Values for content-security-policy:
upgrade-insecure-requests 14,772
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 10,117
upgrade-insecure-requests; 7,163
frame-ancestors 'self' 6,059
block-all-mixed-content 3,041
frame-ancestors 'self'; 1,810
block-all-mixed-content; 1,368
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,086
frame-ancestors 'none' 1,067
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 746
frame-ancestors 'none'; 572
default-src https: data: 'unsafe-inline' 'unsafe-eval' 453
frame-ancestors 'self' https://*.ally.ac; 449
frame-ancestors 'self' ; 399
img-src https: data:; upgrade-insecure-requests 346
328
default-src * data: 'unsafe-eval' 'unsafe-inline' 294
report-uri /report-csp-violation 255
report-to network-errors 246
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 196
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com 160
object-src 'none' 160
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 155
upgrade-insecure-requests; frame-ancestors 'self' 127
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com https://player.vimeo.com/api/player.js;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ;  img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com;  font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://*.wnu.com https://wnu.com https://devportal.cb.dev ;  manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ;  report-uri https://report-uri.mmcdn.com/r/t/csp/enforce; 109
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 103
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 101
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 101
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 100
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 98
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 94
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 87
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 87
default-src 'self' http: https: data: blob: 'unsafe-inline' 87
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 86
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 79
frame-ancestors * 76
default-src 'none' 76
frame-ancestors 'self'; upgrade-insecure-requests 72
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 71
frame-ancestors https://s.salla.sa 69
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 67
report-uri /report-csp-violation; upgrade-insecure-requests 64
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 64
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 64
child-src * blob: 64
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 63
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 61
frame-ancestors about: 'self' 60
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 58
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 58
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 58
default-src * 'unsafe-eval' 'unsafe-dynamic' 'unsafe-inline' data: blob: 54
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 53
frame-ancestors 'self' *.google.com *.googleusercontent.com 53
frame-ancestors 'self' https://cms.scrippsdigital.com 49
default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob: 49
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://i.instagram.com/graphql_www https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com https://*.od.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://*.fbsbx.com; object-src 'none'; upgrade-insecure-requests 46
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 46
frame-ancestors 'self' http://webvisor.com 45
self 43
frame-ancestors 'self' cambuilder.com *.cambuilder.com sexroulettelive.net *.sexroulettelive.net; report-uri /api/csp-report; 42
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 42
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com; 41
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 41
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.pingdom.net *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com livejasmin.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com *.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com zubivu.com *.xxxjmp.com *.feelpornx.com *.crjugate.com *.hqscene.com *.xlviirdr.com adulttime.xxx *.adulttime.xxx *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 40
base-uri 'self'; 40
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 39
frame-ancestors 'self' www.bookends.info *.bookends.info 39
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 38
frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 38
* 37
default-src 'self' 36
script-src 'self'    36
upgrade-insecure-requests;connect-src * 36
frame-ancestors 'self' azeu.marketing.adobe.com 35
script-src 'unsafe-inline' 'unsafe-eval' http: https: 35
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 34
default-src 'self'; 34
upgrade-insecure-requests; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https:; media-src 'self' blob: https:; worker-src blob:; connect-src 'self' https:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline';base-uri 'self';form-action 'self' *.eschoolview.com syndication.twitter.com platform.twitter.com https://script.google.com/macros/; font-src 'self' https: data:; object-src 'none'; child-src https:; frame-src https:; frame-ancestors https:; 34
upgrade-insecure-requests; block-all-mixed-content; 33
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com 32
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 32
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 32
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 31
frame-ancestors self 31
img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 31
frame-ancestors 'self' ; base-uri 'self'; 30
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 30
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com geolocation.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net js.usemessages.com *.go-mpulse.net t1.daumcdn.net bc.ad.daum.net wcs.naver.net www.googleoptimize.com assets.app.smart-tribune.com www.teachingenglish.org.uk/ snap.licdn.com/li.lms-analytics/insight.min.js https://bccdn.azureedge.net/product-finder/pf-bundle.js; 30
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 29
frame-ancestors 'self'; upgrade-insecure-requests; 29
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 29
base-uri 'self' 29
frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 29
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 29
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 29
frame-ancestors 'self' https://*.brightsites.co.uk; 28
default-src 'self'; script-src 'self' 'unsafe-inline' 27
upgrade-insecure-requests ; 27
default-src 'self' data: http://smartimaging.scene7.com wss: https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://yandex.ru https://forhandler.toyota.no https://*.garage-berset.ch;worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; 27
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 26
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 26
default-src 'self' blob: wss: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; img-src 'self' data: https:;  report-uri https://monitor.ebay.com/csp-report/r1highlnfe38/Highline_Homepage?id=local 25
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 25
frame-ancestors 25
default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 25
frame-ancestors none; 25
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 25
default-src 'self'; connect-src *.g.doubleclick.net 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com; media-src 'none'; object-src 'none'; script-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com optimize.google.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 24
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 24
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com cdn.livechatinc.com api.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com; report-uri https://content-api.canon-europe.com/cspreport/webapp/ 24
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 24
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 24
require-trusted-types-for 'script';report-uri /cspreport 23
frame-ancestors 'self' https://stg-shop.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://resource.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwstage.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in https://shop.nvidia.com https://resource.nvidia.com; 23
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 23
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src * blob: ; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 23
frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 23
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 23
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 22
frame-ancestors 'self'; report-uri /report-csp-violation 22
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 22
frame-ancestors https://*.poki.io http://localhost:1234 22
frame-ancestors none 22
frame-src * 22
default-src 'self' 'unsafe-inline' 22
upgrade-insecure-requests; block-all-mixed-content 21
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 21
script-src 'self' 21
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 20
connect-src http://ip-api.com/ 'self' https: data: 20
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 20
default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: 20
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 20
frame-ancestors 'self' https://preview.citynavigator.nl 20
upgrade-insecure-requests; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ hcaptcha.com *.hcaptcha.com https://www.youtube.com/embed/; frame-ancestors 'self' *.indeed.com  ; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net creative.statics.indeed.com d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net d3nbup7htlluyi.cloudfront.net d23zm5r1n38khq.cloudfront.net d314bftfgh5fa0.cloudfront.net https://indeed-labs-jp-baito.s3.amazonaws.com https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://*.tvpixel.com/* https://*.optimizely.com/* https://d.turn.com/* https://idsync.rlcdn.com/* https://pt.ispot.tv https://ad.doubleclick.net/ddm/ https://d.hodes.com https://bs.serving-sys.com https://i.ytimg.com/; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3fw5vlhllyvee.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net creative.statics.indeed.com d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net d314bftfgh5fa0.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/ https://www.google.com/recaptcha/ hcaptcha.com *.hcaptcha.com https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://d3fw5vlhllyvee.cloudfront.net/frontend-sentry-bundle/v1.1.2/js/sentry.js https://apis.google.com/js/platform.js https://app-sj07.marketo.com/js/forms2/js/forms2.min.js https://browser.sentry-cdn.com/4.3.3/bundle.min.js https://browser.sentry-cdn.com/4.4.2/bundle.min.js https://*.tvpixel.com/* https://*.optimizely.com/* https://cdn.optimizely.com/js/10668710116.js https://munchkin.marketo.net/munchkin.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/ https://d2k1bn3ko1qk4.cloudfront.net https://itad.indeed.com/* https://pres.indeed.com/* https://d.hodes.com https://bs.serving-sys.com; 19
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru *.jivo.ru *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com public-api.timeweb.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com 19
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net https://unpkg.com/web-vitals/dist/ events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi;frame-ancestors 'self'; 19
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 19
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; 19
frame-ancestors *; 19
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a 19
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 18
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 18
none 18
block-all-mixed-content; frame-ancestors 'self' 18
prefetch-src *.metart.com *.metartnetwork.com *.hustler.com *.metartmoney.com *.google-analytics.com *.googletagmanager.com;default-src 'self' blob: *.metart.com *.metartnetwork.com *.hustler.com;connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metart.com *.metartnetwork.com *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.sentry.io;style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com *.metart.com *.metartnetwork.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.metart.com *.metartnetwork.com *.vwo.com;script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metart.com *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com;frame-src 'self' *.twitter.com *.hustler.com *.metart.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.metart.com *.metartnetwork.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.hustlerlive.com *.barelylegallive.com *.vscdns.com;media-src 'self' data: blob: *.nsimg.net *.metart.com *.hustler.com *.metartnetwork.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 18
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 18
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com 17
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 17
frame-ancestors 'self' *.affino.com; 17
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 17
default-src='self' 17
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net  *.bing.com  *.ccmp.eu  *.cookiebot.com  *.edge-cdn.net   *.google-analytics.com  *.googletagmanager.com  *.lidl  *.lidl-flyer.com  *.lidl.com  *.lidl.net *.vdc.lidl  *.multichannelacd.de  *.secrz.de  *.virtualearth.net  ads.yahoo.com  advdl.ammadv.it  analytics.google.com  assets.zendesk.com  c.imedia.cz  cm.g.doubleclick.net  connect.facebook.net  d.adroll.com  d.adroll.mgr.consensu.org  form.lidl.com  googleads.g.doubleclick.net  lidl.media01.eu  lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz  s.adroll.com  s.ytimg.com  tagmanager.google.com  track.adform.net  us-u.openx.net  www.dwin1.com  www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com; img-src 'self' data: *.assets.schwarz *.bing.com *.ccmp.eu *.content.force.com *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.leaflets.schwarz *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.vdc.lidl *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de www.google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.vdc.lidl *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net *.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net *.cookiebot.com; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.vdc.lidl *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl; 17
default-src 'self'; frame-ancestors 'self' flex.cybersource.com; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com; style-src * 'unsafe-inline'; font-src * data:; connect-src * 17
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 17
default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' https: 17
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 17
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com 'sha256-vHPdDd1XiX8MoRZA440ghWkFcly/rVw9GwywCYO6zk0=' 17
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.cloud.sap *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.cloud.sap *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 16
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 16
