare.com code.jquery.com *.cookiebot.com *.termly.io hit.salesfire.co.uk js.klarna.com kit.fontawesome.com maps.googleapis.com polyfill-fastly.io script.hotjar.com *.elfsight.com static.hotjar.com unpkg.com web-sdk.smartlook.com www.google.com www.gstatic.com x.klarnacdn.net osm.klarnaservices.com *.webmaps.co.uk centinelapi.cardinalcommerce.com *.outfindo.com outfindo.com *.promofeatures.com js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com consent.cookiebot.com *.googleadservices.com; style-src 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; style-src-elem 'self' 'unsafe-inline' *.google.com www.google.com *.mailchimp.com *.klaviyo.com *.dojo.tech *.paymentsense.cloud *.tawk.to *.salesfire.co.uk *.klaviyo.com *.getaddress.io *.googleapis.com *.pushsales.app *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com npkg.com x.klarnacdn.net js.stripe.com *.sandbox.paypal.com *.paypal.com consentprotect.com *.accounts.google.com; report-to csp-endpoint; 2 script-src *.bancfirst.tv *.cloudflare.com *.youtube.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.youtube.com *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com 2 default-src 'self' lipseys.uservoice.com www.google.com google.com userway.org cdn.userway.org gunstreamer.com next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com docs.google.com www.youtube-nocookie.com www.youtube.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com www.lipseys.com lipseys.com www.clarity.ms www.google.com google.com gstatic.com www.gstatic.com cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com ajax.googleapis.com cdn.jsdelivr.net cdn.ravenjs.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com kit.fontawesome.com https://*.posthog.com;style-src 'self' 'unsafe-inline' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com fonts.googleapis.com maxcdn.bootstrapcdn.com kit-free.fontawesome.com ka-f.fontawesome.com;connect-src 'self' cdn.userway.org wss://live.lipseysdistribution.net contentapi.lipseysdistribution.net itemsapi.lipseysdistribution.net live.lipseysdistribution.net docs.google.com ka-f.fontawesome.com api.userway.org userway.org *.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com api.lipseys.com sentry.io www.google-analytics.com *.clarity.ms c.bing.com https://*.posthog.com;font-src 'self' cdn.userway.org next.lipseys.com lipseys.com nextlipseys.herokuapp.com protected-halibut-b3xg5x77qi15g4boziqsz56s.herokudns.com maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com ka-f.fontawesome.com;img-src * data: blob:;upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 2 default-src 'self'; img-src 'self' https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com data:; media-src 'self' https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://linkedin.com https://*.linkedin.com https://*.amplitude.com https://amplitude.com https://app.allfunds.com/docs/cms/header_web_5d4b57c95f.mp4 data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://*.googleapis.com https://*.recaptcha.net https://recaptcha.net https://www.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://apis.google.com https://www.google-analytics.com https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; font-src 'self' data: https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; connect-src 'self' https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://allfunds.com https://*.googleapis.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://dashboard-v2.allfunds.dev https://telemetrics-widgets.allfunds.dev wss://app.allfunds.com https://cdn.plyr.io https://region1.google-analytics.com https://region1.analytics.google.com https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://clarity.ms https://*.clarity.ms; frame-src 'self' https://www.google.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://intranet.allfunds.com https://app.allfunds.com https://*.recaptcha.net https://recaptcha.net https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev https://player.vimeo.com https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://myconnect.allfunds.com https://myconnect.allfunds.dev; object-src 'none'; 2 default-src 'self' naturaprende.net *.naturaprende.net escuelanaturayavon.net *.escuelanaturayavon.net *.jsdelivr.net unpkg.com cdnjs.cloudflare.com cdn.datatables.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com.ar *.google.com *.youtube.com *.ytimg.com naturamediaawsbucket.s3.sa-east-1.amazonaws.com 'unsafe-inline' data:; frame-src * 2 X-Frame-Options: SAMEORIGIN 2 img-src 'self' https: data:; 2 default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self'; base-uri 'none'; frame-ancestors 'none'; frame-src 'none'; object-src 'none'; media-src 'none'; child-src 'none'; form-action 'self'; worker-src 'none'; manifest-src 'none'; 2 frame-ancestors https://*.rsca.be https://*.rsca.infosupport.com https://*.ddev.site; report-uri /report-csp-violation 2 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://builder.io/ *.builder.io fonts.gstatic.com;font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fullstory.com https://builder.io/ *.builder.io https://websdk.appsflyer.com *.googletagmanager.com; img-src 'self' *.google.co.in https://builder.io/ *.builder.io data: blob: https://builder.io/ *.builder.io *.googletagmanager.com; frame-src 'self' data: blob: https://builder.io/ *.builder.io *.doubleclick.net https://www.youtube.com; frame-ancestors 'self' https://builder.io/ *.builder.io; object-src 'self' data: blob: https://builder.io/ *.builder.io; connect-src 'self' *.doubleclick.net *.google.com *.google-analytics.com https://res.cloudinary.com https://unpkg.com/ https://cdn.jsdelivr.net/ https://unityserverapi.pulseai.in/ data: blob: https://builder.io/ *.builder.io; media-src 'self' https://cdn.builder.io data: blob: https://builder.io/ *.builder.io; 2 script-src 'self' https://checkout.stripe.com https://kit.fontawesome.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; object-src 'self'; child-src 'self' https://checkout.stripe.com; connect-src 'self' https://checkout.stripe.com https://*.fontawesome.com 2 block-all-mixed-content; base-uri 'self'; object-src 'self'; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 2 default-src 'self'; img-src 'self' data: https://chat.web-solutions.eu https://*.w.org https://www.google.com https://bat.bing.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://*.google.com; frame-src 'self' https://www.google.com; connect-src 'self' https://web-solutions.eu https://web-solutions.com.pl https://clients.web-solutions.eu https://cdn.jsdelivr.net https://bat.bing.com https://*.google-analytics.com; object-src 'none' 2 upgrade-insecure-requests; frame-ancestors https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net/ https://fonts.googleapis.com https://app.icontact.com/icp/static/human/css/signupBuilder/formGlobalStyles.css https://use.fontawesome.com/releases/v5.0.10/css/all.css https://fonts.googleapis.com/css; script-src-elem 'self' 'unsafe-inline' https://js.ipredictive.com/adelphic_universal_pixel.js https://ipmeta.io/plugin.js https://www.googleadservices.com/ https://widgets.pinterest.com/ https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinit.js https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://calendar.time.ly/embed.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebAttribution.js https://bs.serving-sys.com/Serving/ https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://app.icontact.com/ https://searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js https://searchg2.crownpeak.net/ https://js.adsrvr.org/up_loader.1.1.0.js https://bat.bing.com/ https://googleads.g.doubleclick.net https://connect.facebook.net/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://player.vimeo.com/api/player.js; frame-src https://calendar.google.com/ https://11385019.fls.doubleclick.net/ https://ad.ipredictive.com/ https://www.youtube.com/ https://calendar.time.ly/ https://www.google.com/ https://client.formularynavigator.com/ https://www.findhelp.com/ https://insight.adsrvr.org/ https://td.doubleclick.net/ https://amerihealth.enroll.cavulus.com/ https://priorauthlookup.amerihealthcaritas.com/ https://e.issuu.com/ https://player.vimeo.com/; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com https://use.fontawesome.com/; connect-src 'self' https://analytics.google.com/ https://ipmeta.io/api/enrich https://bat.bing.com/p/insights/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; img-src 'self' https://i.ytimg.com/ https://i.ytimg.com/ https://i.vimeocdn.com/ https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://log.pinterest.com/ https://i.pinimg.com https://bs.serving-sys.com/Serving/ https://app.icontact.com/ https://www.facebook.com/ https://bat.bing.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com data:; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' http://static.site24x7rum.com https://static.site24x7rum.com http://cdn.appdynamics.com https://cdn.appdynamics.com https://www.googletagmanager.com; object-src 'none' 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit https://51degrees.tv/ch-test-api https://raw.githubusercontent.com/51Degrees/ https://raw.githubusercontent.com/actions/;font-src 'self';img-src 'self' data: http://images.51degrees.mobi https://images.51degrees.mobi https://51degrees.cachefly.net https://m.media-amazon.com https://raw.githubusercontent.com/51Degrees/;frame-src 'self' https://player.vimeo.com http://player.vimeo.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.smartsimple.biz https://www.google.com *.gstatic.com *.googleapis.com *.stripe.com *.paypal.com *.orcid.org https://orcid.org *.highcharts.com https://www.youtube.com *.walkme.com *.walkmeusercontent.com; frame-ancestors 'self'; object-src 'none' 2 frame-ancestors 'self' https://newaccount.wsfsbank.com; 2 report-uri https://6mqx772b3g.execute-api.us-east-1.amazonaws.com/prod/report; img-src 'self' https://cdn.caseware.com data: https://www.google.ca https://www.caseware.nl https://static.hsappstatic.net https://*.leadinfo.net https://*.leadinfo.com https://*.gravatar.com https://*.ytimg.com https://i.vimeocdn.com https://*.w.org https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.linkedin.com https://www.facebook.com https://cdn-cookieyes.com https://*.hotjar.com https://yoast.com https://www.wpo365.com https://wp-rocket.me https://wpml.org https://f.vimeocdn.com https://toolset.com https://bat.bing.com https://*.hotjar.com https://yoast.com https://www.wpo365.com https://wp-rocket.me https://wpml.org https://*.leadinfo.net https://*.leadinfo.com https://bat.bing.com; script-src 'self' https://cdn.caseware.com 'unsafe-inline' 'unsafe-eval' blob: https://googleads.g.doubleclick.net https://js.hubspotfeedback.com https://js-eu1.hubspotfeedback.com https://js.hsleadflows.net https://js-eu1.hsleadflows.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://js.hscollectedforms.net https://js-eu1.hscollectedforms.net https://js.hsadspixel.net https://js-eu1.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js-eu1.hs-banner.com https://js.hs-analytics.net https://js-eu1.hs-analytics.net https://forms.hsforms.com https://forms-eu1.hsforms.com https://*.usemessages.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://cdn-cookieyes.com https://connect.facebook.net https://*.licdn.com https://www.youtube.com https://*.hotjar.com https://yoast.com https://my.yoast.com https://fast.wistia.com https://beacon-v2.helpscout.net https://*.wpml.org https://g10696554090.co/gr https://*.leadinfo.net https://*.leadinfo.com https://bat.bing.com https://js.zi-scripts.com https://*.googletagmanager.com https://www.clarity.ms/tag/; font-src 'self' https://cdn.caseware.com data: https://*.leadinfo.net https://*.leadinfo.com https://fonts.gstatic.com https://www.youtube.com https://*.hotjar.com https://static2.sharepointonline.com/files/fabric/assets/ https://spoprod-a.akamaihd.net/files/fabric/assets/; frame-src 'self' https://cdn.caseware.com https://4223919.hs-sites.com https://idea-caseware-2109885.hs-sites.com/ https://caseware-co-755348.hs-sites.com https://*.leadinfo.net https://*.leadinfo.com https://www.youtube.com/embed/ https://player.vimeo.com/ https://*.hubspot.com https://forms.hsforms.com https://forms-eu1.hsforms.com https://*.google.com https://www.facebook.com https://145367553.hs-sites-eu1.com; style-src 'unsafe-inline' 'self' https://cdn.caseware.com data: https://*.leadinfo.net https://*.leadinfo.com https://fonts.googleapis.com https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://wp-rocket.me https://www.dailymotion.com; connect-src 'self' https://cdn.caseware.com https://js.hs-banner.com https://js-eu1.hs-banner.com https://*.googlesyndication.com https://*.leadinfo.net https://*.leadinfo.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/prod/27246368/ https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://cdn-cookieyes.com https://*.cookieyes.com https://cdn.linkedin.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://yoast.com https://my.yoast.com https://www.wpo365.com https://www.facebook.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/2109885/ https://*.wpml.org https://api.unbounce.com https://px.ads.linkedin.com https://bat.bing.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.clarity.ms/tag/; object-src 'none'; base-uri 'self' https://cdn.caseware.com; form-action 'self' https://cdn.caseware.com https://*.leadinfo.net https://*.leadinfo.com https://login.microsoftonline.com https://www.facebook.com https://forms.hsforms.com https://forms-eu1.hsforms.com; frame-ancestors 'self' https://cdn.caseware.com 2 frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 2 frame-ancestors https://tiger-corporation.com https://*.tiger-corporation.com https://community.tigerbottles.com; 2 default-src 'self'; connect-src 'self' matomo.sib.swiss noembed.com cdn.plyr.io sentry-dev.vital-it.ch www.vital-it.ch; font-src 'self' fonts.bunny.net cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com data: ; img-src 'self' www.sib.swiss matomo.sib.swiss data: i.ytimg.com *.twitter.com wayf.switch.ch infozentrum.ethz.ch https://raw.githubusercontent.com/sib-swiss/ ui-avatars.com https://www.gstatic.