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/ https://bat.bing.com/ https://*.clarity.ms/ https://boards.greenhouse.io/ https://analytics.tiktok.com/ https://www.youtube.com/ https://*.pcdn.co/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://*.pcdn.co/; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net https://www.snapengage.com https://*.pcdn.co/; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://iframe.dacast.com https://www.facebook.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://optimize.google.com www.snapengage.com https://boards.greenhouse.io/ https://*.pcdn.co/; font-src 'self' https://fonts.gstatic.com data: https://*.pcdn.co/; connect-src 'self' https://*.amazonaws.com https://google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://analytics.google.com https://www.facebook.com/tr/ https://www.snapengage.com https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/ https://analytics.tiktok.com/ https://*.clarity.ms/ https://*.pcdn.co/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 16
object-src 'none'; base-uri 'self' 16
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 16
base-uri 'self'; frame-ancestors 'self' 16
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src https: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data: 16
frame-ancestors devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:*; 16
frame-ancestors 'self' *.plentymarkets-cloud-de.com 16
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 15
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.rijksoverheid.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 15
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 15
reflected-xss block 15
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 15
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://vp-wmdev.3cx.net https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.loom.com/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 15
frame-ancestors 'self' https://*.funkedigital.de; 15
block-all-mixed-content; upgrade-insecure-requests 15
object-src 'none'; form-action 'self' 15
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 15
frame-ancestors 'self' cbsplit.com; 15
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 14
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 14
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 14
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org privacyportal.onetrust.com www.google-analytics.com *.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com  cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com cdn.jsdelivr.net *.pricespider.com api.mapbox.com atentochile.s1gateway.com maps.googleapis.com events.mapbox.com *.coke.com *.coca-cola.com *.yimg.com *.ccnag.com *.ads-twitter.com www.googleadservices.com sc-static.net *.sprinklr.com *.demdex.net *.adobedc.net googleads.g.doubleclick.net unpkg.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org ajax.googleapis.com www.cdnjs.cloudflare.com cdnjs.cloudflare.com geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com *.twitter.com www.instagram.com connect.facebook.net *.krxd.net *.amazonaws.com www.google.com www.youtube.com rpxnow.com d29usylhdk1xyu.cloudfront.net s.ytimg.com www.gstatic.com unpkg.com atentochile.s1gateway.com  stackpath.bootstrapcdn.com cdn.jsdelivr.net *.pricespider.com api.tiles.mapbox.com bugcrowd.com assets.bugcrowdusercontent.com *.coke.com *.coca-cola.com *.yimg.com *.ads-twitter.com audio4.audima.co  *.googleadservices.com sc-static.net *.analytics.yahoo.com *.sprinklr.com *.adobedtm.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net *.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.pricespider.com atentochile.s1gateway.com *.tiles.mapbox.com *.sprinklr.com *.coke.com unpkg.com; font-src 'self' data: use.typekit.net fonts.gstatic.com atentochile.s1gateway.com *.sprinklr.com *.coke.com; frame-src 'self' *; frame-ancestors 'self' bugcrowd.com editor.wallboard.info; manifest-src 'self' data:; worker-src blob:; child-src blob:; 14
default-src http:; img-src * data:; script-src http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 14
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 14
default-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscglobal.com *.hsforms.com *.zoominfo.com *.amazonaws.com *.swiftypecdn.com  *.swiftype.com script.crazyegg.com download.pwc.com rum-collector-2.pingdom.net *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com https://lat9412.d41.co; script-src 'self' *.cscglobal.com cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net csc.global optimize.google.com https://lat9412.d41.co/ https://cdn-0.d41.co/ rum-static.pingdom.net ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com so.rlcdn.com ecf.d41.co snap.licdn.com 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-swM91haG/X9NG/nV9rXrrY+cIqOCdGL4wblE7Iv1YUE=' 'sha256-/uSbLCfpM9k9Ms2kyFxMg/iUge7hkKPLPIaXSFh3koM=' 'sha256-dRACfvF3R4ee851y3xf7SIPIwtmjsDrOhsTc+gDeDw8=' 'sha256-hmE0tSja9Q9GP0wLrO8tzHPEJAXZD3GYnvy1bLBQUQI=' 'sha256-wdnpbUQepL3OqCek7EWeNGLhuQ9cTh4oybMGf+oQlHY=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-BxEMh+6tFvrZlYExVj3AlGauJ7rpjeREdiHzW9fN2Us=' 'sha256-pgPbbrrZtCA12hoxSpz8mkS2hBSjoXkAPzAEQncISIA='; style-src 'self'  'unsafe-hashes' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net ocp.cscglobal.com csc.global ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com tagmanager.google.com ssl.gstatic.com *.gstatic.com 'sha256-89lNUMxD1y50uf+7hLjBbuwuFpAVq3EEOFuE5PzDY+4=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-wdnpbUQepL3OqCek7EWeNGLhuQ9cTh4oybMGf+oQlHY=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-OxgCgRZBobiLhf/gEJjA95lcSJ/2OoojGiOg+0Gh4/Q=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-BxEMh+6tFvrZlYExVj3AlGauJ7rpjeREdiHzW9fN2Us=' 'sha256-pgPbbrrZtCA12hoxSpz8mkS2hBSjoXkAPzAEQncISIA='; img-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' cscwebcontentstorage.blob.core.windows.net cscdbs.com *.cscdbs.com netnames.fr *.netnames.fr dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com; object-src 'none' 14
default-src 'self' 'unsafe-inline' *.azureedge.net;script-src 'self' 'unsafe-inline' *.azureedge.net *.cookielaw.org *.onetrust.com *.phantomcamera.de *.phantomcamera.es *.phantomcameras.cn *.phantomcamera.fr *.precitech.com *.precitech.com.de *.ametek.com *.ametekweb.com *.sunpowerinc.com *.ameteksi.com *.ortec-online.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.ametek-land.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.techmfg.cn *.techmfg.de *.techmfg.jp *.techmfg.es *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com https://go.universalanalyzers.com https://go.store.universalanalyzers.com https://go.pardot.com https://go.obcorp.com https://go.csiheat.com https://go.cardinaluhp.com https://go.barbenanalytical.com https://optinmonster.com https://cdn.datatables.net 'unsafe-eval';style-src * 'unsafe-inline' *.azureedge.net;font-src * 'unsafe-inline' *.azureedge.net data:;img-src * 'unsafe-inline' *.azureedge.net data:;frame-src * 'unsafe-inline' *.azureedge.net;connect-src * 'unsafe-inline' *.azureedge.net;worker-src 'self' *.azureedge.net blob:;media-src 'self' *.boltdns.net *.akamaihd.net *.azureedge.net blob:;object-src 'unsafe-inline' *.azureedge.net 'self' 14
img-src *; 14
script-src * 'unsafe-inline' 'unsafe-eval' 14
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.us.coca-cola.com; frame-src  https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline' 'self' maps.google.com maps.googleapis.com www.google.com; 14
default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 14
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 14
policy-definition 14
frame-ancestors https://citylightcloud.com 14
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 13
frame-ancestors https://*.marketo.com 13
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 13
frame-ancestors 'self' *.ci360.sas.com 13
frame-ancestors 'self'; object-src 'none'; 13
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org;media-src www.lntvglobal.com;worker-src 'self' blob: 13
referrer origin 13
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com; object-src 'none' 13
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 13
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn *.brandaplb.ford.com *.brandap.ford.com  *.brandap.lincoln.com *.brandaplb.lincoln.com  *.blueland.fordstore.com.cn  *.fordstore.com.cn  *.brandauthoraplb.ford.com  *.hosts.cloud.ford.com *.ford.com.tw  *.lincoln.com.cn  *.blueland.com.cn  *.brandapftzlb.ford.com.cn *.wwwqa.brandap.ford.com *.wwwint.brandap.ford.com *.wwwdev.brandap.ford.com *.apps.pp01.cneast.cf.ford.com.cn; connect-src https: wss: blob:; font-src https: data:; img-src https: data: blob:; media-src https:  blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self';worker-src 'self' blob:; script-src-elem 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-attr 'unsafe-inline'  'unsafe-eval' blob: https:; style-src-attr 'unsafe-inline'  https:; style-src-elem 'unsafe-inline'  https:;upgrade-insecure-requests; 13
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 13
policy 13
default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 13
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 13
frame-ancestors 'self', upgrade-insecure-requests 12
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.clarivate.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://tag.demandbase.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 12
img-src data: https: 12
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 12
upgrade-insecure-requests; base-uri 'self' 12
frame-ancestors "none" 12
; 12
form-action 'self' 12
frame-ancestors 'none' ; 12
default-src * data: 'unsafe-inline' 'unsafe-eval' 12
default-src wss: blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src wss: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com *.noibu.com ; img-src 'self' https: data: blob:; font-src 'self' data: https: ; 12
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 12
frame-ancestors 'self' https://translate.google.com 12
; frame-ancestors 'self' 12
frame-ancestors 'self' *.facebook.com *.vk.com https://webvisor.com http://webvisor.com 12
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 12
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://www.facebook.com https://*.bing.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://chat.slotv.com https://chat.slotv.se https://chat.slotv.de https://chat.slotv.ro https://chat.cslotv.com https://*.snapchat.com; font-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://fonts.gstatic.com data: https://ui.invisiblesport.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.slotv.com https://chat.slotv.se https://chat.slotv.de https://chat.slotv.ro https://chat.cslotv.com; frame-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://ui.invisiblesport.com https://cf-mt-cdn2.relaxg.com https://tk-game-mt1.thunderkick.com https://gamelaunch.wazdan.com https://*.unetsafe.com https://*.zignsec.com https://www.facebook.com bankid://* wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.trustly.com https://tpc.googlesyndication.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://chat.slotv.com https://chat.slotv.se https://chat.slotv.de https://chat.slotv.ro https://chat.cslotv.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com localhost:40000 https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://connect.facebook.net https://*.bing.com https://*.cloudflare.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.sptpub.com *.visualwebsiteoptimizer.com https://app.vwo.com https://cdn-cn.vwo-analytics.com https://chat.slotv.com https://chat.slotv.se https://chat.slotv.de https://chat.slotv.ro https://chat.cslotv.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com *.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net; style-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://fonts.googleapis.com 'unsafe-inline' https://ui.invisiblesport.com https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.slotv.com https://chat.slotv.se https://chat.slotv.de https://chat.slotv.ro https://chat.cslotv.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 12
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 11
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 11
font-src *; frame-ancestors 'self' https://logmein.pathfactory.com https://explore.logmein.com 11
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com http://static.virtualroi.com/; 11
frame-ancestors 'self' *.freshworks.com *.freshdesk.com *.freshservice.com *.myfreshworks.com *.freshcaller.com *.freshteam.com *.freshchat.com *.freshping.io *.freshrelease.com *.freshstatus.io *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 11
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 11
frame-ancestors http://kpmg.experiencecloud.adobe.com 11
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 11
upgrade-insecure-requests; frame-ancestors 'self'; 11
frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 11
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 11
default-src * 'unsafe-inline' 'unsafe-eval' data: blob 11
default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 11
font-src *.vggcdn.net cdn.viagogo.net https://fonts.gstatic.com data:; report-uri https://wt.viagogo.net/cspr;  11
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.perbit-job.de *.podigee-cdn.net *.podigee.io *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io  *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.wirecard.com *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.sli.do b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdn.rlets.com cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de cottbus-ihk-pruefungen.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net hk24.perbit-job.de hk24.perbit-job.de  html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-darmstadt-portal.rexx-recruitment.com ihk-hl.gr-live.de ihk-potsdam.perbit-job.de ihk-schwerin.wahlplus.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com inx.odav.de isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html maps2.sylphen.com maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net service.tecintelli.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com static.issuu.com stats.g.doubleclick.net tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com vstdbv3 w.soundcloud.com walls.io web.ihk-pfalz.net web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.aufstiegs-bafoeg.de www.ausbildungslauf.de www.azubi-magdeburg-ihk.de www.bahn.de www.berufe.tv www.bso-hessen.de www.econda-monitor.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.vvs.de www.youtube-nocookie.com  ;  report-uri /blueprint/servlet/csplogging/logViolation ;  11
frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 11
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 11
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 11
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de; object-src 'self' *.verbraucherzentrale.de; 11
frame-ancestors https:; default-src 'self' app.gitbook.com api.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' app.gitbook.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.polyfill.io https://cdn.amplitude.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com *; form-action api-iam.intercom.io intercom.help; media-src *.intercomcdn.com; 11
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.ooklaserver.net; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn https://*.speedtestcustom.com https://speedtest.cableonda.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co https://api.retargetly.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://*.retargetly.com https://traffic.kickadsit.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://*.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io https://tigo.us9.list-manage.com https://www.youtube.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://maps.googleapis.com https://api.retargetly.com https://www.rtb123.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleapis.com https://tigobusiness.us6.list-manage.com https://analytics.twitter.com https://static.ads-twitter.com https://*.licdn.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://d2rp1k1dldbai6.cloudfront.net/cybba_latest.min.js https://*.retargetly.com https://traffic.kickadsit.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io https://*.speedtestcustom.com https://speedtest.cableonda.com https://prs.arkeero.net https://*.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.googletagservices.com https://*.googleapis.com https://*.googleadservices.com https://analytics.twitter.com https://static.ads-twitter.com https://sync.smartadserver.com https://*.cybba.solutions https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.net https://*.retargetly.com https://www.facebook.com https://traffic.kickadsit.com;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com https://*.speedtestcustom.com https://speedtest.cableonda.com https://www.googletagmanager.com/debug/badge.css; connect-src *; 11
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/ https://s7.addthis.com seaworld.com  https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* *.tvpixel.com https://dfp.bouncex.net/ https://consent-pref.trustarc.com/ https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com https://static.cloudflareinsights.com/ code.jquery.com maxcdn.bootstrapcdn.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ code.jquery.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com;frame-src 'self' s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/ https://match.adsrvr.org/ *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com%0d%0a;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/  https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/  wss://ws13.hotjar.com https://sts.eccmp.com/ https://spot.demostellar.com/1.3.0/spot.js https://api-cust1117.cheetahedp.com* https://api-cust1117.cheetahedp.com/ *.tvpixel.com *.google-analytics.com *.analytics.google.com https://talkdeskchatsdk.talkdeskapp.com; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/ *.google-analytics.com *.analytics.google.com; 11
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com 11
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 11
default-src https: 'unsafe-inline' 'unsafe-eval' 11
frame-ancestors 'self' *.vergic.com 11
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 11
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 11
'self' https://ajax.googleapis.com 11
frame-ancestors 'self' http://*.elsevier.es/ 11
default-src https:  wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 11
upgrade-insecure-requests; frame-ancestors: self 11
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 11
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 10
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be; 10
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com  wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 10
frame-ancestors 'self' https://premiersupport.intel.com; 10
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 10
frame-ancestors 'self' *.lycos.com 10
frame-ancestors 'self' http://localhost:* https://*.bustle.com 10
default-src 'self'; script-src 'self' 'unsafe-eval' https://*.m-pathy.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; connect-src 'self' https://assets.static-bahn.de wss://*.m-pathy.com https://*.m-pathy.com https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://dig-aboprod.noncd.db.de https://accounts.bahn.de; frame-src 'self' https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://www.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://db-streckenagent.hafas.de https://a791773171.cdn.optimizely.com/ https://*.m-pathy.com https://ps.bahn.de https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://fahrinfo.vbb.de https://kdialog-garantie.cs174.force.com https://regioforce.secure.force.com; frame-ancestors 'self'; style-src 'self' https://*.m-pathy.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' https://dig-aboprod.noncd.db.de; font-src 'self' https://dig-aboprod.noncd.db.de data:; img-src 'self' https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://dig-aboprod.noncd.db.de https://assets.static-bahn.de https://*.bahn.de data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de; 10
worker-src 'self' blob:;child-src 'self' https://b2b.yahooinc.com https://pages.oath.com https://www.youtube.com https://pages.yahooinc.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/ https://www.yahooinc.com https://b2b-media.yahooinc.com https://adtechpages.yahooinc.com/;frame-ancestors 'self' https://b2b.yahooinc.com https://b2b-media.yahooinc.com https://pages.yahooinc.com https://adtechb2b.yahooinc.com https://www.adtechb2b.yahooinc.com https://development.adtech.backyard.yahooinc.com https://testing.adtech.backyard.yahooinc.com https://production.adtech.backyard.yahooinc.com https://localhost:* 10
frame-ancestors *.ivanti.com https://dash.cloudflare.com 10
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.osi.gov.au https://*.cetc.gov.au 10
frame-ancestors 'self' *.psplugin.com 10
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 10
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 10
object-src 'none'; report-uri /report-csp-violation 10
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 10
default-src 'self'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant https://bat.bing.com/actionp/; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de https://*.instana.io; frame-ancestors 'self' https://www.gmx.at https://www.gmx.ch https://www.gmx.net https://web.de https://www.meinestadt.de http://www.meinestadt.de https://www.zeit.de https://home.1und1.de; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https: https://*.instana.io; font-src data: 'self' https://maxcdn.bootstrapcdn.com/font-awesome/ https://www.sovendus.com/banner-responsive/; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de https://translate.googleapis.com https://*.adyen.com; media-src 'self'; upgrade-insecure-requests; report-uri /ls/ 10
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com  https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com https://checkin.arriv.net https://checkin-stg.arriv.net https://checkin-dev.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://healthcheck-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://tbcdn.talentbrew.com https://www.panoskin.com https://lcp360.cachefly.net https://d2ybmd3wevur4k.cloudfront.net *.practicematch.com https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com https://checkin.arriv.net https://checkin-stg.arriv.net https://ms-prod.arriv.net https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com  https://*.youtube.com https://app-sj01.marketo.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com; media-src 'self' data: blob: https://media.tenethealth.com; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com https://www.tenethealthpacificcoast.com; frame-src *.marketo.com *.sitefinity.xyz 'self'  *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/ *.doubleclick.net *.doubleclick.com  https://givebutter.com https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com https://www.practicematch.com https://my.matterport.com https://viewer.panoskin.com https://www.modbee.com/ https://w3.cdn.anvato.net/ https://cdns.snacktools.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com https://www.tenethealthpacificcoast.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com *.tenethealthpacificcoast.com https://img.youtube.com https://radiomd.com https://o381876.ingest.sentry.io https://checkin.arriv.net https://checkin-stg.arriv.net https://healthcheck.arriv.net https://healthcheck-stg.arriv.net https://ms-dev.arriv.net https://ms-prod.arriv.net https://www.googleadservices.com https://code.jquery.com https://assets.grammarly.com https://stackpath.bootstrapcdn.com *.practicematch.com https://d2ybmd3wevur4k.cloudfront.net https://lcp360.cachefly.net/panoskin.min.js https://tbcdn.talentbrew.com https://w3.cdn.anvato.net/; 10
frame-ancestors 'self' http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 10
frame-ancestors 'self' https://*.etracker.com 10
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 10
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 10
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 10
script-src 'self' https: https://* s7.addthis.com tk3d.tk3dapi.com js.braintreegateway.com *.google.com google.com *.google-analytics.com googletagmanager.com platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 10
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 10
<policy directive>; 10
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 10
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 10
font-src 'none' 10
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 10
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 10
frame-ancestors *.cas.cn 10
frame-ancestors 'self' *.roomlynx.net  10
default-src 'none'; connect-src http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com 'report-sample'; font-src https://fonts.gstatic.com; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * 'report-sample'; manifest-src 'self'; script-src 'self' 'unsafe-inline' http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; report-uri /csp-report.php 10
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 10
default-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru *.vk.com adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org cdn.consentmanager.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru relap.io static.criteo.net vk.com yandex.ru yandex.st yastat.net yastatic.net home.mrgcdn.ru 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.relap.io *.roxot-panel.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru *.vk.com ads.betweendigital.com an.yandex.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net relap.io securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net ymetrica1.com home.mrgcdn.ru; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net home.mrgcdn.ru 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?mode=csp&v=29.03.22; 9
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 9
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 9
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 9
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 9
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 9
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 9
object-src 'none'; 9
block-all-mixed-content; upgrade-insecure-requests; 9
script-src 'self' 'unsafe-inline' 9
frame-ancestors 'self' gather.town; 9
default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self'; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: 9
connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 9
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 9
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 9
frame-ancestors 'self' letmedate.com www.letmedate.com 9
frame-ancestors https:; 9
object-src 'self'; 9
default-src http: data: 'unsafe-inline' 'unsafe-eval' 9
frame-ancestors 'self' *.betssongroupaffiliates.com 9
script-src 'self' https://home-c32.nice-incontact.com https://www.gstatic.cn *.acceleratoradmin.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn https://code.jquery.com https://cdn.botframework.com https://home-c32.nice-incontact.com 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn.highimpactpayments.com *.acceleratoradmin.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com topcashbackdigitalsolutions.co.uk https://api-js.mixpanel.com api-js.mixpanel.com api-js.mixpanel.com https://cdn.highimpactpayments.com https://api.globaldatacompany.com https://directline.botframework.com https://cdn.botframework.com wss://directline.botframework.com;font-src 'self' cdn.highimpactpayments.com https://ajax.aspnetcdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn;img-src 'self' cdn.highimpactpayments.com https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data: https://cdn.highimpactpayments.com cdn.prepaiddigitalsolutions.cn blob:;frame-src 'self' https://home-c32.nice-incontact.com https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com data: 9
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 9
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 9
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 9
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net; 9
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 9
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline';  9
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 9
frame-ancestors 'self' https://ihealthspot.com https://*.ihealthspot.com 9
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 9
default-src 'self' ; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://www.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://data.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com ; 9
report-uri https://o204817.ingest.sentry.io/api/1516035/security/?sentry_key=d6080cb82c1f4deb84b8823cc99e0318; default-src 'self' *.toogoodtogo.com toogoodtogo.com try.abtasty.com data:; img-src * data: blob: 'self' *.abtasty.com *.amazonaws.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' report-sample *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.bing.com *.licdn.com *.abtasty.com; script-src 'self' 'self' blob: 'unsafe-inline' 'unsafe-eval' *.licdn.com *.dwin1.com *.getsitecontrol.com *.abtasty.com *.app.cookieinformation.com *.hotjar.com *.youtube.com *.realytics.io *.realytics.net *.clarity.ms *.doubleclick.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com googletagmanager.com *.googleadservices.com *.googleapis.com *.sentry.io *.sentry-cdn.com *.bing.com *.facebook.com connect.facebook.net *.linkedin.com *.outbrain.com *.omgpl.com *.consensu.org *.cookieless-data.com *.teads.tv *.sddan.com *.adnxs.com the.sciencebehindecommerce.com *.zenaps.com analytics.tiktok.com; connect-src 'self' *.clarity.ms *.realytics.io *.bing.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.toogoodtogo.com *.app.cookieinformation.com sentry.io *.sentry.io *.doubleclick.net stats.g.doubleclick.net *.abtasty.com *.google-analytics.com *.facebook.com *.getsitecontrol.com *.getsitectrl.com *.google.com *.teads.tv the.sciencebehindecommerce.com analytics.tiktok.com *.tgtg.ninja; form-action 'self' *.google.com *.facebook.com connect.facebook.net; frame-ancestors 'self' toogoodtogo.lu toogoodtogo.ie toogoodtogo.ca toogoodtogo.org toogoodtogo.com toogoodtogo.se toogoodtogo.pt toogoodtogo.pl toogoodtogo.it toogoodtogo.dk toogoodtogo.co.uk toogoodtogo.no toogoodtogo.de toogoodtogo.fr toogoodtogo.ch toogoodtogo.nl toogoodtogo.be toogoodtogo.es toogoodtogo.at; frame-src 'self' tpc.googlesyndication.com www.youtube.com bid.g.doubleclick.net vars.hotjar.com *.vimeo.com vimeo.com www.facebook.com policy.app.cookieinformation.com toogoodtogo.outgrow.us www.googletagmanager.com giphy.com *.giphy.com tbl.tradedoubler.com *.zenaps.com; object-src 'none'; base-uri 'self'; font-src * 'self' data: blob: *.abtasty.com *.gstatic.com *.googleapis.com; child-src blob: player.vimeo.com policy.app.cookieinformation.com vars.hotjar.com www.youtube.com toogoodtogo.outgrow.us 9
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 9
worker-src 'self' 9
default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https: 9
frame-ancestors 'self' https://secure.safecharge.com; 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' 9
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 9
object-src 'self' 9
media-src 'self' 9
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 9