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss cdn.plyr.io www.youtube.com https://cdn.jsdelivr.net wayf.switch.ch cdnjs.cloudflare.com code.jquery.com static.filestackapi.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net cdn.datatables.net ajax.googleapis.com player.vimeo.com; style-src 'self' 'unsafe-inline' cdn.plyr.io fonts.bunny.net wayf.switch.ch cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com cdn.datatables.net; frame-src 'self' www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net https://e.issuu.com player.vimeo.com; frame-ancestors 'self' https://sibcloud.sharepoint.com/ https://intranet.sib.swiss/; worker-src 'self' blob: ; 2 default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/ https://eu-api.friendlycaptcha.eu/api/v1/puzzle; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/bot-media/ https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com *.bayern.de https://www.youtube-nocookie.com/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'wasm-unsafe-eval' 'self' https://www.piwik.bayern.de/piwik/piwik.js *.bayern.de https://*.assistent.bayern.de/static/; worker-src blob:; child-src blob: 2 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com; script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com; connect-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com wss://*.hotjar.com; style-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com fonts.googleapis.com; frame-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com; img-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.hotjar.com; font-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com; worker-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';; upgrade-insecure-requests 2 default-src https: blob: 'unsafe-eval' 'unsafe-inline'; font-src https: data: filesystem: 'unsafe-inline'; img-src https: data: ; 2 default-src 'self' data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com px.ads.linkedin.com cdn.linkedin.oribi.io region1.analytics.google.com varta.matomo.cloud metrics.hotjar.io csmetrics.hotjar.com content.hotjar.io wss://ws.hotjar.com wss://wsp19.hotjar.com csmetrics.hotjar.com wss://ws32.hotjar.com wss://ws5.hotjar.com in.hotjar.com csp.withgoogle.com www.salesviewer.com salesviewer.org www.varta-ag.com dev.varta-ag.com www.facebook.com region1.google-analytics.com maps.googleapis.com stats.g.doubleclick.net www.google-analytics.com irs.tools.investis.com static.b-ite.com www.youtube.com jobs.b-ite.com config1.veinteractive.com cookiee1.veinteractive.com sessionapi.veinteractive.com dtrc.veinteractive.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com snap.licdn.com script.hotjar.com static.hotjar.com clients1.google.com cse.google.com www.varta-ag.com dev.varta-ag.com connect.facebook.net maps.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net www.youtube.com static.b-ite.com cs-assets.b-ite.com config1.veinteractive.com https://partner.googleadservices.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; font-src 'self' 'unsafe-inline' data: www.varta-ag.com dev.varta-ag.com fonts.gstatic.com googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://stats.g.doubleclick.net biz2.service.varta-ag.com connect.facebook.net www.linkedin.com px.ads.linkedin.com region1.analytics.google.com cse.google.com clients1.google.com www.googleapis.com ssl.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com www.varta-ag.com dev.varta-ag.com www.varta-microbattery.com www.facebook.com biz.service.varta-consumer.com cs-assets.b-ite.com https://google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.de https://region1.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com; style-src https: 'unsafe-inline' www.varta-ag.com dev.varta-ag.com; frame-src 'self' www.varta-ag.com www.varta.de www.powerone-household.com www.v4smart.com driveuploader.com www.google.com irs.tools.investis.com www.youtube-nocookie.com www.youtube.com vartastoragegmbh.myfreshworks.com https://www.googletagmanager.com https://td.doubleclick.net; frame-ancestors 'self' www.varta-ag.com https://varta-sales-spot.hald.de https://sales-spot.varta-ag.com; child-src blob: 'self' vars.hotjar.com cse.google.com www.varta-ag.com dev.varta-ag.com www.youtube-nocookie.com www.youtube.com config1.veinteractive.com www.google.com cdn.matomo.cloud irs.tools.investis.com webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com; connect-src https://www.youtube-nocookie.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://px.ads.linkedin.com https://salesviewer.org https://www.varta-ag.com https://jobs.b-ite.com https://content.hotjar.io wss://ws.hotjar.com https://www.youtube.com/iframe_api; 2 base-uri 'self'; frame-ancestors 'self' *.saleshood.com; 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.licdn.com *.evgnet.com *.zoominfo.com *.eum-appdynamics.com *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.marketo.com cdn.appdynamics.com www.googletagmanager.com code.jquery.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.crazyegg.com *.adsymptotic.com www.youtube.com *.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com tools.cdc.gov/TemplatePackage/contrib/libs/jquery/1.12.4/jquery.js tools.cdc.gov/TemplatePackage/contrib/widgets/tp-widget-external-loader.js https://data.processwebsitedata.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://cdn.cookielaw.org *.vimeo.com js.zi-scripts.com blob: 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net app-sjo.marketo.com code.jquery.com *.marketo.com https://tagmanager.google.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: forms.hsforms.com *.google.com *.linkedin.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://aedevstoragecdn.azureedge.net https://aeprdcmsstoragecdn.azureedge.net https://aeprdusstoragecdn.azureedge.net code.jquery.com *.googletagmanager.com *.adsymptotic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://cdn.cookielaw.org/ *.cookielaw.org *.sirva.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googleapis.com; frame-src *.vimeo.com td.doubleclick.net *.marketo.com 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com api.hubapi.com forms.hubspot.com *.doubleclick.net *.evergage.com *.google-analytics.com *.crazyegg.com *.marketo.com *.eum-appdynamics.com https://*.dec.sitefinity.com *.mktoresp.com *.zoominfo.com https://js.hs-banner.com https://cdn.cookielaw.org https://*.onetrust.com analytics.google.com px.ads.linkedin.com js.zi-scripts.com *.facebook.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com app-sjo.marketo.com *.sirva.com.au www.cdc.gov/ https://player.youku.com https://valc.atm.youku.com 'self' web-chat.nativechat.com 2 frame-ancestors https://resources.accusoft.com 'self' 2 object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.google-analytics.com https://www.juso.go.kr https://www.clarity.ms; 2 default-src 'self' *.eisneramper.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cm.g.doubleclick.net https://ib.adnxs.com https://a.dpmsrv.com https://s.dpmsrv.com/ https://www.googleadservices.com https://okt.to https://view.ceros.com https://buttons-config.sharethis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://i.simpli.fi/p https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://okt.to/ping https://platform-api.sharethis.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://static.oktopost.com https://t.sharethis.com https://tag.simpli.fi https://unpkg.com/ https://cdn.jsdelivr.net/ https://w.usabilla.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://js.adsrvr.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://forms.hubspot.com/ https://www.google.com/ https://js.hs-banner.com https://content.hotjar.io wss: https://analytics.google.com https://api.hubapi.com https://bcp.crwdcntrl.net https://forms.hsforms.com https://l.sharethis.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://unpkg.com https://cdn.jsdelivr.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com https://finance.yahoo.com/ https://www.youtube.com/iframe_api https://www.youtube.com https://insights.eisneramper.com https://insight.adsrvr.org/ https://view.ceros.com *.hsforms.com *.hsforms.net *.podbean.com https://11782456.fls.doubleclick.net https://player.vimeo.com https://t.sharethis.com https://td.doubleclick.net https://www.google.com; img-src 'self' https: https://www.linkedin.com https://ib.adnxs.com https://fei.pro-market.net https://platform-cdn.sharethis.com https://l.sharethis.com https://okt.to https://track.hubspot.com https://jelly-v6.mdhv.io data: https://ad.doubleclick.net https://analytics.twitter.com https://cm.g.doubleclick.net https://forms-na1.hsforms.com https://forms.hsforms.com https://i.vimeocdn.com https://jelly.mdhv.io https://p1.aprimocdn.net https://px.ads.linkedin.com https://sync.sharethis.com https://t.co https://um.simpli.fi https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com; manifest-src 'self'; media-src 'self'; worker-src 'none';frame-ancestors 'self' *.concurra.com; form-action https: ; 2 img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; 2 default-src 'self'; connect-src 'self' s3.us-west-2.amazonaws.com/upload.com.fmod/uploads/ d1s9dnlmdewoh1.cloudfront.net dzs87adaua2qh.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com; font-src 'self' cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com blob:; img-src 'self' d1s9dnlmdewoh1.cloudfront.net d26jga8jjsa591.cloudfront.net dzs87adaua2qh.cloudfront.net; frame-src 'self' www.youtube.com player.twitch.tv; media-src 'self' d26jga8jjsa591.cloudfront.net; worker-src 'self' blob: 2 worker-src blob:; default-src * data: 'unsafe-eval' 'unsafe-inline' 2 default-src 'self'; frame-ancestors https://*.greenwheels.com ; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 2 default-src 'self';style-src 'self' 'unsafe-inline' *.webflow.com *.website-files.com *.googleapis.com *.weglot.com *.audiense.com *.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouseflow.com *.chilipiper.com *.hubspot.com *.webflow.com *.website-files.com *.google.com *.googletagmanager.com *.googleapis.com *.partnerstack.com *.mxpnl.com *.weglot.com d3e54v103j8qbb.cloudfront.net *.hs-scripts.com *.hsforms.net *.profitwell.com snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net js.hsadspixel.net js.hs-banner.com *.hs-analytics.net js.hsleadflows.net js.usemessages.com www.datadoghq-browser-agent.com *.facebook.net *.calconic.com *.hsappstatic.net *.hsforms.net *.audiense.com *.hotjar.com *.g2crowd.com *.365insightcreative.com;img-src 'self' *.mouseflow.com data: *.webflow.com *.hsforms.com *.linkedin.com *.website-files.com *.googletagmanager.com *.hubspot.com *.google-analytics.com *.google.com *.google.es *.facebook.com *.hsforms.com *.audiense.com *.hotjar.com d3e54v103j8qbb.cloudfront.net;connect-src 'self' *.mouseflow.com *.chilipiper.com *.hubspot.com *.google-analytics.com *.google.com pagead2.googlesyndication.com *.website-files.com *.cdn-api-weglot.com partnerlinks.io *.weglot.com *.webflow.com *.hubapi.com *.hubspot.com stats.g.doubleclick.net rum.browser-intake-datadoghq.com app.calconic.com *.facebook.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com cdn.linkedin.oribi.io statistics-dot-calconic-app.appspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.linkedin.com https://cdn-api-weglot.com https://http-intake.logs.datadoghq.com *.google.es *.g2crowd.com;font-src 'self' *.mouseflow.com data: *.gstatic.com *.hotjar.com;frame-src 'self' *.mouseflow.com *.chilipiper.com td.doubleclick.net app.calconic.com *.hsforms.net *.hubspot.com https://www.g2.com/ cdn.embedly.com *.hotjar.com https://audiensedemandindex.vercel.app;media-src 'self' *.audiense.com;child-src 'self' *.mouseflow.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; style-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: data:; font-src https: data:; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.princesscasino.ro https://bingo-sw360.pragmaticplay.net 2 frame-ancestors 'self' www.bibliotecanacionaldigital.gob.cl www.chileparaninos.gob.cl www.memoriachilena.gob.cl; 2 img-src 'self' data: *.insurance188.com brace.video.qq.com *.ebay.com *.salesforce.com *.ebay.cn myun-hw-s3.myun.tv *.myun.tv static.mudu.tv www.google-analytics.com *.salesforce.com *.force.com btrace.video.qq.com vm.gtimg.cn vpic.video.qq.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 2 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://d2d7do8qaecbru.cloudfront.net https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.youtube-nocookie.com https://d.agkn.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://irazor.stage.gillette.co.uk https://insight.adsrvr.org/track/up https://match.adsrvr.org https://tr6.snapchat.com https://pandg.tapad.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.ringcentral.com wss://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.co.uk https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://lime.cdncontentdelivery.com https://www.tp88trk.com https://tr.snapchat.com https://*.sjv.io https://analytics.tiktok.com https://*.contentsquare.net https://*.odicci.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hello.myfonts.net https://campaign.odicci.com; form-action 'self' https://www.facebook.com https://www.gillette.co.uk https://gillette.co.uk https://m.gillette.co.uk https://checkout.gillette.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://*.ringcentral.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://code.jquery.com https://geolocation.onetrust.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://hello.myfonts.net https://pghub.io https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 2 frame-ancestors 'self' *.netopia-payments.com 2 default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; object-src 'self' * 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.3lift.com *.acuityplatform.com *.adadvisor.net *.adform.net *.adgrx.com *.admission.net *.admixer.net *.adnxs.com *.adotmob.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.alcmpn.com *.amazon-adsystem.com *.amazonaws.com *.apxlv.com *.arcgis.com *.betweendigital.com *.bfmio.com *.bidr.io *.bidswitch.net *.bluekai.com *.bootstrapcdn.com *.brandcdn.com *.cdc.gov *.choozle.com *.cloudflare.com *.cloudfront.net *.cogocast.net *.company-target.com *.contextweb.com *.crazyegg.com *.crwdcntrl.net *.demdex.net *.docscores.com *.domdex.com *.dotomi.com *.doubleclick.net *.eloqua.com *.emailsrvr.com *.en25.com *.ensighten.com *.entitytag.co.uk *.epichosted.com *.everesttech.net *.exelator.com *.facebook.com *.facebook.net *.fg8dgt.com *.force.com *.fwmrm.