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 9
default-src 'self' 'unsafe-inline'; 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 9
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: ; object-src 'none'; 9
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.cdn77.org *.pingdom.net *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net adinvent.engine.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com livejasmin.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com *.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com serving.stat-rock.com zubivu.com *.xxxjmp.com *.feelpornx.com *.crjugate.com *.hqscene.com *.xlviirdr.com adulttime.xxx *.adulttime.xxx *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com cdn.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 8
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri https://*.gracenote.com 8
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 8
frame-ancestors 'self' xerox.com *.xerox.com 8
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 8
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 8
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 8
default-src * 'unsafe-inline' 'unsafe-eval' 8
default-src 'self' *.talent.com *.neuvoo.com neuvoo.com neuvoo.ca cdn.acsbapp.com js.stripe.com fonts.gstatic.com fonts.googleapis.com *.google.com *.doubleclick.net s3.amazonaws.com *.googlesyndication.com *.atlassian.net *.googleapis.com; img-src https: 'unsafe-inline' data: 'unsafe-eval' 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; frame-ancestors 'self' www.jobs-im-suedwesten.de www.energyjobline.com www.onlyengineerjobs.com www.meinestelle.de www.startus.cc www.mapmeo.com www.papa-jobs.ch job.kurier.at www.jobs-in-chemie.de www.med-jobs.com; frame-src *.google.com *.doubleclick.net *.googlesyndication.com *.talent.com talent.com *.stripe.com *.atlassian.net; worker-src data: *.talent.com 'unsafe-eval' 'unsafe-inline' blob:; 8
frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 8
frame-ancestors 'self' https://es.chevrolet.com 8
frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com experience.adobe.com 8
default-src 'self' *.miraheze.org *.betaheze.org;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com s7.addthis.com www.google.com www.recaptcha.net recaptchaenterprise.googleapis.com platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net cdn.syndication.twimg.com scratchblocks.github.io openlayers.org phab.miraheze.wiki;  style-src 'self' data: 'unsafe-inline' *.miraheze.org *.betaheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com phab.miraheze.wiki;  img-src blob: 'self' data: *.miraheze.org *.betaheze.org upload.wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org scratchblocks.github.io docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com phab.miraheze.wiki *.fbcdn.net;  font-src 'self' data: *.miraheze.org *.betaheze.org fonts.gstatic.com cdn.jsdelivr.net db.onlinewebfonts.com phab.miraheze.wiki;  media-src 'self' blob: *.miraheze.org *.betaheze.org upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com;  frame-src 'self' *.miraheze.org *.betaheze.org www.google.com docs.google.com www.recaptcha.net recaptchaenterprise.googleapis.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com;  connect-src 'self' *.miraheze.org *.betaheze.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com; 8
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 8
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ 8
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 8
default-src 'self' *.kpn.com; frame-ancestors 'self' kpn.blueconic.net mijnzakelijk.kpn.com www.grip-on-it.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com cdn.blueconic.net kpn.blueconic.net *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://assets.adobedtm.com *.pardot.com opt.objectiveportal.com www.facebook.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com *.licdn.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://assets.adobedtm.com opt.objectiveportal.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.linkedin.com *.licdn.com p.adsymptotic.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com media.licdn.com; frame-src *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net emea1-proxy.adobemc.com www.facebook.com *.onetrust.com *.atdmt.com *.adservice.google.nl www.googletagmanager.com tagmanager.google.com www.linkedin.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com kpn.blueconic.net *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net emea1-proxy.adobemc.com wss://*.kpn.com/chat-engine *.cookielaw.org *.onetrust.com www.pingvp.com kpn.pingvp.com *.insided.com *.algolia.net *.algolia.com fonts.googleapis.com *.linkedin.com *.licdn.com; object-src 'self' 8
upgrade-insecure-requests;frame-ancestors 'self' engage.dnb.com; 8
upgrade-insecure-requests; frame-ancestors 'none' 8
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 8
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 8
script-src *; 8
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 8
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 8
default-src 'self'; connect-src https: wss:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 8
allow 'self'; 8
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 8
frame-ancestors 'self' *.888.nl *.888sport.nl *.888casino.nl *.888sport.nl *.888.ca *.888poker.ca *.888casino.ca *.888sport.ca http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 8
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 8
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 8
connect-src 'self' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; upgrade-insecure-requests; report-uri /csp/report 8
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; 8
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.google-analytics.com cdn.jsdelivr.net wererxrzmp.com main-ti-hub.com jkha742.xyz *.cstwpush.com *.wpadmngr.com *.wpshsdk.com *.cabnnr.com *.wpushsdk.com *.swwpush.com *.forlumineoner.com forlumineoner.com *.mfcewkrob.com fer2oxheou4nd.com baradoot.com popadon.com *.nawpush.com 2022welcome.com 69v.club *.ampproject.org s7.addthis.com *.addthis.com z.moatads.com v1.addthisedge.com *.pinterest.com *.odnoklassniki.ru *.ok.ru vk.com *.vk.com *.facebook.net opvanillishan.com *.googleusercontent.com;img-src 'self' 'unsafe-inline' data: blob: * android-webview-video-poster:;connect-src * 'unsafe-inline';media-src * blob:;font-src * data:;frame-src erkiss.live *.erkiss.club jkha742.xyz s7.addthis.com *.pinterest.com;report-uri /ajax/csp_report.php 8
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 8
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 8
script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';base-uri 'self';block-all-mixed-content;object-src 'none';upgrade-insecure-requests 8
worker-src 'self'; 8
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 8
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8
frame-ancestors https: 8
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 8
frame-ancestors 'self' *.wildberries.ru 7
frame-ancestors 'self' https://app.storyblok.com 7
report-uri /v1/csplog; block-all-mixed-content 7
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 7
frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 7
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 7
frame-ancestors https://*.complex.com 7
frame-ancestors 'self' https://metrika.yandex.ru/ 7
frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' https://nurture.solarwinds.com/ 7
frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz      *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 7
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 7
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 7
form-action https: 7
frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com *.backoffice.mastermedia.orange-business.com 7
font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com https://themes.googleusercontent.com https://static.juicer.io data: https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://cdnjs.cloudflare.com https://static.formstack.com https://thrivsports.s3.us-east-1.amazonaws.com; img-src 'self' https://www.sportsengine.com https://se-portal-production.s3.amazonaws.com *.facebook.com *.sestage.us *.google.com https://se-portal-staging.s3.amazonaws.com *.youtube.com https://s0.2mdn.net *.googleusercontent.com *.googlesyndication.com *.visualwebsiteoptimizer.com https://sb.scorecardresearch.com https://www.google-analytics.com *.g.doubleclick.net https://audible.sp1.convertro.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s3.amazonaws.com *.adsafeprotected.com *.mparticle.com https://assets.ngin.com https://embed-fastly.wistia.com https://img1.niftyimages.com data: https://js.intercomcdn.com https://static.intercomassets.com https://pixel.quantserve.com https://bat.bing.com *.googletagmanager.com https://golfmds.s3.amazonaws.com/ https://syndication.twitter.com https://sportngin-lddxb.formstack.com https://thrivsports.s3.amazonaws.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://embed-ssl.wistia.com https://fast.wistia.net https://cdn.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net *.visualwebsiteoptimizer.com *.g.doubleclick.net https://sb.scorecardresearch.com *.googleadservices.com *.googletagmanager.com *.mparticle.com *.user.sportngin.com https://se-api.sportngin.com.dev https://www.google-analytics.com https://adservice.google.com *.googlesyndication.com https://cdn.ampproject.org https://www.googletagservices.com https://fast.wistia.com https://www.olympicchannel.com https://assets.juicer.io https://communityforum.sportngin.com https://assets.ngin.com https://assets.stage.ngin.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://www.burst.com https://secure.quantserve.com https://pixel.quantserve.com https://rules.quantcount.com https://bat.bing.com https://widget.intercom.io https://js.intercomcdn.com https://js.braintreegateway.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thriv.sportsengine.com https://g1188506010.co https://app.vwo.com https://www.instagram.com https://platform.twitter.com https://sportngin-lddxb.formstack.com https://static.formstack.com https://ajax.googleapis.com https://storage.googleapis.com https://olympics.com/static/js/syndicated/v1/embed.js https://static.hotjar.com/ https://script.hotjar.com/ https://maps.googleapis.com https://thriv-search-spa-prod.s3.amazonaws.com https://cdn.cookielaw.org https://fast.wistia.net blob: https://geolocation.onetrust.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://assets.ngin.com https://assets.stage.ngin.com https://fonts.googleapis.com https://assets.juicer.io https://www.burst.com https://maxcdn.bootstrapcdn.com https://thriv.sportsengine.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://thrivsports.s3.us-east-1.amazonaws.com https://static.formstack.com https://fast.wistia.net https://fast.wistia.com cloud.typography.com fonts.googleapis.com; frame-ancestors 'self' https://*.sportngin.com https://app.stage.ngin-staging.com https://org.ui.stage.ngin-staging.com; report-uri https://www.sportsengine.com/report-uri/enforce 7
frame-ancestors https://*.canalplus.com https://*.canal-plus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 https://*.canalplus.com:3000 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 7
frame-ancestors *.neuweb.biz *.home.neustar fast.wistia.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.adroll.com anchor.fm *.vimeo.com *.moatads.com benchmark.marketshare.com *.rlcdn.com *.company-target.com *.bidr.io *.facebook.com *.linkedin.com *.crazyegg.com *.myworkdayjobs.com *.neustar.biz *.neuweb.biz *.neustarlocaleze.biz *.cdn.neustar cdn.optimizely.com fast.wistia.net images-cdn.welcomesoftware.com *.pimcore.org *.marketo.com *.marketo.net *.mktoresp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com html5shim.googlecode.com code.jquery.com *.ads-twitter.com *.twitter.com t.co *.twimg.com *.bing.com *.gstatic.com *.agkn.com *.intentsify.io *.zoominfo.com *.visualwebsiteoptimizer.com *.google.com *.doubleclick.net *.truste.com *.quora.com *.adnxs.com *.liveperson.net *.intentsify.io *.newscred.com *.addthis.com *.addthisedge.com *.lpsnmedia.net *.wistia.com *.cloudflare.com *.syndication.twimg.com pixel.mathtag.com *.adentifi.com *.bizographics.com *.formalyzer.com oss.maxcdn.com *.ultradns.com *.webmetrics.com dnn506yrbagrg.cloudfront.net d12ulf131zb0yj.cloudfront.net ace-tag.advertising.com flex.atdmt.com se.monetate.net tag.demandbase.com siteimproveanalytics.com connect.facebook.net snap.licdn.com embedwistia-a.akamaihd.net *.adsymptotic.com fg8vvsvnieiv3ej16jby.litix.io *.discover.neustar *.soundcloud.com blob: data:; 7
frame-ancestors 'self' *.blackbaud.com; 7
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 7
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://files.cdn.leadfamly.com *.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl https://cdn.mouseflow.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 7
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickio.mgr.consensu.org luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru  www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 7
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 7
frame-src 'self' * data: 7
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com https://www.ibi.com; report-uri /report-csp-violation 7
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 7
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 7
object-src 'self'; frame-ancestors 'self' 7
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 7
default-src blob: 'unsafe-eval' 'unsafe-inline' https:; img-src data: https:; font-src data: https: 7
frame-ancestors 'self' *.hartfordhealthcare.org *.hhcconnect.com *.hhcconnect.net *.hhcconnect.org *.hhchealth.com *.hhchealth.net *.hhchealth.org *.hhcandme.com *.hhcsystem.org 7
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' prep2021.elimparcial.com prepsonora2021.elimparcial.com prep2021bc.mx iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net *.giphy.com giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com aax.amazon-adsystem.com *.seedtag.com *.criteo.com *.paypal.com *.avantisvideo.com *.aniview.com graphics.reuters.com embed.windy.com www.sunmedia.tv www.relappro.com *.flo.uri.sh flo.uri.sh premiomeritodeportivo.elimparcial.com; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 7
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 7
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 7
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: ; child-src blob: ; 7
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 7
default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com  screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencaptue-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/  https://activitymap.adobe.com;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/;child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 7
default-src https:                    'unsafe-inline'                    'unsafe-eval'; 7
frame-ancestors https://*.mediamarkt.se 'self' 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 7
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 7
default-src https: 'unsafe-eval' 'unsafe-inline' 7
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 7
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 7
default-src * data: 'unsafe-inline' 'unsafe-eval'; 7
<options and value> 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 7
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 7
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 7
script-src * 'self' 'unsafe-inline' 'unsafe-eval'  7