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.healthgrades.com *.mercuryhealthcare.com *.imrworldwide.com *.insightexpressai.com *.intentiq.com *.ipredictive.com *.jumptap.com *.krxd.com *.krxd.net *.liadm.com *.libsyn.com *.licdn.com *.lijit.com *.linkedin.com *.linksynergy.com *.mathtag.com *.mdhv.io *.medtouch.com *.ml314.com *.ml314.com *.moatads.com *.mookie1.com *.ngrok.io *.nrchealth.com *.openx.net *.placelocal.com *.prfct.com *.pro-market.net *.pubmatic.com *.quantserve.com *.reson8.com *.rfihub.com *.rkdms.com *.rlcdn.com *.rubiconproject.com *.rundsp.com *.salesforce.com *.scorecardresearch.com *.semasio.net *.sharethis.com *.simpli.fi *.siteimproveanalytics.com *.siteimproveanalytics.io *.sitescout.com *.spotify.com *.spotxchange.com *.stickyadstv.com *.sundaysky.com *.survata.com *.swarminteractive.com *.tapad.com *.thrtle.com *.tidaltv.com *.tinypic.com *.tremorhub.com *.tribalfusion.com *.trueleadid.com *.truoptik.com *.turn.com *.twitter.com *.twimg.com *.undertone.com *.universityhealthsystem.com *.universityhealth.com *.universityhealthsystemsc.dev.local *.viewmedica.com *.vindicosuite.com *.w55c.net *.walmart.com *.xspadvertising.com *.yahoo.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yextpages.net *.perfalytics.com https://freshpaint-cdn.com https://perfalytics.com https://addevent.com http://siteimproveanalytics.com https://oxblue.com https://pippio.com https://siteimproveanalytics.com https://thrtle.com https://uhs-portal.com https://universityhealthsystemsc.dev.local https://viewmedica.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://rg-uh-corpcomm-sitecore-pr-288890-cd.azurewebsites.net/ https://rg-uh-corpcomm-sitecore-pr-288890-cm.azurewebsites.net/ https://searchcloud-2-us-east-1.searchstax.com/ https://static.searchstax.com https://analytics-us.searchstax.com; 2 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2 default-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.bing.com *.clarity.ms; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com *.hotjar.com *.hotjar.io wss://*.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.clarity.ms *.licdn.com *.linkedin.com *.seznam.cz *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com *.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com *.typekit.net *.googletagmanager.com *.googleapis.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com; frame-src *; child-src 'none'; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com *.hotjar.com; object-src 'none'; report-to 'default'; 2 default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io https://*.s3.eu-central-1.amazonaws.com https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.eu01.nr-data.net https://www.googletagmanager.com https://js-agent.newrelic.com https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io https://uptime.betterstack.com/widgets/announcement.js https://www.youtube.com https://widget.intercom.io https://app.intercom.io https://js.intercomcdn.com https://*.visitor-analytics.io https://api.session-replays.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' data: https://fonts.gstatic.com https://*.fulll.io https://*.inexweb.fr https://js.intercomcdn.com https://fonts.intercomcdn.com; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io https://www.youtube.com/ https://intercom-sheets.com/; connect-src blob: data: https://bam.eu01.nr-data.net wss://*.fulll.io wss://*.inexweb.fr https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io https://cdn.jsdelivr.net/npm/@emoji-mart/ https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://vimeo.com https://*.visitor-analytics.io https://api.session-replays.io; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io 2 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self' https://quarta-hunt.ru https://shottime.ru https://stalker.ru https://hutapparel.ru https://webvisor.com https://metrika.yandex.com https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com.tr; 2 frame-ancestors "none"; 2 font-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com; img-src 'self' https://*.patton.io http://*.w3.org https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net https://*.slack-edge.com https://img.youtube.com data:; media-src 'self' https://*.patton.io https://notificationsounds.com data:; script-src 'self' https://*.patton.io https://www.google.com https://*.gstatic.com https://*.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.patton.io https://*.google.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.patton.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.global.ssl.fastly.net http://*.w3.org https://*.slack-edge.com https://notificationsounds.com wss:; frame-src 'self' https://*.patton.io https://*.google.com https://www.youtube.com; default-src 'self' https://*.patton.io 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://*.flashbay.com https://*.app.netsuite.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://*.cookiebot.com https://*.etracker.com https://www.etracker.de https://*.youtube-nocookie.com; frame-ancestors 'self' https://*.etracker.com https://www.etracker.de; style-src-elem 'self' blob: 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com data: https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cookiebot.com https://*.etracker.com https://*.etracker.de https://*.b-ite.com https://connect.facebook.net; worker-src 'self' blob:; 2 frame-ancestors 'self' https://*${toyota_KZ_RU_ROOT} https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self' *.qbrick.com; media-src * blob:; worker-src * blob:; object-src 'self'; connect-src wss: https: 2 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2 default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' inline: blob: eval: wasm-eval: https://g.alicdn.com https://images.uc.cn https://connect.facebook.net https://www.googletagmanager.com https://we-like.com https://ajax.googleapis.com https://hmwa.helmholtz-munich.de https://platform.twitter.com https://static.b-ite.com https://cs-assets.b-ite.com https://altruja.de https://em.altruja.de;script-src-elem 'self' 'unsafe-inline' blob: inline: https://player.vimeo.com https://altruja.de https://em.altruja.de https://data1.mulesto.com https://data1.bimien.com https://gc.kis.v2.scr.kaspersky-labs.com https://hublosk.com https://jullyambery.net https://www.googletagmanager.com https://ubaslome.maynhtml.com https://cdnjs.cloudflare.com https://we-like.com https://data1.bemitch.com https://connect.facebook.net https://data1.open-dog.com https://xeldurap.peazheut.com https://ajax.googleapis.com https://me.kis.v2.scr.kaspersky-labs.com https://ff.kis.v2.scr.kaspersky-labs.com https://static.b-ite.com https://hmwa.helmholtz-munich.de https://cs-assets.b-ite.com https://platform.twitter.com https://altruja.de https://em.altruja.de;style-src 'self' 'unsafe-inline';img-src 'self' https://px.effirst.com blob: moz-extension: https://images.admiralcloud.com https://cdn.leanlibrary.app https://icelandsue.com https://fonts.gstatic.com https://translate.google.com https://static.b-ite.com https://gateway.zscaler.net https://www.researchsolutions.com https://i.vimeocdn.com https://scontent-vie1-1.cdninstagram.com https://cs-assets.b-ite.com https://images.admiralcloud.com https://hmwa.helmholtz-munich.de https://imagebasics.admiralcloud.com https://altruja.de https://em.altruja.de data: https://syndication.twitter.com https://i.ytimg.com;font-src 'self' moz-extension: data: chrome-extension: https://use.typekit.net https://at.alicdn.com https://cdn.scite.ai https://fonts.gstatic.com;media-src 'self' https://mediafra.admiralcloud.com data: https://filehub.admiralcloud.com;frame-src 'self' https://youtu.be https://vimeo.com noop.style https://safe.menlosecurity.com https://www1.wdr.de https://div.show https://mozbar.moz.com https://api.blockads247.com https://www.healthtv.de https://pwm-image.trendmicro.com https://purplestats.com https://www.imp.ac.at https://m.youtube.com https://www.3sat.de https://www.zaum-online.de https://www.br.de https://loader.media https://we-like.com https://hmwa.helmholtz-munich.de https://app.powerbi.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://syndication.twitter.com https://view.genial.ly https://view.genially.com https://www.ardmediathek.de https://altruja.de https://em.altruja.de;frame-ancestors 'self';connect-src 'self' https://px.effirst.com data: wss://127.0.0.1:* wss://view-localhost:51542 https://metrics-dre.dt.dbankcloud.cn https://api.fbanalytics.org https://api.crystal-blocker.com https://api.srv247app.com https://api.mkmediaworks.com https://api.amcreativemedia.com https://update.adblock360.org https://translate-pa.googleapis.com https://api.moncyber-api.com https://api.blockads247.com https://translate.googleapis.com https://images.admiralcloud.com https://overbridgenet.com https://static.b-ite.com https://region1.google-analytics.com https://api.crossref.org https://cdn.plyr.io https://hmwa.helmholtz-munich.de https://jobs.b-ite.com;style-src-elem 'self' 'unsafe-inline' https://icelandsue.com https://pwm-image.trendmicro.com https://static.b-ite.com https://www.gstatic.com https://fonts.googleapis.com;worker-src 'self' data: blob:;manifest-src 'self';report-uri https://sentry2.in2code.de/api/17/security/?sentry_key=78ec2c714b5cd653de69205ed1dba745;report-to default 2 default-src 'self' https://myrgroup.com; script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.chasepaymentechhostedpay.com https://js.stripe.com 'unsafe-eval' https://*.mailgun.net https://myrgroup.com; script-src-elem 'self' blob: https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.chasepaymentechhostedpay.com https://js.stripe.com 'unsafe-eval' https://www.gstatic.com https://myrgroup.com; style-src 'self' 'unsafe-inline' blob: https://use.typekit.net https://p.typekit.net https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://myrgroup.com; style-src-elem 'self' https://use.typekit.net https://p.typekit.net 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com/ https://myrgroup.com; font-src 'self' https://use.typekit.net https://p.typekit.net data: 'unsafe-inline' https://s0.wp.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://myrgroup.com; img-src 'self' data: https://myrgroup.com https://myrgroup.myr.studiothink.com https://myrgroup.stg.studiothink.com https://www.plpredimix.com https://s.w.org https://maps.googleapis.com https://maps.gstatic.com https://www.google.ca https://www.google-analytics.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://www.google.ca https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://*.mailgun.net https://myrgroup.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google.fr; object-src 'none'; frame-src https://www.youtube.com https://www.chasepaymentechhostedpay.com https://js.stripe.com/ https://checkout.stripe.com https://myrgroup.com; report-to https://myrgroup.com/csp-report.php;; report-uri https://myrgroup.com/csp-report.php;; 2 frame-ancestors ‘self’ 2 default-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *;img-src *;script-src-elem 'unsafe-inline' *;frame-src *;font-src *;connect-src *; 2 frame-ancestors 'self' https://*.tennislegend.fr;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.clarity.ms *.cloudflare.com *.cookielaw.org *.doubleclick.net *.early-birds.fr *.facebook.com *.facebook.net *.geoplugin.net *.google-analytics.com *.google.com *.google.fr *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.criteo.com *.criteo.net *.sendinblue.com *.trustedshops.com *.luckycart.com *.pcapredict.com sibautomation.com appstatic.quanta.io 2 font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; manifest-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.youtube.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net *.bing.com bat.bing.com pagead2.googlesyndication.com www.youtube.com *.ytimg.com googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net *.bing.com bat.bing.com pagead2.googlesyndication.com *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: execution-360.homecredit.cz content-360.homecredit.cz delivery-360.homecredit.cz www.homecredit.cz www.homecredit.sk homecredit.cz homecredit.sk execution-360.homecredit.sk content-360.homecredit.sk delivery-360.homecredit.sk www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net www.youtube.com *.ytimg.com *.siteone.io *.siteone.cz sentry-2025.siteone.cz cdn.siteone.io cdn-test.siteone.io *.localhost localhost *.bing.com bat.bing.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google-analytics.com www.google.com www.google.cz www.facebook.com *.facebook.net *.smartlook.com *.smartlook.cloud; frame-ancestors 'self' *.ci360.sas.com homecredit.cz homecredit.sk www.homecredit.cz www.homecredit.sk *.siteone.cz *.localhost; frame-src www.youtube.com *.ytimg.com www.googletagmanager.com cdn.cookielaw.org *.onetrust.com *.clarity.ms *.seznam.cz *.doubleclick.net; report-uri /csp-report 2 default-src 'none'; child-src 'self' https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; connect-src 'self' data: http://ad.doubleclick.net https://*.googletagmanager.com https://*.onetrust.com https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://assets-tracking.crazyegg.com https://cdn.cookielaw.org https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net https://molnlycke2gir36prod.dxcloud.episerver.net https://pagead2.googlesyndication.com https://pagestates-tracking.crazyegg.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app https://stats.g.doubleclick.net https://tracking.crazyegg.com https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.se https://www.googleadservices.com https://www.molnlycke.com/localization-admin-ui/*; font-src 'self' data: http://themes.googleusercontent.