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 7
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 7
frame-ancestors https://cms-prod.brxm.grandvision.io 7
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net dpm.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com *.bitdefender.co.jp bitdefender.co.jp new.bitdefender.co.uk store.bitdefender.com bitdefender-html.test 7
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 7
“upgrade-insecure-requests” 7
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com https://qaz.iardr.com http://localhost:8077; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://push.newsdaily.biz; 7
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 7
img-src * 7
default-src 'self' https://www.google-analytics.com https://hcaptcha.com/ https://*.hcaptcha.com/ https: 'unsafe-inline' 7
frame-ancestors 'self' learn.arcgis.com *.esri.com myaccount.lingotek.com 7
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 7
default-src https: 'unsafe-inline' 7
frame-ancestors https://www.xing-news.com https://xing-news.com; 7
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; report-uri https://www.cspreport.nl 7
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://www.facebook.com https://*.bing.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://chat.driftplay.de https://chat.drift.casino https://chat.driftcasino.com; font-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://fonts.gstatic.com data: https://ui.invisiblesport.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.driftplay.de https://chat.drift.casino https://chat.driftcasino.com; frame-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://ui.invisiblesport.com https://cf-mt-cdn2.relaxg.com https://tk-game-mt1.thunderkick.com https://gamelaunch.wazdan.com https://*.unetsafe.com https://*.zignsec.com https://www.facebook.com bankid://* wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.trustly.com https://tpc.googlesyndication.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://chat.driftplay.de https://chat.drift.casino https://chat.driftcasino.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com localhost:40000 https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://connect.facebook.net https://*.bing.com https://*.cloudflare.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.sptpub.com *.visualwebsiteoptimizer.com https://app.vwo.com https://cdn-cn.vwo-analytics.com https://chat.driftplay.de https://chat.drift.casino https://chat.driftcasino.com; style-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://fonts.googleapis.com 'unsafe-inline' https://ui.invisiblesport.com https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.driftplay.de https://chat.drift.casino https://chat.driftcasino.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 7
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 6
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 6
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-GaHpYEdZ/Ni/moK2YkhTZ3sda7WfN/XtF5CnKTWYATY=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 6
frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' 6
frame-ancestors nypost.com *.nypost.com *.decider.com *.pagesix.com 6
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com ; report-uri https://trendmicro.com/csp-report/violation.php 6
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 6
frame-ancestors 'self' https://www.entrust.com ; default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 6
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 6
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 6
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 6
frame-ancestors 'self' https://*.cornerstoneondemand.com;upgrade-insecure-requests;default-src 'self';connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 6
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 6
block-all-mixed-content;frame-ancestors *.mail.com 6
frame-ancestors 'self' *.datto.com *.backupify.com datto.engineering *.openmesh.com  *.autotask.net; report-uri https://www.datto.com/actions/contentSecurityPolicy/report/log; report-to csp-endpoint; 6
child-src * 6
default-src 'self' clickserv.sitescout.com *.adsrvr.org *.vmmpxl.com *.votervoice.net analytics.tiktok.com *.abtasty.com; font-src 'self' data: cdnjs.cloudflare.com *.gstatic.com *.googleapis.com fast.fonts.net *.abtasty.com *.hotjar.com *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com *.hotjar.io cdn.segment.com *.ibytedtos.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: static.lobbytools.com *.boldchat.com code.jquery.com www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com *.quora.com i.simpli.fi secure.adnxs.com e.issuu.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com bbox.blackbaudhosting.com *.adroll.com *.googleapis.com *.optimizely.com *.instagram.com widget.surveymonkey.com www.google.com www.gstatic.com *.yelp.com *.yelpcdn.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com *.votervoice.net *.ad.gt tags.srv.stackadapt.com *.hotjar.com *.civicengine.com *.abtasty.com c1.rfihub.net *.quantcount.com www.tintup.com *.twitter.com *.tintup.com *.twimg.com *.ngpvan.com d3js.org *.gstatic.com *.sitomobile.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com *.d3js.org *.rezync.com collector-17221.us.tvsquared.com sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net js2.verygoodvault.com *.hotjar.io reports.hrmdirect.com *.callrail.com p.teads.tv *.tiqcdn.com cdn.pdst.fm px.ads.linkedin.com *.yimg.com *.tealiumiq.com cdn.segment.com www.dafdirect.org *.iqm.com *.civicengine.com openlayers.org analytics.tiktok.com unpkg.com www.buzzsprout.com *.ibytedtos.com snap.licdn.com *.tiktok.com s16.tiktokcdn.com tags.tiqcdn.com *.google-analytics.com; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co tags.srv.stackadapt.com *.luckyorange.net *.luckyorange.com api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish visitor-services.boldchat.com *.tealiumiq.com *.hotjar.com www.myplannedparenthoodchart.org api.ppsne.net *.salesforce.com *.optimizely.com *.everyaction.com *.myngp.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.votervoice.net *.hotjar.io *.callrail.com cdn.segment.com analytics.tiktok.com px.ads.linkedin.com us-central1-adaptive-growth.cloudfunctions.net vms.boldchat.com sink.pdst.fm databridge.tdbtrk.com *.abtasty.com *.yimg.com www.buzzsprout.com *.tiktokcdn.com *.tiktok.com *.ibytedtos.com *.ttwstatic.com snap.licdn.com tr.snapchat.com tr.snapchat.com tags.tiqcdn.com maps.googleapis.com api.mobilize.us *.google-analytics.com *.google.com; img-src 'self' 'unsafe-inline' data: *.quora.com *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.abtasty.com *.paypalobjects.com *.phreesia.com openlayers.org *.openstreetmap.org tags.srv.stackadapt.com sync.search.spotxchange.com *.hotjar.com *.w55c.net *.adxcel-ec2.com *.amazonaws.com *.userzoom.com acuityplatform.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.sitomobile.com *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net gwmtracking.com *.hotjar.io analytics.tiktok.com *.callrail.com px.ads.linkedin.com *.verify.quicktrkr.com unpkg.com *.votervoice.net www.dafdirect.org www.buzzsprout.com tags.tiqcdn.com sp.analytics.yahoo.com mobilizeamerica.imgix.net *.google-analytics.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com tags.srv.stackadapt.com *.civicengine.com *.abtasty.com optimize.google.com reports.hrmdirect.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com openlayers.org *.abtasty.com *.votervoice.net unpkg.com *.gstatic.com px.ads.linkedin.com *.callrail.com cdn.segment.com *.googleapis.com www.dafdirect.org www.dafdirect.org www.buzzsprout.com analytics.tiktok.com *.tiktokcdn.com *.tiktok.com *.ibytedtos.com *.ttwstatic.com *.ttwstatic.com tags.tiqcdn.com; frame-src 'self' *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com *.nomotraplaws.com surveymonkey.com *.surveymonkey.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com ww2.matchinggifts.com optimize.google.com *.hotjar.com *.vote.org *.votervoice.net *.civicengine.com *.instagram.com *.everyaction.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com secure.everyaction.com *.hotjar.io www.myplannedparenthoodchart.org *.abtasty.com reports.hrmdirect.com pptnm.hrmdirect.com px.ads.linkedin.com 1.61.47.216 fastdemocracy.com analytics.tiktok.com *.tiktokcdn.com *.tiktok.com *.ttwstatic.com snap.licdn.com tags.tiqcdn.com www.buzzsprout.com; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com www.buzzsprout.com; 6
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 6
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888  http://183.64.111.243:28080 6
upgrade-insecure-requests; frame-ancestors https://www.reutersconnect.com 6
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' *.mktoresp.com *.mktoutil.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com www.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org link.teamusa.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org usaweightlifting.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com archivist.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net images.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net secure.givelively.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org images.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 6
default-src 'self' vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com *.coinbase.com *.zdassets.com cdn.sift.com cdn.segment.com cdn.ampproject.org cdn.koala.live cdn.heapanalytics.com heapanalytics.com www.datadoghq-browser-agent.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com *.coinbase.com github.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net blob: vercel.com *.vercel.com vercel.live *.stripe.com twitter.com *.twitter.com *.github.com https://*.googletagmanager.com:* wss://*.vercel.com localhost:* chrome-extension://*;connect-src data: *;font-src *.vercel.com *.gstatic.com;worker-src blob: 6
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' support.carousell.com 6
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 6
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/; upgrade-insecure-requests 6
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ http://www.staging.medscape.com/ http://www.skipta.com/ https://www.staging.medscape.com/ https://www.skipta.com/ http://staging.medscape.com/ http://skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ http://medscape.com/ 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 6
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; 6
img-src 'self' img.youtube.com *.s3waas.gov.in secure.gravatar.com data: www.nic.in informatics.nic.in;connect-src 'self' *.s3waas.gov.in;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 6
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 6
frame-ancestors *.procore.com 6
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 6
frame-ancestors 'self' https://optimize.google.com/ 6
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 6
frame-ancestors 'self' *.regmovies.com *.authorize.net 6
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl; 6
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 6
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 6
default-src *;script-src 'unsafe-eval' 'unsafe-inline' * data:;child-src *;connect-src *;font-src * data:;form-action *;frame-src *;frame-ancestors 'self';img-src * data:;media-src *;object-src *;style-src 'unsafe-inline' * data:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://yoti.report-uri.io/r/default/csp/reportOnly; 6
default-src * data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/  https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com 'self' 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org pr.globenewswire.com *.trustpilot.com api.stockdio.com t2mstatus.com  *.microsoft.com *.leadinfo.net *.bcebos.com *.baidu.com *.twitter.com *.ads-twitter.com snap.licdn.com *.hotjar.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com mktdplp102cdn.azureedge.net *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ *.en25.com cdn.ampproject.org *.msecnd.net *.cloudflare.com *.googletagmanager.com *.hms-networks.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; style-src 'self' pr.globenewswire.com 'unsafe-inline' *.fontawesome.com *.windows.net ewonsupport.biz *.ewonsupport.biz api.stockdio.com t2mstatus.com *.microsoft.com *.hms-networks.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudflare.com *.googletagmanager.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; font-src 'self' pr.globenewswire.com *.windows.net *.fontawesome.com api.stockdio.com t2mstatus.com *.microsoft.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googletagmanager.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; img-src 'self' *.dynamics.com *.windows.net *.cookielaw.org pr.globenewswire.com ml-eu.globenewswire.com https://p.adsymptotic.com *.azurewebsites.net api.stockdio.com t2mstatus.com *.microsoft.com *.baidu.com *.google.fi *.google.com t.co *.linkedin.com e6bad0060f8c4a8295781df08a7e4baf.svc.dynamics.com *.hms-networks.com *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com platform.twitter.com/css/ *.twimg.com data: blob: *.googletagmanager.com *.wistia.net www.hms-networks-data.com; media-src 'self' pr.globenewswire.com ml-eu.globenewswire.com t2mstatus.com api.stockdio.com  *.hms-networks.com *.azureedge.net data: blob: *.googletagmanager.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; child-src 'self' *.youku.com pr.globenewswire.com *.trustpilot.com hms.neckarfreunde.net *.bihl-wiedemann.de *.jacando.io api.stockdio.com t2mstatus.com *.microsoft.com *.qq.com *.intesis.com *.hotjar.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ *.dynamics.com *.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube-nocookie.com *.googletagmanager.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; connect-src 'self' *.onetrust.com cdn.cookielaw.org pr.globenewswire.com *.hotjar.io *.windows.net *.dynamics.com api.stockdio.com *.hotjar.com t2mstatus.com *.microsoft.com *.leadinfo.net *.leadinfo.com *.baidu.com stats.g.doubleclick.net accounts.google.com https://*.insight.sitefinity.com *.visualstudio.com *.google-analytics.com *.hms-networks.com *.googletagmanager.com *.livechatinc.com *.wistia.net www.hms-networks-data.com; frame-ancestors 'self' hms-stg.sitefinity.cloud *.hms-networks.com hms-local.sitefinity.cloud *.zendesk.com; 6
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl; 6
object-src 'none'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 6
media-src 'self' https:; object-src 'self'; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; frame-ancestors 'self' https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 6
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; connect-src * ; font-src * ; object-src * ; media-src * ; 6
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.telerain.com:* 6
frame-ancestors 'self'; base-uri 'self'; 6
frame-ancestors self *.ncmecad.net *.adobecqms.net *.missingkids.org *.articulate.com articulateusercontent.com; 6
referrer no-referrer 6
font-src * 6
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 6
default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ='; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 6
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' goqubit.net ; 6
default-src https: 'unsafe-inline' 'unsafe-eval' data:; 6