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com https://login.microsoftonline.com https://sc-static.net https://script.crazyegg.com https://svcs.tql.com https://www.molnlycke.com/localization-admin-ui/*; form-action 'self' https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; frame-src 'self' blob: http://*.opendns.com https://*.crazyegg.com https://*.opendns.com https://api.screen9.com https://dashboard.find.episerver.net https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app/ https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; img-src 'self' data: https://cdn.cookielaw.org https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://login.microsoftonline.com https://minervablob.blob.core.windows.net https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://script.crazyegg.com https://storage.googleapis.com https://translate.google.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.lb https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.si https://www.googletagmanager.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; media-src 'self' https://minervablob.blob.core.windows.net https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-elem 'self' 'unsafe-inline' https://*.crazyegg.com https://*.googletagmanager.com https://*.youtube.com https://analytics.tiktok.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://sc-static.net https://script.crazyegg.com https://snap.licdn.com https://unpkg.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://script.crazyegg.com https://unpkg.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://login.microsoftonline.com https://maxcdn.bootstrapcdn.com https://script.crazyegg.com https://web-sdk-eu.aptrinsic.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/*; style-src 'self' 'unsafe-inline' https://login.microsoftonline.com https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; style-src-attr 'unsafe-inline' https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; manifest-src https://molnlycke2gir36prod.dxcloud.episerver.net https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; frame-ancestors https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; base-uri https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; worker-src blob: https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-attr https://script.crazyegg.com https://www.google.com https://www.molnlycke.com/localization-admin-ui/*; object-src https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; navigate-to https://www.molnlycke.com/localization-admin-ui/*; prefetch-src https://www.molnlycke.com/localization-admin-ui/*; report-to stott-security-endpoint;report-uri https://www.molnlycke.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 frame-ancestors 'self' admin.neo.bet admin.neobet.de edit.scrivito.com; 2 frame-ancestors 'self' https://*.sms-digital.cloud; 2 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vimeo.com *.cloudflareinsights.com vercel.live *.vercel-scripts.com *.googletagmanager.com googletagmanager.com *.googleadservices.com *.google-analytics.com www.google-analytics.com google-analytics.com stats.g.doubleclick.net google.com *.googleapis.com *.youtube.com bugherd.com *.bugherd.com *.cookielaw.org *.clarity.ms *.adobedtm.com; font-src 'self' data: *.gstatic.com *.typekit.net *.googletagmanager.com googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net *.bugherd.com vercel.live; img-src 'self' data: *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com bugherd-attachments.s3.amazonaws.com *.bugherd.com ads-twitter.com ads-api-twitter.com analytics.twitter.com www.googletagmanager.com *.sanity.io *.cookielaw.org *.bing.com *.clarity.ms *.everesttech.net *.demdex.net; frame-ancestors undefined 'self'; frame-src 'self' *.ginkgo.bio vercel.live *.vercel-scripts.com *.bugherd.com *.googletagmanager.com googletagmanager.com *.youtube.com *.vimeo.com *.vercel.app *.demdex.net *.doubleclick.net; connect-src 'self' *.s3.amazonaws.com www.google-analytics.com *.googletagmanager.com googletagmanager.com *.vimeo.com vimeo.com *.licdn.com *.linkedin.com *.adsymptotic.com *.linkedin.oribi.io data: *.cookielaw.org *.nsvcs.net *.onetrust.com *.clarity.ms *.demdex.net *.adobedc.net *.google.com *.doubleclick.net *.google.com; child-src 'self' *.hsforms.com; 2 default-src 'self'; frame-src * ; media-src *; img-src * 'self' data: https:; script-src * 'unsafe-eval' 'unsafe-inline' wwp.dwh.enagas.eng; style-src * 'unsafe-inline'; font-src * data:; connect-src * 2 frame-ancestors 'self' https://fintualist.com 2 script-src 'unsafe-inline' self; 2 default-src 'self' wss:; connect-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.facebook.com *.hubapi.com *.hubspot.com stats.g.doubleclick.net *.doubleclick.net *.segmint.net *.stackadapt.com *.banno.com *.qualtrics.com *.twilio.com wss://*.twilio.com *.salemove.com wss://*.salemove.com *.atlassian.net *.glia.com wss://*.glia.com ws: wss:; font-src 'self' 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.typekit.net *.salemove.com; frame-ancestors 'self'; frame-src 'self' *.buzzsprout.com *.lpsnmedia.net *.youtube.com *.vimeo.com *.liveperson.net *.google.com *.fliphtml5.com *.segmint.net *.busey.com; img-src 'self' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.ca *.gstatic.com *.stackadapt.com *.hubspot.com *.facebook.com *.segmint.net *.salemove.com *.lpsnmedia.net banno.com *.banno.com *.banno-staging.com *.cms.banno-staging.com *.hsforms.com *.cloudfront.net *.hs-embed-reporting.com *.qualtrics.com *.glia.com data: blob: *.banno.com banno.com; media-src 'self' *.lpsnmedia.net banno.com *.salemove.com *.banno.com *.banno-staging.com *.cms.banno-staging.com *.glia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google.com banno.com *.banno.com *.banno-staging.com *.salemove.com *.splash-screen.net siteimproveanalytics.com *.hs-scripts.com *.hs-banner.com *.liveperson.net *.hsleadflows.net *.hsadspixel.net *.hs-analytics.net *.lpsnmedia.net *.facebook.net *.segmint.net *.stackadapt.com tags.srv.stackadapt.com *.gstatic.com *.qualtrics.com *.glia.com *.hubspot.com *.banno.com banno.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net *.stackadapt.com *.segmint.net *.salemove.com *.glia.com 2 "default-src 'self' *.gezondheid.be;" 2 frame-ancestors 'self' https://www.escanav.com; 2 frame-ancestors 'self' https://fariaeducationgroup.trumpet.app; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://image.providesupport.com https://vm.providesupport.com https://cdnjs.cloudflare.com/ https://cdnjs.com/ https://unpkg.com/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com;img-src 'self' https://*.google.com https://www.gstatic.com https://translate.googleapis.com http://translate.google.com https://*.google-analytics.com data: https://image.providesupport.com https://fonts.gstatic.com https://www.facebook.com/ https://www.googletagmanager.com/;frame-src 'self' https://www.google.com https://www.youtube.com https://vm.providesupport.com http://vm.providesupport.com https://servis.webhouse.cz/ https://docs.google.com/ https://getwaitlist.com/ https://youtube.com/ https://www.book4u.cz https://accounts.google.com/;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://translate.googleapis.com https://translate-pa.googleapis.com https://*.google-analytics.com https://chatapi.providesupport.com https://image.providesupport.com https://www.facebook.com/ https://reporter.seznam.cz/ https://region1.analytics.google.com/ https://manager.eu.smartlook.cloud/ https://*.smartlook.com https://*.smartlook.cloud;form-action 'self';frame-ancestors 'self';block-all-mixed-content 2 frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2 frame-ancestors 'self' https://*.elsevier.es/ 2 frame-ancestors planos.boavistaservicos.com.br *.planos.boavistaservicos.com.br; 2 default-src 'self' 'unsafe-inline' https://* wss://*; img-src https://*; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: 2 frame-ancestors *.vakko.com 2 base-uri 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' https://cdn.zapier.com 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' https://www.googleadservices.com https://www.google.com https://*.leadinfo.net 'sha256-FXWsZZqcOYsq1NVBThmi3kxKhOetuth7XXym/Ocr0y8=' https://*.refiner.io https://*.googletagmanager.com https://www.googleoptimize.com https://*.iubenda.com pagead2.googlesyndication.com www.googletagmanager.com https://uxwizz.combell.com https://eu.acsbapp.com 'sha256-VLHntiKvzCtmGdA8NQ279URJ1kx7r/qtSLs6ptjnTgY=' 'sha256-haSm1wLMkQLcIeHWY8P5LzrIczokmC3DKYFCl5cNz1g=' 'sha256-6XMixD8SYYh9u6pJSJrkzNCR3Ug4RG5i6DdRnuagT4A=' 'sha256-Fc+Hyj53YD8y3U7K7LY2Zqz2UPytCm0OQLHMxJROPz8=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-BLA8fh9YQ/QaKI4r6ichHcqBEuA0P8M8GMKTBccWvQ4=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.bing.com https://cdn.zapier.com https://www.googletagmanager.com https://cdn.iubenda.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data: www.slant.co; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com https://zapier.com https://*.zapier.com https://stats.g.doubleclick.net adservice.google.com https://www.google.com https://cdn.linkedin.oribi.io https://*.leadinfo.net https://*.leadinfo.com https://*.refiner.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.iubenda.com pagead2.googlesyndication.com px.ads.linkedin.com www.google.com googleads.g.doubleclick.net https://uxwizz.combell.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.be https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu *.bing.com *.microsoft.com https://zapier.com https://zapier-images.imgix.net https://www.google.de https://www.google.nl adservice.google.com https://www.google.co.uk https://www.google.lu https://www.google.co.in https://www.google.es https://www.google.ch https://www.google.it https://www.google.ca https://*.google-analytics.com https://*.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net https://uxwizz.combell.com https://tracker.metricool.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com sdx.microsoft.com https://return.flexmail.eu https://*.refiner.io http://open.spotify.com/ https://*.iubenda.com/ googleads.g.doubleclick.net tpc.googlesyndication.com td.doubleclick.net; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 2 frame-ancestors 'self' *.thebarrelroom *.dx.commercecloud.salesforce.com *.authorize.net https://drive.google.com 2 default-src 'self'; style-src 'self'; script-src 'self'; object-src 'none' 2 frame-ancestors 'self' *.tdsecurities.com *.tdbank.ca *.tdbank.com *.td.com 2 frame-ancestors 'self'; frame-src *; 2 script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com/ https://code.visitor-track.com https://info.crd.com/analytics https://pi.pardot.com/pd.js https://fonts.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://s7.addthis.com https://siteimproveanalytics.com https://pi.pardot.com https://cdn.siteimprove.com https://maps.googleapis.com https://embed.typeform.com https://form.typeform.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://embed.typeform.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://cdn.jsdelivr.net https://www.google.co.za https://form.typeform.com https://api.typeform.com https://*.typeform.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com data: https://s0.wp.com; frame-src 'self' https://*.brightcove.net https://*.crd.com https://*.google.com https://www.buzzsprout.com/ https://embed.typeform.com https://form.typeform.com; img-src 'self' https://*.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.co.za; manifest-src 'self'; media-src 'self'; report-uri https://65292a4da5a15fa1ff36ab6f.endpoint.csper.io/?v=0; worker-src 'self'; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 2 default-src 'self' data:; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.youtube.com https://statistik.kug.ac.at; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistik.kug.ac.at data:; img-src 'self' https://img.youtube.com https://tiles.wmflabs.org https://c.tile.openstreetmap.org; form-action 'self' https://*.ddev.site https://search-kug.obvsg.at; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://services.phaidra.kug.ac.at; media-src 'self'; child-src 'self' blob: https://player.vimeo.com https://www.youtube.com; 2 default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://sampatapi.areeo.ac.ir https://cdn.goftino.com *.goftino.com https://cdn.userway.org https://cdn77.api.userway.org https://panel.sofiamind.ir; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://panel.sofiamind.ir http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://*.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://*.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://*.goftino.com https://panel.sofiamind.ir https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://samta.samt.ac.ir https://sampatapi.areeo.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com wss://*.goftino.com https://panel.sofiamind.ir https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://panel.sofiamind.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 2 frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://*.genially.com https://*.video-dns.com https://*.usercentrics.eu https://*.youtube.com https://*.b0e8.com https://*.bc0a.com https://*.brightedge.com https://*.cloudflareinsights.com https://*.blob.core.windows.net https://*.vimeo.com https://*.clickdimensions.com https://*.googleapis.com https://*.cookielaw.org https://*.facebook.net https://*.recruitmentplatform.com https://*.vimeocdn.com https://*.google.com https://*.doubleclick.net https://*.azureedge.net https://*.linkedin.com https://*.ads.linkedin.com https://*.maphub.net https://*.licdn.com https://*.mrwork.nl https://*.lfeeder.com https://*.hotjar.com https://*.weglot.com https://*.unpkg.