default-src 'self' data: *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forter.com https://mpsnare.iesnare.com  *.go2bank.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://api.cloudsponge.com analytics.tiktok.com; connect-src 'self' *.go2bank.com *.google-analytics.com *.appsflyer.com *.go2bank.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io  kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.extole.io https://*.xtlo.net analytics.tiktok.com; img-src 'self' i.ytimg.com *.go2bank.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com  *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' 6
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com https://www.google-analytics.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com handelsbankennl.easycruit.com handelsbankenno.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 6
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 6
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 6
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' blob: o1.ingest.sentry.siemens-web.com w3.siemens.com siemens.sc.omtrdc.net *.tt.omtrdc.net siemens.demdex.net tools.adlytics.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com geolocation.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com profilesstage.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.downloads.siemens.com api.dc.siemens.com uat.api.dc.siemens.com www.facebook.com *.cf.brightcove.com cert-portal.siemens.com www.hqs.sbt.siemens.com www.google.com www.google.com api.company-target.com resource.finnchat.com api-fra.livechatinc.com aem-distribuidores.siemens.com.br aem-equivalentes.siemens.com.br distribuidores.brapps.siemens.cloud equivalentes.brapps.siemens.cloud distribuidores.brappsqa.siemens.cloud equivalentes.brappsqa.siemens.cloud go.cuenect.de *.virtualevent.siemens.com assets.new.siemens.com www.siemens.at dpm.demdex.net d1p0l0wtisukf7.cloudfront.net www.yousty.ch directline.botframework.com wss://directline.botframework.com www.automation.siemens.com limvjirfm8.execute-api.us-east-2.amazonaws.com 7gjrjhtrwh.execute-api.us-east-2.amazonaws.com *.force.com *.salesforce.com *.salesforceliveagent.com hkekomxpr6.execute-api.eu-central-1.amazonaws.com adservice.google.com adservice.google.com cdn.cookielaw.org reporting-hub.ryze-digital.de cdn.siemens-web.com cdn.siemens.com siemens.fm 322e30018b7e4846825041773c891f42.svc.dynamics.com mktdplp102cdn.azureedge.net asia.adform.net *.marketoresp.com 872-xot-578.marketo.com 872-xot-578.mktoresp.com nld1rtp1.marketo.com siemensdigitalindustries.nanorep.co api.ipify.org sleeknotestaticcontent.sleeknote.com images.sleeknote.com dvt4t9p29wi8.cloudfront.net preview.babylonjs.com partnerinfo.siemens.at hitech.at w2.siemens.com.cn; frame-ancestors 'self' resources.dc.siemens.com siemensfactoryautomation.pathfactory.com contentpath.siemens.com mc.contentpath.siemens.com; frame-src 'self' data: www.facebook.com bid.g.doubleclick.net hit.sbt.siemens.com *.equitystory.com partners.sea.siemens.com secure-fra.livechatinc.com siemens.demdex.net partners.finance.siemens.ru extranet.siemens.pt www.lowvoltage.siemens.com www.siemens.at players.brightcove.net partner.vytal.org *.force.com *.salesforce.com *.salesforceliveagent.com maestrobot.s3.eu-central-1.amazonaws.com jobs.siemens-info.com pages.siemens-info.com sites.siemens-info.com tpc.googlesyndication.com cdn.siemens-web.com cdn.siemens.com siemens.fm 322e30018b7e4846825041773c891f42.svc.dynamics.com 872-xot-578.marketo.com helpchat.siemens.com playout.3qsdn.com; font-src 'self' data: tools.adlytics.net reporting-hub.ryze-digital.de cdn.siemens-web.com cdn.siemens.com; img-src 'self' data: blob: android-webview-video-poster: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com googleads.g.doubleclick.net ad.doubleclick.net www.facebook.com adservice.google.com adservice.google.com www.googletagmanager.com www.google.com www.google.com 825113843.privacysandbox.googleadservices.com siemens.sc.omtrdc.net *.tt.omtrdc.net maestrobot.s3.eu-central-1.amazonaws.com px4.ads.linkedin.com px.ads.linkedin.com dc.ads.linkedin.com www.linkedin.com tr.outbrain.com trc.taboola.com www.blids.de baudoku.1000eyes.de www.siemens.at stats.adlytics.net cdn.go.cuenect.net secure.adnxs.com t.co cdn.cookielaw.org reporting-hub.ryze-digital.de cdn.siemens-web.com cdn.siemens.com siemens.fm asia.adform.net analytics.sleeknote.com 322e30018b7e4846825041773c891f42.svc.dynamics.com p.adsymptotic.com ib.adnxs.com images.mktsvcp102we001.svc.dynamics.com ups.xplosion.de sp.analytics.yahoo.com; manifest-src 'self'; media-src 'self' blob: data: assets.new.siemens.com secure.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.cf.brightcove.com cdn.siemens-web.com cdn.siemens.com siemens.fm; object-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com tools.adlytics.net assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com profiles.siemens.com profilesstage.siemens.com *.ste.dc.siemens.com googleads.g.doubleclick.net www.google.com www.google.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com connect.facebook.net cookies.siemens.com snap.licdn.com scripts.demandbase.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com resource.finnchat.com cdn.livechatinc.com secure-fra.livechatinc.com secure.livechatinc.com api.livechatinc.com api-fra.livechatinc.com www.sfs.siemens.de cdn.botframework.com geolocation.onetrust.com *.force.com *.salesforce.com *.salesforceliveagent.com cdn.cookielaw.org reporting-hub.ryze-digital.de cdn.siemens-web.com cdn.siemens.com siemens.fm mktdplp102cdn.azureedge.net asia.adform.net *.marketo.com munchkin.marketo.net siemensdigitalindustries.nanorep.co sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com t.jabmo.app secure.adnxs.com d22d1xpx4ztuef.cloudfront.net preview.babylonjs.com ais.insights.emetriq.de; style-src 'self' data: 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com profilesstage.siemens.com www.sfs.siemens.de cdn.botframework.com *.force.com *.salesforce.com *.salesforceliveagent.com reporting-hub.ryze-digital.de cdn.siemens-web.com cdn.siemens.com siemens.fm *.marketo.com *.marketo.net; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=sites-prod&sentry_release=c276187e; 6
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.stihl.com https://wm.wiredminds.de https://www.google-analytics.com https://www.googletagmanager.com https://analytics-udg.netdna-ssl.com https://www.googleadservices.com https://bat.bing.com https://rns.matelso.de https://googleads.g.doubleclick.net https://maps.googleapis.com https://static.criteo.net https://sslwidget.criteo.com https://static.hotjar.com  https://script.hotjar.com https://connect.facebook.net https://ssl.geoplugin.net https://www.google.com https://www.gstatic.com https://api.openweathermap.org https://e.video-cdn.net https://79423.analytics.edgekey.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://cdn.taboola.com https://trc.taboola.com https://ssl.google-analytics.com https://www.sc.pages02.net https://track.adform.net https://s2.adform.net https://cstatic.weborama.fr https://chimpstatic.com https://amplify.outbrain.com https://tr.outbrain.com https://lib-3pas.admatrix.jp https://eventd-cro.admatrix.jp https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://ajax.googleapis.com https://wm.wiredminds.de https://static.stihl-timbersports.com https://www.youtube.com https://s.ytimg.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://ng361.infusionsoft.com https://bs.serving-sys.com https://linklist.mmcagentur.at https://c.imedia.cz https://mc.yandex.com https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://yastatic.net https://service.maxymiser.net https://*.imedia.cz https://*.seznam.cz https://*.clarity.ms https://*.adform.net https://*.facebook.net https://*.trkkn.com;style-src 'self' 'unsafe-inline' https://static.stihl.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.stihl-timbersports.com https://www.googletagmanager.com;img-src 'self' data: *;font-src 'self' https://static.stihl.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://e.video-cdn.net https://maxcdn.bootstrapcdn.com https://*.mouseflow.com https://linklist.mmcagentur.at https://script.hotjar.com https://yastatic.net;child-src 'self' https://*.mouseflow.com https://www.facebook.com;frame-src 'self' https://www.google.com https://www.facebook.com https://e.video-cdn.net https://googleads.g.doubleclick.net https://www.google.de https://ad3.adfarm1.adition.com https://*.fls.doubleclick.net https://cstatic.weborama.fr https://rd.frontend.weborama.fr https://www.youtube-nocookie.com https://www.youtube.com https://e.issuu.com https://*.mouseflow.com https://app11.jaggaer.com https://player.vimeo.com https://ng361.infusionsoft.app https://data.stihl-timbersports.com https://www.pool4tool.com https://vars.hotjar.com https://img-cdn.mediaplex.com https://bid.g.doubleclick.net https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://*.mediaplex.com https://*.doubleclick.net https://service.maxymiser.net https://www.stihlpromos.ca https://*.google.com.ar;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://d.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://ma307-r.analytics.edgekey.net https://asset-out-cdn.video-cdn.net https://mc.yandex.ru https://top-fwz1.mail.ru https://trc-events.taboola.com https://ext.nonstoppartner.net https://ct.pinterest.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://static.stihl.com https://static.stihl-timbersports.com https://static.viking-garden.com https://linklist.mmcagentur.at https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://bat.bing.com https://mc.yandex.com https://www.google.com https://www.facebook.com https://www.google.de https://www.google.it https://www.google.es https://www.google.ru https://www.google.pt https://www.google.at https://www.google.cz https://www.google.gr https://www.google.pl https://www.google.fr https://www.google.ro https://www.google.bg https://www.google.co.uk https://www.google.nl https://www.google.com.ua https://ssl.google-analytics.com https://www.google.se https://ssl.geoplugin.net https://api.openweathermap.org https://maps.googleapis.com https://www.googletagmanager.com https://*.serving-sys.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.com.br https://*.google.com.ar https://*.google.co.jp https://*.google.hu https://*.google.no https://*.google.fi https://*.google.dk https://*.yandex.md https://*.nonstoppartner.net https://*.trkkn.com;media-src 'self' https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.video-cdn.net https://*.video-cdn.net;object-src 'self' https://static.stihl.com;report-uri /api/Service/CspLog; 6
connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com  https://ampcid.google.com.br https://s.yimg.com https://bat.bing.com https://cdn-prod.securiti.ai https://app.securiti.ai; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com https://bat.bing.com https://s.yimg.com https://*.tailtarget.com https://d.tailtarget.com https://cdn-prod.securiti.ai; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com; default-src https: 6
frame-ancestors 'self' *.facebook.com *.vk.com 6
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 6
worker-src * 6
default-src * 'unsafe-inline' 'unsafe-eval'; 6
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 6
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 6
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 6
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 6
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6
default-src 'self' 'unsafe-eval' 'unsafe-inline' data:; sandbox allow-forms allow-orientation-lock allow-pointer-lock allow-presentation allow-same-origin allow-scripts; 6
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self'; font-src 'self' data: https://resources.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://resources.ricoh-europe.com https://code.jquery.com https://unpkg.com https://service.maxymiser.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://*.en25.com https://fullstory.com https://edge.fullstory.com https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://secure.leadforensics.com https://app-static.turtl.co https://ldynamicspublicapi.leadforensics.com https://snap.licdn.com https://cdn.mouseflow.com https://tag.demandbase.com https://use.fontawesome.com https://api.feefo.com https://register.feefo.com https://lq3-production01.s3.amazonaws.com https://view.ceros.com https://www.fullstory.com https://*.t.eloqua.com; style-src 'self' 'unsafe-inline' https://resources.ricoh-europe.com https://fast.fonts.net https://unpkg.com https://fonts.googleapis.com https://*.en25.com https://app-static.turtl.co https://use.fontawesome.com http://images.response.ricoh-europe.com https://cdn.jsdelivr.net; img-src 'self' data: https://resources.ricoh-europe.com https://*.t.eloqua.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://service.maxymiser.net https://assets.turtl.co https://assets.ricoh-europe.com https://www.google.com https://px.ads.linkedin.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://www.googletagmanager.com https://*.en25.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://rs.fullstory.com https://in.hotjar.com https://www.googleadservices.com https://api.feefo.com https://collect.feefo.com; frame-src https://*.ricoh-europe.com https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://vars.hotjar.com https://ricoh-docuware-calculator.tbtmarketing.com https://gestiondocumentaire.ricoh.fr https://supportrequest.ricoh.ch https://discover.ricoh.co.uk https://webforms.ricoh.de https://*.t.eloqua.com https://embed.ricohtours.com https://ricoh.turtl.co https://view.ceros.com https://app.livestorm.co https://ricoh-warranty.convar.com 6
default-src https: 'unsafe-eval' 'unsafe-inline'; 6
default-src data: blob: wss: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.b0e8.com  https://cdn.bc0a.com  https://ws.zoominfo.com  https://tag.demandbase.com https://go.segra.com https://so.rlcdn.com https://*.d41.co  https://*.doubleclick.net https://*.googleadservices.com https://snap.licdn.com https://*.hotjar.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://tagmanager.google.com https://segra.actonservice.com https://unpkg.com; img-src 'self' data: https://a1.b0e8.com  https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com  https://go.segra.com https://www.linkedin.com https://p.adsymptotic.com https://px.ads.linkedin.com https://segra.actonservice.com https://www.google.com  https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://ssl.gstatic.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' https://go.segra.com https://segra.actonservice.com https://fonts.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com https://unpkg.com; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' https://*.youtube.com https://*.hotjar.com https://www.google.com https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; frame-ancestors 'self' https://go.pardot.com/ https://segra.actonservice.com/ https://*.maps.arcgis.com/; connect-src 'self' https://api.brightedge.com https://*.bc0a.com https://*.b0e8.com  https://ixfd2-api.bc0a.com  https://api.company-target.com https://go.segra.com https://*.d41.co https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://segra.actonservice.com https://www.google-analytics.com/; 6
child-src 'self' blob: tr.snapchat.com sc-static.net static.ads-twitter.com https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com form.123formbuilder.com https://form.123formbuilder.com https://px.ads.linkedin.com *.px.ads.linkedin.com https://www.linkedin.com/ *.linkedin.com https://d6tizftlrpuof.cloudfront.net player.teester.com landings.somfy.co.il 6
img-src * data: blob: 6
default-src 'none';base-uri 'self';child-src 'none';connect-src https://www.google-analytics.com https://addons.mozilla.org;font-src https://addons.mozilla.org/static-frontend/;form-action 'self';frame-src 'none';img-src 'self' data: https://addons.mozilla.org/user-media/ https://addons.mozilla.org/static-frontend/ https://addons.mozilla.org/static-server/ https://addons.cdn.mozilla.net/;manifest-src 'none';media-src 'none';object-src 'none';script-src https://addons.mozilla.org/static-frontend/ https://www.google-analytics.com/analytics.js;style-src https://addons.mozilla.org/static-frontend/;worker-src 'none';report-uri /__cspreport__ 6
frame-ancestors 'self' https://app.platform.sportsdigita.com 6
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ 6
default-src * 'unsafe-inline' 'unsafe-eval' data:; 6
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 6
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * 6
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 6
default-src 'self' consentcdn.cookiebot.com *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk ajax.googleapis.com www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com experian-thinking.s3-eu-west-1.amazonaws.com cdn.livechatinc.com themes.googleusercontent.com translate.googleapis.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; 6
frame-ancestors https://findmyforevermate.com 6
frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://use.fontawesome.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com; connect-src self * blob: https://*.connectiverx.com data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; worker-src blob: data: gap: 6
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 6
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 6
report-uri https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 6
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 6
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 6
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 6
frame-ancestors 'self' https://*.facebook.com https://omnicapabilities.s3.amazonaws.com; 6
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *; style-src 'self' 'unsafe-inline' * 6
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 6
font-src 'self' *.gstatic.com *.unblu.com data:;              style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com;              img-src * data:; 6
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 6
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; frame-src * bankid:; worker-src blob:; child-src blob:; default-src https: data: 'self' *.1gamepay.com; font-src data: 'self' fonts.gstatic.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.cloudflare.com *.cloudflareinsights.com *.invisiblesport.com *.sptpub.com *.kertn.net livechat24.tech *.livechat24.tech *.frankcasino.net *.frankcasino.com *.frankcasino.se *.frankspiele.de *.frankcasino.ro *.frankclubcasino.com *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me; img-src 'self' data: https: blob: www.google.com www.google.ro www.google.se www.google.nl www.google.de www.google.fi www.google.ch www.google.ee www.google.sk www.google.dk googleads.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google.ro www.google.se www.google.nl www.google.de www.google.fi www.google.ch www.google.ee www.google.sk www.google.dk recaptcha.net www.gstatic.com www.googletagmanager.com www.googleadservices.com https://tpc.googlesyndication.com tagmanager.google.com platform.twitter.com connect.facebook.net googleads.g.doubleclick.net cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.playngonetwork.com *.curacao-egaming.com *.google-analytics.com https://analytics.google.com stats.g.doubleclick.net *.casinomodule.com livechat24.tech *.livechat24.tech *.frankcasino.net *.frankcasino.com *.frankcasino.se *.frankspiele.de *.frankcasino.ro *.frankclubcasino.com *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net extstg3-login01.ptstaging.eu *.invisiblesport.com *.sptpub.com *.kertn.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com https://cs.betradar.com https://*.sportradar.com https://videosport.me *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com; style-src 'self' blob: 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.cloudflareinsights.com *.playngonetwork.com *.invisiblesport.com *.sptpub.com *.kertn.net *.unetsafe.com livechat24.tech *.livechat24.tech *.frankcasino.net *.frankcasino.com *.frankcasino.se *.frankspiele.de *.frankcasino.ro *.frankclubcasino.com *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com; connect-src ws: wss: 'self' *.casinomodule.com *.netentcdn.com livechat24.tech *.livechat24.tech *.frankcasino.net *.frankcasino.com *.frankcasino.se *.frankspiele.de *.frankcasino.ro *.frankclubcasino.com *.gs-arcadia.com *.st01-gs-arcadia.com *.playngonetwork.com *.google-analytics.com https://analytics.google.com https://adservice.google.com stats.g.doubleclick.net *.invisiblesport.com *.sptpub.com *.kertn.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com www.google.com www.google.ru www.google.ro www.google.se www.google.de www.google.fr www.google.nl www.google.by www.google.pt www.google.kz www.google.bg www.google.kg www.google.md www.google.gr www.google.fi *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.atlantgaming.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com 6
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 *.shopbase.net.cn:443 'self' 6
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com:* https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* https://www.google.com https://news.google.com https://www.google.co.uk https://amp-cnn-com.cdn.ampproject.org courageousstudio.com; 5
frame-ancestors 'self' *.storyblok.com; 5
frame-ancestors https://pam.mcafee.com 5
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdn.vidible.tv https://cdnjs.cloudflare.com https://fonts.gstatic.com https://s0.wp.com ; 5
script-src 'sha256-nu9tVMGXtXZG4oszxe4T0guIQFguQ3i7GFYHoD2YtWU=' 'self' jobs.jobvite.com 5
frame-ancestors 'self' https://*.yahooinc.com https://*.edgecast.com https://mediaplatform.pathfactory.com 5
frame-ancestors 'self' hhs.gov *.hhs.gov 5
frame-ancestors *.gallupatwork.com 5
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 5
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 5
frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com; 5
frame-ancestors 'self' https://www.google.com https://www-si-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 5
default-src 'self' 'unsafe-inline' https://*.jotform.com/ http://widgets.jotform.io/ https://widgets.jotform.io/ https://ml314.com/ https://www.google.com/recaptcha/ https://api.recurly.com/js/ https://*.clipcentric.com/ https://*.akamaihd.net/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://www.google-analytics.com https://cdn.ampproject.org https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.techrepublic.com/ https://www.googleapis.com/ https://www.youtube.com/embed/ https://playlist.megaphone.fm/ https://test.quantcast.mgr.consensu.org/ https://*.twitter.com/ https://*.relay.cool/ https://d1rytvr7gmk1sx.cloudfront.net/ https://www.facebook.com/ https://quantcast.mgr.consensu.org/ https://apis.quantcast.mgr.consensu.org/ https://*.twitter.com; 			img-src 'self' https: data: https://* http://* https://im.techrepublic.com/ https://*.akamaihd.net/ https://*.clipcentric.com/ https://*.google.com/ https://*.2mdn.net/ https://*.googlesyndication.com/ https://ps.w.org/ http://*.ytimg.com/ https://i.zdnet.com https://www.google-analytics.com/ https://creatives.techrepublic.com/ *.gravatar.com https://www.techrepublic.com/ https://i.ytimg.com/ https://web.techrepublic.com/ https://lg-static.techrepublic.com https://*.doubleclick.net/ https://staging.tech-republic.media.fortyau.com/ https://prod-tech-republic-media.fortyau.com/ https://d2rytvr7gmk1sx.cloudfront.net/ https://*.doubleclick.net https://ml314.com/ https://t.6sc.co/; 			font-src 'self' data: https://cdn.jotfor.ms/; 			script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.youtube.com/ http://securepubads.g.doubleclick.net/ https://*.ml314.com/ https://*.quantcount.com/ https://*.jotfor.ms/ https://*.jotform.com/ https://js.recurly.com/ https://*.marphezis.com/ https://*.googlesyndication.com/ https://*.akamaihd.net/ https://www.googletagservices.com/ https://adservice.google.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.ampproject.org/ https://quantcast.mgr.consensu.org/ https://*.facebook.net https://*.quantserve.com/ https://ml314.com/ https://*.twitter.com/ https://*.twimg.com/ https://*.relay.cool/ https://prod-tech-republic-media.fortyau.com https://in.ml314.com/ https://rules.quantcount.com/ https://in.ml314.com/ https://*.twitter.com/ https://*.twimg.com/; 			style-src 'self' 'unsafe-inline' https://js.recurly.com/ https://*.jotfor.ms/ https://*.twitter.com/ https://*.twimg.com/ https://*.jotfor.ms/ https://*.twitter.com/ https://*.twimg.com/; 5
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 5
frame-ancestors 'self' *.windy.com:* 5
frame-ancestors 'self' *.dynatrace.org 5
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://sbnation.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 5
default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://flow.1passwordservices.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 5
frame-ancestors https://*.ionos.com https://ionos.com; 5
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 5
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 5
frame-ancestors 'self' pluralsight.com pluralsight.highspot.com; 5
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 5
connect-src * 5
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors *.motor1.com 5
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 5
frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com  https://cdn.jsdelivr.net https://*.mb-lounge.com  https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com  https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://www.mercedesamgf1.com https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com data: blob: 'unsafe-inline' 'unsafe-eval' 5
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 5
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 5
default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 5
frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 5
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 5
frame-ancestors 'self' https://app.hubspot.com; 5
default-src 'none'; connect-src 'self' *.licdn.com www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/ https://linkedin.sc.omtrdc.net/b/ss/; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io https://*.licdn.com; frame-ancestors 'self' https://onyx.www.linkedin.com; manifest-src 'self'; report-uri /security/csp?e=p&f=gg 5
child-src 'self'; connect-src 'self' https: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https: googleads.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' data: https:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: www.google-analytics.com pagead2.googlesyndication.com www.google.com www.gstatic.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com c.evidon.com content.quantcount.com; block-all-mixed-content; report-uri https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e; 5
frame-ancestors 'self' *.brandwatch.com; object-src 'none'; 5
frame-ancestors 'self' *.sncf-connect.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
default-src 'self' wss://*.trenitalia.it https://*.adobe.com https://*.omniture.com https://*.gruppofs.it https://*.trenitalia.it http://*.ferroviedellostato.it https://*.ferroviedellostato.it https://*.fsitaliane.it http://*.fsitaliane.it https://*.rfi.it https://*.youtube.com https://moovitapp.com/napoli_e_campania-882/poi/it?customerId=11337 http://*.adobedtm.com https://*.demdex.net https://*.cookielaw.org https://*.ne-t.it https://*.onetrust.com https://*.serving-sys.com  https://*.akamaihd.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com  https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.fburl.com https://fburl.com http://*.112.2o7.net https://*.d3.sc.omtrdc.net https://*.issuu.com https://*.quantcount.com https://*.quantserve.com https://unpkg.com https://*.unpkg.com https://*.google.com https://*.gstatic.com http://*.gstatic.com https://*.googleapis.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com http://*.siteimproveanalytics.com http://siteimproveanalytics.com https://*.doubleclick.net https://static.xx.fbcdn.net https://*.fbcdn.net https://*.jsdelivr.net https://*.arcgis.com https://*.mycicero.it  https://*.licdn.com https://*.youtube-nocookie.com https://*.knightlab.com https://*.twitter.com https://*.instagram.com https://*.arcgisonline.com https://*.linkedin.com https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' data: * blob: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' data: * 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' data: * 'unsafe-inline' 'unsafe-eval'; img-src data: *  ; media-src ferroviedellostato.it *.ferroviedellostato.it https://*.fsnews.it https://*.rfi.it https://rfi.it ; script-src 'self' https://chatbot.lavoraconnoi.gruppofs.it/lavoraconnoi-widget/assets/dist/oe-min.js https://*.gruppofs.it https://*.trenitalia.it https://*.adobe.com https://*.omniture.com http://*.ferroviedellostato.it https://*.ferroviedellostato.it https://*.fsitaliane.it http://*.fsitaliane.it https://*.youtube.com http://*.adobedtm.com https://*.demdex.net https://*.cookielaw.org https://*.onetrust.com https://*.serving-sys.com  https://*.akamaihd.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com  https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.fburl.com https://fburl.com http://*.112.2o7.net https://*.d3.sc.omtrdc.net https://*.issuu.com https://*.quantcount.com https://*.quantserve.com https://unpkg.com https://*.unpkg.com https://*.google.com https://*.gstatic.com http://*.gstatic.com https://*.googleapis.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com http://*.siteimproveanalytics.com http://siteimproveanalytics.com https://*.doubleclick.net https://static.xx.fbcdn.net https://*.fbcdn.net https://*.jsdelivr.net https://*.arcgis.com https://*.mycicero.it  https://*.licdn.com https://*.youtube-nocookie.com https://*.knightlab.com https://*.twitter.com https://*.instagram.com https://*.arcgisonline.com https://*.linkedin.com https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data: * 5
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.contentful.com 'self' 5
default-src  https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self' https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' data: https://pixel.quantserve.com https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com/pages/scripts/0087/2136.js https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com; connect-src 'self' https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/; 5
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id https://manganime.in 5
upgrade-insecure-requests;block-all-mixed-content 5
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 5
default-src 'self' data: https:; script-src 'self' https://cdn.logrocket.io  https://cdn.lr-ingest.io  https://cdn.lr-in.com  'unsafe-inline' 'unsafe-eval' https:; child-src 'self' blob:; worker-src 'self' blob:;object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https: mailto: tel:; font-src 'self' data: https:; connect-src 'self' https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https: wss://*.hotjar.com; frame-ancestors 'self' https://ve.on24.com/ https://login-staging.qlik.com/  https://login.qlik.com/; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 5
frame-ancestors https://*.flexera.com https://*.revenera.com; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 5
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net *.gomo.com.au *.realestate.com.au 5