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.mkt.dynamics.com https://*.svc.dynamics.com https://*.googlevideo.com; style-src 'self' 'report-sample' 'unsafe-inline' https://*.azureedge.net https://*.genially.com https://*.cookielaw.org https://*.googleapis.com https://*.recruitmentplatform.com https://*.vimeocdn.com https://*.maphub.net https://unpkg.com https://*.unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.googleadservices.com https://*.usercentrics.eu https://*.microsoft.com wss://*.video-dns.com https://*.video-dns.com https://p-cm.haskoning.nl https://*.haskoning.com https://www.integratedtransportplanning.com https://unpkg.com https://vimeo.com https://*.genially.com https://*.mrwork.nl https://*.bc0a.com https://*.b0e8.com https://*.noembed.com https://*.cloudflareinsights.com https://*.run.app https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.hotjar.io https://*.doubleclick.net https://*.cookielaw.org https://*.onetrust.com https://*.linkedin.oribi.io https://*.weglot.com https://*.hotjar.com https://*.recruitmentplatform.com https://*.googlesyndication.com https://*.ads.linkedin.com https://*.vimeo.com wss://*.hotjar.com https://*.azureedge.net https://*.mkt.dynamics.com https://*.svc.dynamics.com https://*.googlevideo.com https://google.com https://www.google.nl https://cloudflareinsights.com; font-src 'self' data: https://*.genially.com https://*.recruitmentplatform.com https://*.gstatic.com https://*.maphub.net https://*.hotjar.com; frame-src 'self' https://indd.adobe.com https://*.usercentrics.eu https://*.youtube-nocookie.com https://*.run.app https://*.microsoft.com https://*.meltwater.com https://*.mimecastprotect.com https://*.genially.com https://*.googletagmanager.com https://*.expo.royalhaskoningdhv.com https://*.windows.net https://*.microsoftonline.com https://*.libsyn.com https://*.vimeo.com https://*.maphub.net https://*.web.core.windows.net https://*.doubleclick.net https://*.youtube.com https://*.genial.ly https://*.facebook.com https://*.linkedin.com https://*.azureedge.net https://*.mkt.dynamics.com https://*.svc.dynamics.com; img-src 'self' data: https://*.mave.io https://*.video-dns.com https://*.royalhaskoningdhv.com https://*.haskoning.com https://*.usercentrics.eu https://*.genially.com https://www.integratedtransportplanning.com/ https://*.linkedin.com https://*.genial.ly https://*.openstreetmap.org https://*.googleadservices.com https://*.facebook.net https://*.google.com https://*.google.nl https://*.googleapis.com https://*.gstatic.com https://*.clickdimensions.com https://*.cookielaw.org https://*.weglot.com https://*.ytimg.com https://*.vimeocdn.com https://*.doubleclick.net https://*.office.com https://*.ads.linkedin.com https://*.maphub.net https://*.lfeeder.com https://*.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.azureedge.net https://*.mkt.dynamics.com https://*.googlevideo.com; manifest-src 'self'; media-src 'self' blob: https://*.haskoning.com https://*.video-dns.com https://*.akamaized.net https://*.googleadservices.com https://*.azureedge.net https://*.dynamics.com https://*.googlevideo.com; worker-src blob:; 2 frame-ancestors https://*.evedex.com; 2 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 2 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src *; object-src *; base-uri *; form-action *; frame-ancestors *; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net *.laborpublisher.de *.bing.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.cookiebot.com *.googleapis.com *.sonichealthcare.com *.gstatic.com *.laborpublisher.de 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.cookiebot.com *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net *.google.com *.linkedin.com *.laborpublisher.de; font-src 'self' data: *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.cookiebot.com *.google-analytics.com https://www.google.com.au *.google.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com.au *.google.de *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.sonichealthcare.co.uk *.laborpublisher.de https://www.teamviewer.com 'unsafe-inline'; frame-src 'self' *.cookiebot.com *.google.de *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com https://www.youtube-nocookie.com https://scnem3.com *.softgarden.io; object-src 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; connect-src 'self' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com google.com *.hotjar.com *.hotjar.io *.intercom.io *.tawk.to cdn.smsapi.com *.devsms.com cdnjs.cloudflare.com connect.facebook.net i.imgur.com js.intercomcdn.com plausible.io uploads.intercomcdn.com uploads.intercomusercontent.com smsapi.pl smsapi.com sentry.smsapi.com http://smsapi.pl/* http://*.smsapi.pl/* http://www.smsapi.pl/* wss://www.smsapi.bg wss://www.smsapi.com wss://www.smsapi.pl wss://www.smsapi.ro wss://*.hotjar.com wss://*.intercom.io wss://*.tawk.to www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ bat.bing.com sgtm.smsapi.pl *.clarity.ms *.oribi.io *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https://*.googlesyndication.com/ px.ads.linkedin.com ; frame-src *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube-nocookie.com *.youtube.com youtube.com consentcdn.cookiebot.eu consentcdn.cookiebot.com www.facebook.com www.google.com/recaptcha/ www.googletagmanager.com ; img-src data: blob: 'self' *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.facebook.com *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.intercomcdn.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to *.twimg.com *.youtube.com *.ytimg.com *.zapier.com cdn.jsdelivr.net i.imgur.com messenger-apps.intercom.io *.linkedin.com static.intercomassets.com uploads.intercomusercontent.com www.googletagmanager.com zapier-images.imgix.net *.bing.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws img.sct.eu1.usercentrics.eu ; style-src 'unsafe-inline' 'self' *.erecruiter.pl *.fontawesome.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to fonts.googleapis.com ; font-src 'self' *.fontawesome.com *.hotjar.com *.hotjar.io *.tawk.to cdnjs.cloudflare.com fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com cdn.smsapi.com *.devsms.com ; child-src 'self' blob: fast.wistia.net intercom-sheets.com player.vimeo.com share.intercom.io www.intercom-reporting.com www.youtube.com ; form-action 'self' *.facebook.com api-iam.intercom.io app.marketingplatform.com intercom.help ; media-src 'self' *.tawk.to js.intercomcdn.com ; worker-src 'self' blob:; report-to csp-report-endpoint; report-uri https://sentry.smsapi.com/api/9/security/?sentry_key=54a0185e0d3c272313efb135bc1754f3; 2 default-src 'self' *.googlesyndication.com *.hsforms.com forms.hsforms.com; frame-src www.buzzsprout.com w.soundcloud.com www.googletagmanager.com blob: *.googletagmanager.com app.hubspot.com *.doubleclick.net player.vimeo.com www.youtube.com *.google.com app.directly.com forms.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' a.usbrowserspeed.com js.hubspot.com app.salesbox.ai ads.kwanzoo.com stats.g.doubleclick.net www.buzzsprout.com assets.apollo.io blob: js.zi-scripts.com cdn.dreamdata.cloud app.factors.ai *.gstatic.com *.google.com *.movate.com *.googleadservices.com googleads.g.doubleclick.net js.hsadspixel.net js.usemessages.com player.vimeo.com *.cloudflare.com *.googletagmanager.com *.hsforms.net *.hsforms.com forms.hsforms.com *.jsdelivr.net unpkg.com *.amazonaws.com *.google-analytics.com *.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hs-banner.com app.directly.com code.jquery.com *.clarity.ms; connect-src 'self' app.salesbox.ai aplo-evnt.com cdn.dreamdata.cloud ws.zoominfo.com js.zi-scripts.com api.factors.ai js.hs-banner.com stats.g.doubleclick.net *.googlesyndication.com *.google.com *.hsforms.com *.hubapi.com *.hubspot.com *.clarity.ms player.vimeo.com forms.hsforms.com *.amazonaws.com *.google-analytics.com forms.hubspot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com app.directly.com *.movate.com *.jsdelivr.net *.hsforms.com forms.hsforms.com unpkg.com app.directly.com; font-src 'self' data: fonts.gstatic.com *.movate.com app.directly.com *.cloudflare.com forms.hsforms.com; img-src 'self' movate-website-data.s3.ap-south-1.amazonaws.com mvtai-assets.s3.ap-south-1.amazonaws.com data: *; media-src 'self' movate-website-data.s3.ap-south-1.amazonaws.com; 2 default-src 'self' mailto: tel: *.aia.com https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src 'self' 'unsafe-inline' blob: *.aia.com.ph https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* ; style-src 'self' 'unsafe-inline' *.aia.com.ph https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* *.unpkg.com https://unpkg.com *.google.com https://aia-dfs.originally.us https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com *.lemnisk.co https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.quantcount.com *.quantserve.com https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* *.philamlife.com *.aia.com.ph *.adnxs.com *.google.com https://adservice.google.com https://smetrics.aia.com https://connect.facebook.net https://img.icons8.com *.aia-dfs.originally.us *.baidu.com *.moz.com *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com *.lemnisk.co *.contentsquare.net https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.quantcount.com *.quantserve.com *.lemnisk.co *.hlx.page *.doubleclick.net *.googleapis.com https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* https://s7ap1.scene7.com https://js-cdn.dynatrace.com https://s.go-mpulse.net https://gateway.zscalertwo.net https://t.contentsquare.net https://cdn8.lemnisk.co https://ib.adnxs.com https://cdn12.lemnisk.co https://www.gstatic.com https://cdn.yellowmessenger.com https://acdn.adnxs.com https://cdn25.lemnisk.co https://app.yellowmessenger.com https://www.gstatic.com https://www.google.com https://assets.adobedtm.com https://analytics.tiktok.com https://adservice.google.com https://app.adstracking.io/track.js https://connect.facebook.net https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.quantcount.com *.quantserve.com *.philamlife.com *.aia.com.ph *.adnxs.com *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://analytics.tiktok.com *.cloudflare.com https://dpm.demdex.net *.lemnisk.co *.dynatrace.com *.contentsquare.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' data: properties: *.aia.com *.adnxs.com https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://ad.doubleclick.net *.doubleclick.net https://pixel.quantserve.com/* *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us https://api.video-adblock.com https://infragrid.v.network https://overbridgenet.com https://www.google.com https://adservice.google.com https://connect.facebook.net https://www.googletagmanager.com *.ucweb.com *.vzeesp.com *.dbankcloud.com *.googleapis.com *.dbankcloud.cn *.moz.com *.akamaihd.net https://analytics.tiktok.com wss://uat.apigw.philamlife.com/ph/myaia/utility/v1-uat/ws wss://myaia.apigw.philamlife.com/ph/myaia/utility/v1/ws *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://c.go-mpulse.net/ *.akstat.io *.bf.dynatrace.com *.demdex.net *.contentsquare.net *.lemnisk.co https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: https://adservice.google.com https://www.googleadservices.com https://awatize.gotrackier.io *.awatize.gotrackier.io *.gotrackier.io http://adwibe.com https://adwibe.com *.adwibe.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* https://www.googletagmanager.com https://connect.facebook.net *.google.com https://aia.okta.com https://aia.kerberos.okta.com/ https://myaia.apigw.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.bancnetonline.com/ *.moz.com https://testpti.payserv.net/ https://ptiapps.paynamics.net/ https://8034780.fls.doubleclick.net/ https://aiagroup.demdex.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data: moz-extension:; media-src 'self' data: blob: *.google.com *.aia.com https://www.googleadservices.com https://secure.quantserve.com/quant.js https://pixel.quantserve.com https://pixel.quantserve.com/* *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://myaia.apigw.philamlife.com https://*.aia.com.ph; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com/ https://*.pinim.com https://*.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://ajax.googleapis.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl blob: https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.pinterest.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com *.hotjar.io *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl *.cookiebot.com https://assets.plaece.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com https://consentcdn.cookiebot.com https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net https://estate.zeeland.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com *.hotjar.io *.formdesk.com https://tr.snapchat.com https://live.netcamviewer.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://*.raffle.ai/;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net https://estate.zeeland.com *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com *.linkedin.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;base-uri 'self' 2 object-src 'none'; default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; report-uri; worker-src 'self' blob: 2 frame-ancestors 'self' https://stat01.opsanalytics.ch https://marketing.opsone.ch https://content.opsone.ch; 2 default-src 'self' google.com gstatic.com 'unsafe-inline'; img-src 'self' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com s3.us-west-2.amazonaws.com gstatic.com https://js.hs-scripts.com https://px.ads.linkedin.com https://www.facebook.com https://px4.ads.linkedin.com; script-src 'self' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net https://js.hs-scripts.com js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://connect.facebook.net https://analytics.tiktok.com ; style-src 'self' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' ; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com; connect-src 'self' https://api-public-site.flwapp.site https://forms.hscollectedforms.net https://api.hubapi.com https://analytics.google.com https://px.ads.linkedin.com https://analytics.tiktok.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; base-uri 'self' 2 frame-ancestors 'self' *.allwaysvip.com *.plazapremiumlounge.com *.myaerotel.com *.plazapremiumfirst.com *.netcoresmartech.com *.hansel.io 2 frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 2 frame-ancestors 'self' https://eway.my.salesforce.com/; 2 frame-ancestors https://admin.shopify.com 'self'; 2 frame-ancestors https://lunar-website-studio.vercel.app https://lunar-website-studio-staging.vercel.app https://lunar-website-studio-dev.vercel.app https://www.lunar.app 2 frame-ancestors 'none'; object-src 'self' 2 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;img-src * 'self' data: https:; connect-src * blob:;report-uri https://twsec.report-uri.com/r/d/csp/enforce 2 default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com *.hotjar.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com *.zoominfo.com *.clickagy.com *.weglot.com ; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com *.weglot.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org *.clickagy.com *.agkn.com *.sitescout.com *.rlcdn.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com *.googletagmanager.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com *.hotjar.io *.hotjar.com insight.adsrvr.org https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com *.clickagy.com *; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://track.adform.net https://s2.adform.net https://sslwidget.criteo.com https://dynamic.criteo.com https://ajax.cloudflare.com https://bat.bing.com https://app.unbounce.com https://static.ads-twitter.com https://d3pkntwtp2ukl5.cloudfront.net https://static.ads-twitter.com https://www.googleadservices.com https://connect.facebook.net https://www.clarity.ms https://go.mikro.com.tr https://pi.pardot.com https://cdn.cookielaw.org https://assets.ubembed.com https://googleads.g.doubleclick.net https://9882f66cb7cd442498456acd330ef561.js.ubembed.com https://cdn.jsdelivr.net https://www.googletagmanager.com; img-src 'self' https://uploads.mikro.com.tr https://www.google.com https://www.google.com.tr https://cdn.cookielaw.org https://app.unbounce.com https://c.clarity.ms https://www.facebook.com https://cdn-mikro.atros.com.tr https://c.bing.com https://analytics.twitter.com https://t.co https://googleads.g.doubleclick.net https://www.googletagmanager.com https://analytics.twitter.com https://gen.sendtric.com https://bat.bing.com https://dynamic.criteo.com https://sslwidget.criteo.com https://x.bidswitch.net https://ib.adnxs.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://cm.g.doubleclick.net https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://aa.agkn.com https://server.seadform.net https://token.rubiconproject.com https://sync.targeting.unrulymedia.com data: 2 frame-ancestors 'self' *.richmondamerican.com *.zillow.com *.newhomesource.com *.casasnuevasaqui.com; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com pi.pardot.com *.cassiecloud.com *.bing.com https://www.clarity.ms *.wistia.com *.wistia.net static.ada.support js.zi-scripts.com script.hotjar.com https://www.livingstonintl.com https://static.hotjar.com/ *.chilipiper.com *.forchili.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com https://www.google.com/recaptcha/api.js *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com https://secure.geobytes.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://api.fouanalytics.com js.sentry-cdn.com/a3591ba5e949a37083cc6f5a4191e903.min.js https://*.woopra.com;style-src 'self' 'unsafe-inline' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com fonts.googleapis.com *.cassiecloud.com www.googletagmanager.com;object-src 'none';base-uri 'self';connect-src 'self' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com *.cassiecloud.com ipapi.co js.zi-scripts.com *.chilipiper.com *.forchili.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.ada.support ws.zoominfo.com *.wistia.com *.wistia.net https://*.litix.io *.datadoghq.com *.clarity.ms *.google.com *.analytics.google.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://px.ads.linkedin.com/ https://api.fouanalytics.com https://*.woopra.com;font-src 'self' data: *.livingstonintl.com *.livingston.com *.gstatic.com *.wistia.com *.wistia.net;frame-src 'self' *.livingstonintl.com *.livingston.com *.ada.support td.doubleclick.net www.googletagmanager.com https://www.google.com/ https://www.youtube.com *.chilipiper.com *.forchili.com;img-src 'self' data: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com cscript-cdn-use.cassiecloud.com *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com *.bing.com *.clarity.ms *.gstatic.com *.googleapis.com secure.gravatar.com *.chilipiper.com https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/;manifest-src 'self';media-src 'self' blob: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com *.wistia.com *.wistia.net;worker-src 'none'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com *.isicentral.com *.isicentral.net ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.execute-api.us-west-2.amazonaws.com ; img-src 'self' data: blob:; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org pay.google.com na5.thunderhead.com na5.cdn.thunderhead.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org pay.google.com na5.cdn.thunderhead.com na5.thunderhead.com; connect-src 'self' na5.cdn.thunderhead.com na5.thunderhead.com *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net *.userway.org google.com *.google.com; img-src 'self' data: *.umbraco.com maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net dashboard.umbraco.org fonts.gstatic.com cdn.userway.org www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com www.googletagmanager.com cdn.userway.org; font-src 'self' fonts.gstatic.com *.trustarc.com cdn.userway.org; frame-src 'self' *.umbraco.com *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com *.trustarc.com *.inmoment.com cdn.userway.org pay.google.com; worker-src blob:; report-uri /api/cspreport; 2 default-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com; connect-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; font-src *; img-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://try.abtasty.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com/https://js.hs-scripts.com https://forms-na1.hsforms.com https://try.abtasty.com https://www.clarity.ms https://analytics.tiktok.com https://api.livechatinc.com https://s.yimg.jp https://www.google-analytics.com https://cdn.qgraph.io https://script.infinity-tracking.com https://loader.wisepops.com https://connect.facebook.net https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://b92.yahoo.co.jp/ https://img.macromill.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:;media-src blob: 'self' data:;worker-src blob: 'self' data:; 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src * 'self' data:; connect-src *; media-src *; object-src *; child-src *; frame-src *; frame-ancestors *; form-action *; base-uri *; manifest-src *; 2 default-src 'self' www.ads-com.fr mtm.ads-com.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' mtm.ads-com.fr www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: 2 default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/ https://www.giscloud.nrw.de/; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; object-src 'none'; worker-src 'self' blob:; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu wss://chat.nrwbank.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://api.fdbserver.de https://mafo1.myaudience.de https://api-prod.wolterskluwer.plusline.net/ https://api-staging.wolterskluwer.plusline.net/; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 2 base-uri 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/; script-src 'nonce-10IaU/+kMwQa4FplZXQX5w==' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tools.luckyorange.com https://*.smartlook.com https://*.smartlook.cloud https://*.crazyegg.com https://*.vimeocdn.com https://*.gstatic.com https://*.convertexperiments.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.jscache.com/ https://www.jscache.com/ https://*.tripadvisor.com/ https://*.convertexperiments.com/ https://*.cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/zepto/1.2.0/zepto.min.js https://zaraz.cloudflare.com https://*.clarity.ms https://c.clarity.ms https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'none'; default-src 'none'; img-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/ https://images.wildernessdestinations.com https://www.facebook.com https://i.vimeocdn.com *.vimeo.com data: https://www.google.com/supported_domains https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.clarity.ms cdn.jsdelivr.net content-cdn.stackla.com *.cloudfront.net */ads/ga-audiences bat.bing.com *.facebook.com https://*.google-analytics.com maps.googleapis.com maps.gstatic.com *.googletagmanager.com undefined/_nuxt/ https://i.ytimg.com https://ssl.gstatic.com https://www.gstatic.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.visualwebsiteoptimizer.com https://*.inspectlet.com https://*.crazyegg.com https://*.visualwebsiteoptimizer.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.bing.net https://zaraz.cloudflare.com https://fonts.gstatic.com/ https://ade.googlesyndication.com/ https://*.googleadservices.com https://cdn-cookieyes.com; style-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/ fonts.googleapis.com assetscdn.stackla.com vjs.zencdn.net onsass.designmynight.com http://assetscdn.stackla.com/media/js/widget/fluid-embed.js https://www.dineplan.com 'unsafe-inline' https://public-prod.dineplan.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com https://*.crazyegg.com https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.googletagmanager.com; connect-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/ https://vimeo.com https://*.analytics.google.com https://cdn-cookieyes.com https://directory.cookieyes.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://log.cookieyes.com https://csmetrics.hotjar.com https://consentlog.cookieyes.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://www.facebook.com https://ip2c.org https://*.googletagmanager.com https://ade.googlesyndication.com https://*.clarity.ms https://c.clarity.ms https://*.visualwebsiteoptimizer.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com https://*.inspectlet.com https://*.mouseflow.com wss://*.inspectlet.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://*.smartlook.cloud https://*.smartlook.com wss://*.luckyorange.com https://*.visitors.live https://dc.services.visualstudio.com https://*.vimeocdn.com https://*.metrics.convertexperiments.com https://*.convertexperiments.com https://*.infinity-tracking.com https://*.infinity-tracking.net https://bat.bing.com https://api.ipify.org https://africam.com/ https://africam.com/wp-json/africam/ https://africam-lodge-thumbnails.s3.eu-west-2.amazonaws.com/ https://static.tacdn.com/ https://*.bing.net https://platform.dash.cloudflare.com/sentry/envelope https://zaraz.cloudflare.com https://*.recaptcha.net https://www.recaptcha.net/ https://www.recaptcha.net/recaptcha/ https://*.googleadservices.com; font-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/ data: fonts.googleapis.com fonts.gstatic.com assetscdn.stackla.com; frame-src 'self' https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://api.wildernessdestinations.com/ www.recaptcha.net www.awltovhc.com player.vimeo.com widget.stackla.com www.google.com www.tamgrt.com www.facebook.com www.googletagmanager.com https://www.opentable.ie/ https://headbox.captur3d.io/ https://account.dineplan.com/ https://module.lafourchette.com/ https://www.youtube.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net https://*.crazyegg.com https://*.cloudflarestream.com/ https://zaraz.cloudflare.com https://www.recaptcha.net/ https://www.recaptcha.net/recaptcha/; form-action 'self' www.googletagmanager.com www.facebook.com; frame-ancestors 'self' www.googletagmanager.com https://player.vimeo.com https://www.recaptcha.net https://*.recaptcha.net; media-src 'self'; worker-src 'self' blob: https://www.wildernessdestinations.com/ https://www.wildernesstrust.com/ https://zaraz.cloudflare.com; 2 frame-ancestors 'self' https://*.free-work.com 2 frame-ancestors *.fraport.com *.fraport.de https://fraportag.sharepoint.com http://www.fra-spotterforum.de; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 2 default-src 'self' reserve.sandsresortsmacao.com; worker-src 'self' blob:; connect-src 'self' ampcid.google.com.hk reserve.sandsresortsmacao.com assets.sandsresortsmacao.cn *.wistia.com *.google.com stats.g.doubleclick.net *.litix.io www.google-analytics.com bat.bing.com i.ctnsnet.com; frame-src 'self' *.adsrvr.org *.doubleclick.net www.googletagmanager.com consentag.eu; img-src 'self' data: *.sandsresortsmacao.cn www.google.com.hk www.google-analytics.com www.googletagmanager.com *.wistia.com *.doubleclick.net bat.bing.com *.tribalfusion.com www.facebook.com *.google.com fourier.alibaba.com hm.baidu.com sp.analytics.yahoo.com; font-src 'self' data: assets.sandsresortsmacao.cn img.yzcdn.cn; media-src 'self' assets.sandsresortsmacao.cn blob:; style-src 'self' 'unsafe-inline' assets.sandsresortsmacao.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tribalfusion.com *.ipinyou.com *.sentry-cdn.com assets.sandsresortsmacao.cn bat.bing.com bj.openstorage.cn cdn.ctnsnet.com cdnjs.cloudflare.com connect.facebook.net consentag.eu fast.wistia.com googleads.g.doubleclick.net js.adsrvr.org s.salecycle.com s.yimg.com tags.tiqcdn.cn tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.googleadservices.com ampcid.google.com.hk hm.baidu.com fxgate.baidu.com js.queentm.com customs.affilired.com i.ctnsnet.com https://g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.google.com.hk www.google.com sp.analytics.yahoo.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com *.ads.linkedin.com *.linkedin.oribi.io *.linkedin.com *.doubleclick.net *.googleads.g.doubleclick.net ads-twitter.com ads-api.twitter.com analytics.twitter.com www.googleadservices.com trc.taboola.com www.clarity.ms up.pixel.ad connect.facebook.net munchkin.marketo.net www.googletagmanager.com www.googleadservices.com www.google.com www.clarity.ms classify.gofurther.com assets.adoberesources.net up.pixel.ad lonrtp1-cdn.marketo.com static.ads-twitter.com snap.licdn.com p.adsymptotic.com sjs.bizographics.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ; connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net *.yimg.com *.ads.linkedin.com *.linkedin.oribi.io *.linkedin.com *.doubleclick.net *.googleads.g.doubleclick.net ads-twitter.com ads-api.twitter.com analytics.twitter.com *.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com www.googletagmanager.com api.intentiq.com session-replay.browser-intake-datadoghq.com 848-iap-939.mktoresp.com bat.bing.net px.ads.linkedin.com snap.licdn.com p.adsymptotic.com sjs.bizographics.com 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com siteimproveanalytics.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com wss://*.adobe.io ; img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net www.dianomi.com sync.intentiq.com connect.facebook.net t.co www.facebook.com ad.doubleclick.net analytics.twitter.com px.ads.linkedin.com analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms collector-52407.us.tvsquared.com classify.gofurther.com d21y75miwcfqoq.cloudfront.net di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ; font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ; style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ; worker-src blob: *.decibel.net ; frame-ancestors 'none'; 2 frame-ancestors localhost https://prestaking-website.pages.dev https://prestaking.nimiq.network; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app https://www.googletagmanager.com https://js.hsforms.net https://f.vimeocdn.com https://embed.lu.ma https://www.clarity.ms https://*.contentsquare.net http://*.contentsquare.net https://www.chatbase.co https://static.reo.dev; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.lu.ma; img-src * blob: data:; media-src *; connect-src * https://api.reo.dev; font-src * 'self'; frame-src * giscus.app youtube.com; worker-src 'self' blob:; frame-ancestors 'self' https://signoz.io https://*.us.signoz.cloud https://*.in.signoz.cloud https://*.eu.signoz.cloud; 2 default-src 'none'; child-src 'self'; connect-src 'self' https://*.bynder.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://adservice.google.com https://bat.bing.com https://brandportal.falck.com https://browser-intake-datadoghq.eu https://collect.falck.dk https://consent.app.cookieinformation.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net/ https://maps.googleapis.com https://policy.app.cookieinformation.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://tracker.falck-sverige.open-analytics.se https://westeurope-5.in.applicationinsights.azure.com https://www.falck.com https://www.google-analytics.com https://www.google.com https://www.google.dk; font-src 'self' https://*.bynder.com https://*.cloudfront.net https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://bot.ivy.ai https://cdn-gw-prd.azureedge.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net; frame-src 'self' blob: https://*.fls.doubleclick.net https://bot.ivy.ai https://falck.23video.com https://paybill.falck.us https://player.vimeo.com/ https://policy.app.cookieinformation.com; img-src 'self' blob: data: https://*.bynder.com https://*.cloudfront.net https://*.global.siteimproveanalytics.io https://ad.doubleclick.net https://ai1.ivy-cdn.com https://analytics.sleeknote.com https://bat.bing.com https://brandportal.falck.com https://cdn.honey.io https://connect.facebook.net https://falck.dk https://fonts.gstatic.com https://khm.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://khms2.googleapis.com https://khms3.googleapis.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.com https://lh6.ggpht.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://streetviewpixels-pa.googleapis.com https://translate.google.com https://www.facebook.com https://www.falck.dk/ https://www.google-analytics.com https://www.google.at https://www.google.co.id https://www.google.co.uk https://www.google.com https://www.google.com.tr https://www.google.com.ua https://www.google.com.uy https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.se https://www.googletagmanager.com https://www.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://bot.ivy.ai https://cdn-4.convertexperiments.com https://cdn-gw-prd.azureedge.net https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://*.bynder.com https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://bot.ivy.ai https://cdn-4.convertexperiments.com https://cdn-gw-prd.azureedge.net https://cdn.treasuredata.com https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://eu01.in.treasuredata.com https://js.monitor.azure.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://web-sdk-eu.aptrinsic.com https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://cdn-gw-prd.azureedge.net https://prd-falckcdn.azureedge.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://cdn-gw-prd.azureedge.net https://cdn.honey.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; media-src data: https://*.bynder.com https://*.cloudfront.net https://brandportal.falck.com; manifest-src https://landesite.falck.com https://www.falck.co https://www.falck.com https://www.falck.com.au https://www.falck.de https://www.falck.es https://www.falck.fi https://www.falck.fr https://www.falck.nl https://www.falck.no https://www.falck.pt https://www.falck.ro https://www.falck.sk https://www.falck.uk https://www.falck.us https://www.falckbrasil.com.br https://www.falckhealthcare.dk https://www.falckitalia.it https://www.falcksverige.se https://www.mit.falck.dk; worker-src blob:; report-to stott-security-endpoint;report-uri https://www.falck.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: content:; connect-src * ws://* wss://* blob:; style-src * 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval';media-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'self' blob: data: https; font-src * data:; 2 frame-src *.questglobal.com questglobal.com *.quest-global.com quest-global.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.google.com app.hubspot.com *.hubspot.com *.doubleclick.net *.googletagmanager.com googletagmanager.com *.hsforms.com hsforms.com userway.org *.userway.org cookieyes.com *.cookieyes.com px.ads.linkedin.com *.ads.linkedin.com; 2 frame-ancestors 'self' https://ptcarena.lookbookhq.com https://ptcarena.pathfactory.com https://www.arena-community.ptc.com https://arena-education.ptc.com; 2 frame-ancestors 'self' https://*.my.site.com https://*.wabco-customercentre.com ; default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 2 default-src 'self' data: blob:; script-src 'self' 'sha256-PDCh5VeDfe/iHIJExhXDgKYK4CPkmuHfMskeNGTun5U=' 'sha256-tGCAy79zMW94DgRaBsZosm/7cizDEgOkLjOwt18lCGk=' 'sha256-gxEpMezJkFkO8QNGV5Pu9R+ELrGOPnHC2Qab+kNbj/c=' 'sha256-g3zdhlLIGi+pmVQJNGn0q59ONkaHt2xMzh1t4spUINo=' 'sha256-Moqg3U+rgUW0c5F6kpcB8jsAlUY7xQEgDa74XSOmLj4=' 'nonce-onetrust-style' 'nonce-rAnd0m' https: data: blob: *.baml.com *.ml.com *.merrilledge.com *.bankofamerica.com *.bofa.com www.merrill.com vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com bcbolt446c5271-a.akamaihd.net hlsak-a.akamaihd.net bankofamerica.tt.omtrdc.net testdata.coremetrics.com analytics.twitter.com twitter.com www.facebook.com www.linkedin.com dc.ads.linkedin.com maps.googleapis.com fonts.googleapis.com 1359940.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net adservice.google.com www.youtube.com www.google-analytics.com c.betrad.com www.googletagmanager.com api.company-target.com insight.adsrvr.org test.salesforce.com login.salesforce.com d.agkn.com znczuxiczndmh7vpb-bankofamerica.siteintercept.qualtrics.com zn78njubwkodhg8ht-bankofamerica.siteintercept.qualtrics.com cdn.cookielaw.org geolocation.onetrust.com www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it; font-src 'self' https: *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com vjs.zencdn.net *.ml.com fonts.gstatic.com fonts.googleapis.com data:; style-src 'self' 'sha256-yCQJbCrMYB6TXLKcpQNwc+pf2/g+/KImWMBl4SIWmWE=' 'sha256-rOh4425QGt1UOiKgpZdfaA+GP2RJqCXbTGNSHxJm/9A=' 'sha256-9R1WLsULcyPSAl5StKatSB2MrmriAr9038LmHcrTqkE=' 'sha256-BrjK1oouom7spUoi2eKyKBDIzVK0Ihm+w15konlQHbY=' 'sha256-DRShFJ92f7T7AzK3bQ2Vmkdh1KP7Ly8z6BS9ASk3JnU=' 'nonce-rAnd0m' 'nonce-onetrust-style' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com tags.tiqcdn.com cdn.cookielaw.org cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com fonts.googleapis.com; frame-src 'self' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com td.doubleclick.net www.googletagmanager.com 1359940.fls.doubleclick.net insight.adsrvr.org ct.pinterest.com match.adsrvr.org www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it; connect-src 'self' *.bankofamerica.com *.bofa.com *.bac-assets.com *.ml.com cdn.cookielaw.org www.googleadservices.com www.google.com www.googletagmanager.com geolocation.onetrust.com privacyportal-bofa.my.onetrust.com www.google-analytics.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com maps.googleapis.com bat.bing.com insight.adsrvr.org ct.pinterest.com znczuxiczndmh7vpb-bankofamerica.siteintercept.qualtrics.com zn78njubwkodhg8ht-bankofamerica.siteintercept.qualtrics.com adobedc.demdex.net www.knotch-cdn.com units.knotch.it aq-sp-api.knotch.it api.company-target.com; worker-src 'self' blob:; media-src 'self' blob: *.baml.com *.ml.com *.merrilledge.com *.bac-assets.com *.bankofamerica.com *.bofa.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com data:; img-src 'self' *.baml.com *.ml.com *.merrilledge.com *.bac-assets.com *.bankofamerica.com *.bofa.com data: bat.bing.com googleads.g.doubleclick.net www.google.com cdn.cookielaw.org ad.doubleclick.net www.googletagmanager.com cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com cdnsecakmi.kaltura.com maps.gstatic.com maps.googleapis.com; 2 default-src 'none'; script-src 'nonce-492347efb4' 'strict-dynamic';script-src-elem 'self' 'nonce-492347efb4' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com; 2 default-src 'self'; script-src 'unsafe-eval' 'self' stats.aws.at unpkg.com www.google.com www.gstatic.com www.youtube.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com 'nonce-W59jk9Di9' 'nonce-fs4B35gA'; style-src 'self' 'unsafe-inline' fast.fonts.net unpkg.com fonts.gstatic.com; img-src 'self' data: unpkg.com *.tile.openstreetmap.org stats.aws.at; frame-src www.google.com www.youtube.com www.youtube-nocookie.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com; font-src 'self' data: fast.fonts.net fonts.gstatic.com; connect-src 'self' stats.aws.at nominatim.openstreetmap.org api.mapbox.com letter.eyepin.com 2 frame-ancestors https://*.myworldfix.com https://*.beesads.com https://*.gamebridge.games http://*.gamebridge.games 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com http://*.webvisor.com https://webvisor.com http://webvisor.com 2 frame-ancestors *.morganstanley.com *.eatonvance.com *.calvert.com *.parametricportfolio.com *.pem.org 2 default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://analytics.google.com/ https://metrics.hotjar.io https://www.youtube.com/ https://www.google.com https://www.gstatic.com https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://www.w3.org https://*.addtoany.com https://www.google-analytics.com/ https://content.hotjar.io/ https://analytics.google.com https://stats.g.doubleclick.net/ www-widgetapi.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.toppanmerrill.com/ https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.facebook.net https://cdn.semrush.com https://yoast.com https://www.semrush.com https://pi.pardot.com https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://cdn.livechat-static.com https://go.toppanmerrill.com https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.livechatinc.com/ https://consent.cookiefirst.com/ https://script.hotjar.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://static.addtoany.com https://*.gstatic.com https://www.youtube.com https://www.google.com https://googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://script.hotjar.com wss://ws.hotjar.com/ https://content.hotjar.io https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://consent.cookiefirst.com https://www.w3.org https://maxcdn.bootstrapcdn.com/; img-src 'self' 'unsafe-inline' data: https://cdn.livechat-static.com https://i.ytimg.com https://api.text.com https://yoast.com https://yoa.st https://ps.w.org https://px4.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.s.w.org https://www.google-analytics.com/ https://forms.hsforms.com https://track.hubspot.com forms-na1.hsforms.com https://px.ads.linkedin.com; connect-src 'self' https://stats.addtoany.com/menu https://www.semrush.com https://my.yoast.com https://cdn.livechatinc.com https://api.cookiefirst.com https://vc.hotjar.io https://yoast.com https://metrics.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://googleads.g.doubleclick.net https://content.hotjar.io/ wss://ws.hotjar.com https://px.ads.linkedin.com https://www.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com; font-src 'self' 'unsafe-inline' data: https://s0.wp.com https://fonts.gstatic.com; frame-ancestors 'self' toppanmerrill.my.salesforce.com toppanmerrill.lightning.force.com content.toppanmerrill.com toppanmerrill.seismic.com; frame-src 'self' 'unsafe-inline' https://cdn.semrush.com https://www.googletagmanager.com/ https://connect.livechatinc.com https://secure.livechatinc.com https://www.youtube-nocookie.com/ https://go.toppanmerrill.com/ https://w.soundcloud.com/ https://www.google.com/ https://www.youtube.com/ https://static.addtoany.com/; worker-src blob: 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src data: 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2 frame-ancestors 'self' https://config.strato.de https://config.strato.de https://config.strato.es https://config.strato.fr https://config.strato-hosting.co.uk https://config.strato.nl https://config-staging.strato.de 2 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.caf.io 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2g43ubxtnccwi.cloudfront.net *.site24x7rum.eu apps.euw2.pure.cloud *.apps.euw2.pure.cloud api.mypurecloud.ie *.api.mypurecloud.ie *.curzon.com *.movio.co *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.ccdc02.com *.kaptcha.com *.vista.co *.vistamanaged.services *.paypalobjects.com *.site24x7rum.com platform-api.sharethis.com buttons-config.sharethis.com count-server.sharethis.com *.onetrust.com cdn.cookielaw.org code.jquery.com connect.facebook.net *.ads-twitter.com *.twitter.com t.co td.yieldify.com t.co td.yieldify.com analytics.tiktok.com googleads.g.doubleclick.net custom.yieldify.com https://static.cloudflareinsights.com; media-src blob: *.cloudfront.net *.vistamanaged.services film-cdn.moviexchange.com; style-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com *.googleapis.com *.vistamanaged.services fonts.gstatic.com *.curzon.com cdn.cookielaw.org; font-src 'self' *.curzon.com *.googleapis.com fonts.gstatic.com *.yieldify-production.com data:; img-src data: 'unsafe-eval' blob: *; connect-src blob: *; frame-src td.yieldify.com *.youtube.com https://www.google.com/ https://checkout.paypal.com/ https://www.paypal.com https://assets.braintreegateway.com/ https://c.paypal.com/ https://geo.cardinalcommerce.com https://secure5.arcot.com https://centinelapi.cardinalcommerce.com https://www.googletagmanager.com https://td.doubleclick.net *; frame-ancestors 'self'; object-src 'self' *.braintreegateway.com; worker-src 'self' blob: *.braintreegateway.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 2 default-src 'unsafe-inline' https:; img-src data: https: 2 default-src 'self' https://hhglobal.com https://www.hhglobal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.clickagy.com/ https://js.zi-scripts.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com https://player.vimeo.com https://www.youtube.com https://snap.licdn.com/ https://secure.intelligent-business-wisdom.com/ https://marketing.hhglobal.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://decoupledhhg.wpengine.com/; img-src 'self' data: https://www.hhglobal.com https://www.googletagmanager.com/ https://ps.w.org https://secure.gravatar.com/ https://px.ads.linkedin.com/ https://i.vimeocdn.com https://cdn.cookielaw.org/ https://marketing.hhglobal.com; object-src 'none' ; font-src 'self' data: ; frame-src 'self' https://hemsync.clickagy.com/ https://player.vimeo.com/; connect-src 'self' https://js.zi-scripts.com/ https://aorta.clickagy.com/ https://hemsync.clickagy.com/ https://region1.google-analytics.com/ https://submit-form.com https://px.ads.linkedin.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://idx.liadm.com/; worker-src 'self' https://hhglobal.com https://www.hhglobal.com; frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ https://noname-drink.appspot.com/stats; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/; img-src 'self' data: https://*.tile.openstreetmap.org http://*.tile.openstreetmap.de; frame-src 'self' https://pizza.noname-ev.de 2 default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation; base-uri 'self'; form-action 'self' 2 default-src 'self'; base-uri 'none'; frame-src https:; object-src 'none'; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; 2 frame-ancestors https://*.dsw.nl https://*.dsw.lan 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com player.vimeo.com js.hsforms.net cdn.cookielaw.org privacyportal-na01-cdn.onetrust.com code.jquery.com static.addtoany.com pi.pardot.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.cookielaw.org privacyportal-na01-cdn.onetrust.com; font-src 'self' fonts.gstatic.com; img-src 'self' https://onecallcm.com data: cdn.cookielaw.org f.hubspotusercontent20.net forms-na1.hsforms.com www.google-analytics.com; frame-src player.vimeo.com www.google.com static.addtoany.com; connect-src 'self' cdn.cookielaw.org forms.hsforms.com privacyportal-na01-cdn.onetrust.com privacyportal-na01.onetrust.com hubspot-forms-static-embed.s3.amazonaws.com analytics.google.com www.google-analytics.com pi.pardot.com; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2 frame-ancestors 'self' https://testbed.filecloudlabs.com https://ce.filecloud.com; 2 frame-ancestors 'self' http://www.rslcontent.co.uk; 2 default-src 'self' *.berger-levrault.com; img-src 'self' sdk.privacy-center.org data: *.berger-levrault.com *.analytics.google.com *.google.es *.wistia.com wp-rocket.me *.google-analytics.com *.gravatar.com https://s.w.org https://gravityforms.s3.amazonaws.com https://gravityforms.s3.amazonaus.com *.gstatic.com *.googleapis.com; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' sdk.privacy-center.org *.google.ca google.ca *.google.com google.com *.en25.com *.licdn.com *.facebook.net *.google.es *.googleadservices.com googleadservices.com *.helpscout.net *.wistia.com *.hcaptcha.com *.matomo.cloud *.mxpnl.com https://hcaptcha.com *.cloudflare.com *.googleapis.com *.googletagmanager.com https://www.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.berger-levrault.com *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.gstatic.com; connect-src 'self' *.googlesyndication.com *.facebook.com *.linkedin.com *.doubleclick.net api.privacy-center.org *.google.com *.analytics.google.com *.helpscout.net *.wistia.com *.litix.io *.cloudfront.net *.matomo.cloud *.hcaptcha.com *.gstatic.com *.googleapis.com *.google-analytics.com *.yoast.com yoast.com *.berger-levrault.com; frame-src 'self' mailto: tel: *.googletagmanager.com *.facebook.net *.berger-levrault.com *.hcaptcha.com *.youtube.com *.youtube-nocookie.com wp-rocket.me; media-src 'self' blob: *.berger-levrault.com *.wistia.net 2 default-src 'unsafe-inline' 'unsafe-eval' https: data: 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src *; connect-src * https://*.decibelinsight.net * https://*.decibel.com * wss://collection.decibelinsight.net/i/14080/ * wss://*.decibelinsight.net; report-uri /report-csp-violation; upgrade-insecure-requests 2 connect-src 'self' content.layershift.com maps.googleapis.com vercel.live stats.layershift.com sentry-new.tidio.co socket.tidio.co api-v2.tidio.co api.stripe.com hcaptcha.com *.hcaptcha.com https: wss:; script-src 'self' content.layershift.com js.stripe.com *.js.stripe.com maps.googleapis.com vercel.live stats.layershift.com code.tidio.co widget-v4.tidiochat.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; frame-src *.js.stripe.com js.stripe.com hooks.stripe.com hcaptcha.com *.hcaptcha.com calendar.google.com; style-src 'self' fonts.googleapis.com https: 'unsafe-inline'; img-src content.layershift.com static.layershift.com maps.gstatic.com cdnjs.cloudflare.com data: https: 'self' data:; font-src 'self' content.layershift.com static.layershift.com fonts.gstatic.com https: data:; object-src 'none'; base-uri 'self' https://stats.layershift.com; form-action 'self'; frame-ancestors https://stats.layershift.com; block-all-mixed-content; upgrade-insecure-requests; 2 frame-ancestors 'self' ida-akdb.coyocloud.com *.akdb.de *.akdb.net *.gkds.bayern *.gkds.de *.bay-innovationsstiftung.de *.innovationsstiftung.bayern www.akdb-kommunalforum.de 2 base-uri 'self'; default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'self' https://mppp.gob.ve 'unsafe-inline' 'unsafe-eval'; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:;img-src 'self' https://assets.elementor.com https://s.w.org https://secure.gravatar.com https://premiumaddons.com https://storage.googleapis.com https://ps.w.org https://s0.wp.com blob: data:;frame-src 'self' https://www.youtube.com https://leap13.github.io blob:;form-action 'self' https://mppp.gob.ve; 2 frame-ancestors 'self'; object-src 'none'; frame-src 'self' youtube.com www.youtube.com google.com www.google.com secure.livechatinc.com www.paypal.com paypal.com ct.pinterest.com accounts.google.com www.googletagmanager.com data:; 2 default-src 'self' data: *.googlesyndication.com mywishlist.ru *.w3.org finance.ua *.google.com.ua googleads.g.doubleclick.net *.google.com img.gismeteo.ru partner.googleadservices.com; style-src 'self' 'unsafe-inline'; 2 frame-src 'self' *.googletagmanager.com *.youtube.com *.fieldera.com www.google.com *.incontact.com *.doubleclick.net; upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.norstat.co https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://px.ads.linkedin.com; img-src 'self' blob: data: https://*.norstat.co https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.googleadservices.com https://google.com https://*.google.com https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it https://*.google.nl https://*.google.es https://*.google.ee https://*.google.lv https://*.google.lt https://*.google.be https://*.google.at https://*.google.ch https://*.google.pl https://*.google.ie https://*.google.cz https://*.google.co.uk http://imgsct.cookiebot.com/ https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.norstat.no; frame-src 'self' https://*.norstat.co https://track.norstatpanel.com https://services.norstat.no https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://www.googletagmanager.com https://td.doubleclick.net https://px.ads.linkedin.com https://consentcdn.cookiebot.com; connect-src 'self' https://*.norstat.co https://norstat-client-portal.s3.eu-north-1.amazonaws.com https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it https://*.google.nl https://*.google.es https://*.google.ee https://*.google.lv https://*.google.lt https://*.google.be https://*.google.at https://*.google.ch https://*.google.pl https://*.google.ie https://*.google.cz https://*.google.co.uk https://google.com https://pagead2.googlesyndication.com https://sgtm.norstat.co https://consentcdn.cookiebot.com https://consent.cookiebot.com https://px.ads.linkedin.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com https://6016449.global.siteimproveanalytics.io/heat.aspx https://6016449.global.siteimproveanalytics.io/image.aspx https://uploads.commoninja.com *.optimizely.com *.udc-neb.kampyle.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/ https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net https://siteimproveanalytics.com/js/siteanalyze_6016449.js https://code.jquery.com/jquery-3.3.1.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js *.cdn.commoninja.com *.commoninja.com *.cdn.commoninja.com/wr/static https://code.jquery.com/jquery-3.6.3.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdn.optimizely.com/js/22793102135.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/22793102135.js *.optimizely.com https://tags.srv.stackadapt.com https://js.monitor.azure.com *.herbgreencolumn.com https://qvdt3feo.com/events.j;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly https://tags.srv.stackadapt.com;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/ https://calendar.google.com/ https://accounts.google.com/ https://a22793102135.cdn.optimizely.com/ https://capture.navattic.com/ https://td.doubleclick.net/ https://datawrapper.dwcdn.net;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com https://go.maplecroft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://cdn.commoninja.com/api/v1/embed/e594afb2-85be-48ad-9c87-8296dafe748f *.optimizely.com *.hotjar.io *.linkedin.oribi.io *.google.com https://maps.googleapis.com/ https://srv.stackadapt.com https://tags.srv.stackadapt.com *.googlesyndication.com https://px.ads.linkedin.com; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 2 frame-ancestors 'self' ifrm.insurify.com ica.compare.com; 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrica.yandex.com https://webvisor.com; 2 default-src https: 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; frame-src https:; img-src 'self' data: https:; report-uri /web-api/report-to/csp-enforce; font-src 'self' data:; 2 default-src www.youtube.com www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' *.etracker.com www.etracker.de https://*.jwpcdn.com; connect-src 'self' www.etracker.de https://*.jwpcdn.com; img-src 'self' data: i.creativecommons.org licensebuttons.net/l *.bmwi.de www.existenzgruender.de; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; font-src 'self' https://*.jwpcdn.com; frame-ancestors 'self'; form-action 'self'; media-src 'self'; 2 frame-ancestors 'self' *.everwisecu.com *.zagclients.net everwisecu.sharepoint.com 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.dualstackdns.com 2 default-src 'self' www.motabilityoperations.co.uk www.mo.co.uk *.clarity.ms *.bing.com *.mapbox.com ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.jwpsrv.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.co.uk *.umbraco.com *.umbraco.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.motabilityoperations.co.uk www.mo.co.uk *.clarity.ms *.bing.com *.mapbox.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.co.uk ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.jwpsrv.com ; style-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.co.uk; img-src 'self' *.clarity.ms *.bing.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.co.uk *.umbraco.com *.umbraco.org data: www.motabilityoperations.co.uk www.mo.co.uk *.mapbox.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.co.uk umbraco.tv ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.jwpsrv.com; font-src 'self'; media-src 'self' blob: data: ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.jwpsrv.com www.motabilityoperations.co.uk www.mo.co.uk *.clarity.ms *.bing.com *.mapbox.com; object-src 'self' blob: data: www.motabilityoperations.co.uk www.mo.co.uk *.mapbox.com ssl.p.jwpcdn.com *.jwplayer.com *.jwpltx.com *.jwpsrv.com *.clarity.ms *.bing.com; 2 frame-ancestors 'self' https://www.chasepaymentechhostedpay.com; 2 default-src *; worker-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * blob: data:; font-src *; img-src * blob: data:; form-action *; frame-ancestors *; upgrade-insecure-requests; style-src * 'unsafe-inline'; 2 frame-ancestors *; upgrade-insecure-requests 2 frame-src https://global.frcapi.com https://eu.frcapi.com https://www.youtube-nocookie.com https://www.youtube.com https://piwik.bzga.de https://www.check-dein-spiel.de; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; connect-src https://www.check-dein-spiel.de https://piwik.bzga.de 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data:; img-src 'self' https://piwik.bzga.de https://*.openstreetmap.org data:; 2 style-src 'self' static.warpcs.org 'report-sample'; script-src 'self' static.warpcs.org x-0008.p.u9sv.com x-001a.p.u9sv.com 'sha256-Deekn20h+++EarpL0nFQLX7JSJv7s/2W9f988ZFAh14=' 'report-sample'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; report-to sec-endpoint; report-uri https://api.warpcs.org/v2/meta/report?t=sec 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/* https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 2 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://hdsunflower-hd1.ycb.me *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://firebasestorage.googleapis.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.shopify.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://embed.ycb.me https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com/apps/app/dist/js/loader.js *.addthis.com *.moatads.com *.addthisedge.com *.pintere