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
nosniff 5
frame-ancestors 'self' commander.weatherops.com 5
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 5
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5
connect-src 'self' *.fontawesome.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org *.stackadapt.com *.doubleclick.net bat.bing.com *.facebook.net s3.amazonaws.com *.dataweavers.io *.yimg.com *.hubspot.com *.amazonaws.com *.hubapi.com *.hsforms.com *.clarity.ms *.youtube.com *.google.com; default-src 'self' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org fonts.googleapis.com cdn.pushcrew.com js.driftt.com *.dataweavers.io *.pardot.com *.heartland.us *.heartlandpaymentsystems.com *.youtube.com; font-src 'self' *.fontawesome.com *.dataweavers.io fonts.gstatic.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src 'self' burly.io *.burly.io *.youtube.com *.ytimg.com *.driftt.com *.adsrvr.org *.doubleclick.net vimeo.com *.visualwebsiteoptimizer.com app.vwo.com *.google.com *.facebook.com *.vimeo.com *.hsforms.com; img-src 'self' *.dataweavers.io data: pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdnjs.cloudflare.com *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com *.adsymptotic.com www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.twitter.com *.vimeocdn.com *.cookielaw.org *.azureedge.net *.googleadservices.com *.clarity.ms *.heartlandpaymentsystems.com *.linkedin.com *.bing.com t.co *.tribalfusion.com *.yahoo.com *.pushcrew.com pushcrew.com *.facebook.com *.google.com.au *.google.com storage.pardot.com *.doubleclick.net *.google.co.in *.gstatic.com i.ytimg.com *.hsforms.com *.hubspot.com; script-src 'self' 'unsafe-inline' *.fontawesome.com www.googletagmanager.com 'unsafe-eval' *.dataweavers.io *.google-analytics.com burly.io *.burly.io static.ads-twitter.com platform.twitter.com *.facebook.net *.doubleclick.net cdn.cookielaw.org pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.pushcrew.com *.yimg.com *.twitter.com *.drifft.com www.googleadservices.com *.licdn.com *.visualwebsiteoptimizer.com bat.bing.com *.google.com tracking.g2crowd.com js.driftt.com gstatic.com google-analytics.com code.jquery.com *.gstatic.com *.pardot.com *.heartland.us *.heartlandpaymentsystems.com; script-src-elem 'self' *.google-analytics.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com cdn.cookielaw.org *.stackadapt.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com www.googletagmanager.com *.pushcrew.com burly.io *.burly.io *.adsrvr.org static.ads-twitter.com platform.twitter.com *.tribalfusion.com code.jquery.com *.doubleclick.net *.driftt.com *.dataweavers.io cdnjs.cloudflare.com *.jsdelivr.net *.googleapis.com *.youtube.com *.clarity.ms *.g2crowd.com *.gstatic.com *.licdn.com *.facebook.net *.yimg.com *.google.com bat.bing.com www.googleadservices.com *.twitter.com *.analytics.yahoo.com fonts.googleapis.com *.hsforms.com *.hs-analytics.net js.hsforms.net/forms/v2.js js.hs-scripts.com/2146553.js js.hscollectedforms.net/collectedforms.js js.hs-banner.com/2146553.js js.hsadspixel.net/fb.js js.hs-analytics.net/analytics/1633103100000/2146553.js js.hs-analytics.net/analytics/1633103400000/2146553.js *.pardot.com *.heartland.us *.heartlandpaymentsystems.com; style-src-elem 'self' *.stackadapt.com 'unsafe-inline' *.pushcrew.com *.dataweavers.io *.visualwebsiteoptimizer.com app.vwo.com cdnjs.cloudflare.com *.jsdelivr.net fonts.googleapis.com *.pardot.com *.heartland.us *.heartlandpaymentsystems.com; worker-src 'self' blob:; 5
frame-ancestors 'self' connectappypie.com googleapis.com reveal.clearbit.com; 5
frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 5
frame-ancestors 'self' *.evergage.com *.evgnet.com; 5
default-src 'self' www.googletagmanager.com;; script-src 'self' cdn-app.pathfactory.com app.cdn.lookbookhq.com tracker.engageclick.com cdn.catbook.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net  j.6sc.co consent.trustarc.com sleeknotecustomerscripts.sleeknote.com extend.vimeocdn.com www.linkedin.com static.hotjar.com *.cloudfront.net script.hotjar.com unpkg.com s.adroll.com sleeknotestaticcontent.sleeknote.com d.adroll.com connect.facebook.net  tag.demandbase.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js sfc.leadspace.com cdpn-js.figureone.com boards.greenhouse.io 'unsafe-inline' 'unsafe-eval' blob:; ; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data:; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.storygize.net www.247.ai/*;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com boards.greenhouse.io info.247.ai;; frame-ancestors 'self' 247ai.pathfactory.com consent-pref.trustarc.com https://www.linkedin.com https: http:;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob:;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com;; connect-src 'self' *.hotjar.com jukebox.pathfactory.com wss: c.6sc.co secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com in.hotjar.com dev-new.www.247.ai vc.hotjar.io *.mktoresp.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net interact-api-na.px.247inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net geolocation.sleeknote.com bam.nr-data.net ws23.hotjar.com api.247-inc.net sfgw.leadspace.com sleeknotestaticcontent.sleeknote.com fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com;; report-uri /report-csp-violation 5
frame-src https://www.google.com https://app.hubspot.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js; 5
frame-ancestors 'self' centralnicgroup.activehosted.com; script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com snap.licdn.com diffuser-cdn.app-us1.com prism.app-us1.com wp-ui.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 5
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 5
frame-ancestors 'self' *.knoema.com *.knoema.org 5
frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org 5
default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 5
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 5
frame-ancestors 'none'; upgrade-insecure-requests 5
frame-src *; 5
frame-ancestors 'self' *.swoogo.com 5
default-src 'self';  frame-ancestors 'self'  *.arista.com;  form-action 'self'  *.arista.com  *.onelogin.com  *.salesforce.com  forms.hsforms.com  syndication.twitter.com;  script-src 'self'  'unsafe-inline'  'unsafe-eval'  customer.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  js.hsforms.net  forms.hsforms.com  js-na1.hs-scripts.com  js.hs-analytics.net  js.hs-banner.com  *.smartrecruiters.com  www.google.com  www.gstatic.com  www.google-analytics.com  maps.google.com  *.googleapis.com  platform.twitter.com  cdn.syndication.twimg.com  connect.facebook.net  platform.linkedin.com  www.youtube.com;  connect-src 'self'  api-eu1.cludo.com  api.cludo.com  cdn.cookielaw.org  forms.hsforms.com  privacyportal.onetrust.com  www.google-analytics.com  stats.g.doubleclick.net;  child-src 'self'  www.google.com  www.youtube.com  forms.hsforms.com  www.facebook.com  platform.twitter.com  syndication.twitter.com  web.facebook.com  js.hs-analytics.net  www.google-analytics.com;  style-src 'self'  'unsafe-inline'  fonts.googleapis.com  platform.twitter.com  *.twimg.com;  font-src  'self'  https://fonts.gstatic.com  https://themes.googleusercontent.com;  img-src 'self' data:  customer.cludo.com  perf.hsforms.com  i.ytimg.com  cdn.cookielaw.org  *.gstatic.com  maps.google.com  *.googleapis.com  *.ggpht.com  platform.twitter.com  *.twimg.com  syndication.twitter.com  track.hubspot.com  www.google-analytics.com;  upgrade-insecure-requests;  report-uri /csp-report/ 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 5
default-src 'self' cloud.typography.com us-east-1.content-hub.acquia.com player.vimeo.com blob: data: *.criver.com 'unsafe-inline' play.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com  *.criver.com *.vimeo.com *.dd *.test *.force.com *.salesforce.com *.salesforceliveagent.com blob: data: sha256- *.acquia.com *.ads-twitter.com *.licdn.com *.addthis.com *.pardot.com *.moatads.com *.twitter.com *.addthisedge.com *.juicer.io *.criver.com *.hotjar.com *.trustarc.com *.jsdelivr.net *.cloudflare.com *.livehelpnow.net *.cloudflareinsights.com *.recaptcha.net *.gstatic.com *.kampyle.com *.snapapp.com *.newrelic.com *.youtube.com *.nr-data.net *.segment.com *.ssl.cf3.rackcdn.com cdn.rawgit.com *.clarity.ms talk.hyvor.com us-east-1.content-hub.acquia.com *.vidyard.com *.datadome.co pagecdn.io *.qualtrics.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.criver.com *.googletagmanager.com *.googleapis.com *.juicer.io *.force.com *.jsdelivr.net *.livehelpnow.net cdnjs.cloudflare.com *.lift.acquia.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' forms.hubspot.com *.hsforms.com *.criver.com *.googletagmanager.com *.google-analytics.com track.hubspot.com data: *.widen.net *.widencdn.net *.linkedin.com t.co *.adsymptotic.com *.jsdelivr.net *.livehelpnow.net *.trustarc.com *.kampyle.com yt3.ggpht.com i.ytimg.com *.juicer.io *.prod.acquia-sites.com *.google.com *.fbcdn.net *.lift.acquia.com cdn.rawgit.com raw.githubusercontent.com c.clarity.ms c.bing.com talk.hyvor.com *.youtube.com *.widen.net *.knowledgevision.com *.vidyard.com *.akamaihd.net fonts.gstatic.com analytics.twitter.com *.qualtrics.com; media-src 'self' 'unsafe-inline' 'unsafe-eval'  *.criver.com *.embed.widencdn.net *.criver.com *.widen.net; frame-src *.soundcloud.com *.addthis.com *.pardot.com *.force.com *.hotjar.com *.widencdn.net *.widen.net *.criver.com *.google.com *.kampyle.com *.transistor.fm *.snapapp.com *.trustarc.com *.knowledgevision.com *.youtube-nocookie.com *.youtube.com dot.vu mrkpwamicrosite000a.azurewebsites.net talk.hyvor.com www.recaptcha.net *.vidyard.com *.qualtrics.com; child-src *.vidyard.com blob:; font-src 'self' themes.googleusercontent.com cloud.typography.com data: *.criver.com *.gstatic.com *.juicer.io *.livehelpnow.net; connect-src 'self' *.google-analytics.com *.doubleclick.net *.acquia.com *.bugsnag.com *.addthis.com *.juicer.io *.criver.com *.livehelpnow.net wss://*.livehelpnow.net *.hotjar.com *.hotjar.io *.force.com *.kampyle.com *.snapapp.com *.hotjar.com *.nr-data.net graph.facebook.com wss://*.hotjar.com *.clarity.ms *.datadome.co *.qualtrics.com; report-uri /report-csp-violation 5
default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 5
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 5
default-src 'self' *.exaly.com 'unsafe-inline';font-src fonts.gstatic.com fonts.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com 5
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 5
img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com data: maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.herbalifenutrition.com *.herbalife.com *.herbalife.de negocio.herbalife.com.mx privacyportal.onetrust.com  privacyseals.bbbprograms.org da7xgjtj801h2.cloudfront.net cf-images.us-east-1.prod.boltdns.net translate.googleapis.com googleads.g.doubleclick.net bid.g.doubleclick.net www.googleadservices.com dev.day.com rl.quantummetric.com geolocation.onetrust.com http-inputs-hrbl.splunkcloud.com herbalife-app.quantummetric.com herbalife-sync.quantummetric.com cdn.quantummetric.com cdn.cookielaw.org code.jquery.com optanon.blob.core.windows.net stats.g.doubleclick.net herbalife.112.2o7.net www.gstatic.com connect.facebook.net blob: data: user-aaimrzl.cld.bz www.google-analytics.com www.googletagmanager.com www.facebook.com twitter.com www.instagram.com www.linkedin.com www.dsa.org dsef.org www.bbb.org fonts.googleapis.com fonts.gstatic.com pixel.wp.com s0.wp.com stats.wp.com api.ceros.co ajax.googleapis.com media-s3-us-east-1.ceros.com namcerosdev.wpengine.com sdk.ceros.com assets.adobedtm.com metrics.brightcove.com players.brightcove.net cdn.flipsnack.com edge.api.brightcove.com cdnjs.cloudflare.com assets.herbalifenutrition.com smetrics.herbalife.com manifest.prod.boltdns.net *.akamaihd.net secure.brightcove.com vjs.zencdn.net f1.media.brightcove.com edge.myherbalife.com *.demdex.net herbalife.tt.omtrdc.net cm.everesttech.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat 5
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 5
frame-ancestors 'self'; object-src 'none' 5
default-src https: 'unsafe-eval' 'self' data: ws.pusherapp.com wss: bugherd-attachments.s3.amazonaws.com screenshots.bugherd.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' static.addtoany.com www.bugherd.com kit.fontawesome.com ka-p.fontawesome.com ws.pusherapp.com fonts.googleapis.com sockjs.pusher.com www.google-analytics.com www.googletagmanager.com; object-src ws.pusherapp.com; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: fonts.googleapis.com; media-src https: data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com ka-p.fontawesome.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net; report-uri /report-csp-violation 5
frame-ancestors 'self' *.gdmissionsystems.com 5
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com; 5
default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 5
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors tarketthome.com www.tarketthome.com 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 5
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' app.storyblok.com 5
frame-ancestors 'self' https://www.bosoy-online.com 5
connect-src   'self' *.googleapis.com *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://*.onlim.com wss://app.onlim.com/api/cs/ws wss://api.onlim.com/cs/ws *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at; style-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css 'self' styles.wienerstadtwerke.at 'unsafe-inline' fonts.googleapis.com *.onlim.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.chatvisor.com; base-uri   'self' *.onlim.com; script-src   https://app.onlim.com/chat-app/js/host.js *.onlim.com *.adform.net *.googletagmanager.com connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com/ *.usabilla.com/ *.googletagmanager.com/ *.googleadservices.com https://googleads.g.doubleclick.net/ *.onlim.com/; frame-src   *.wienit.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' *.wienernetze.at/ *.facebook.com; media-src   'self' data: *.onlim.com; img-src   *.wienernetze.at/ wienitedv.d3.sc.omtrdc.net facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' *.facebook.com https://www.google.at/pagead/ https://www.google.com/pagead/; default-src   'self'; font-src   https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self'; 5
default-src 'self'; block-all-mixed-content; report-uri https://report.api.jtl-software.com/csp/; base-uri 'self'; form-action 'self' https://kundencenter.jtl-software.de https://jtl-software.us9.list-manage.com https://checkout.jtl-software.com/ https://www.facebook.com; frame-ancestors 'self'; connect-src 'self' https://api.personio.de https://adservice.google.com https://bat.bing.com https://www.facebook.com https://stats.g.doubleclick.net/ https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://stats.jtl-software.de https://consent.jtl-software.de; font-src 'self' https://cdn.jtl-software.com https://fonts.gstatic.com https://fonts.googleapis.com data:; frame-src 'self' https://bid.g.doubleclick.net https://www.facebook.com/ https://www.youtube.com https://www.google.com https://jira.jtl-software.de https://consent.jtl-software.de; img-src 'self' https://i.ytimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.de https://bat.bing.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://bilder.jtl-software.de https://cdn.jtl-software.com https://lh3.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://cbks0.googleapis.com/ https://geo0.ggpht.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.jtl-software.de https://stats.jtl-software.de https://www.google.com https://img.youtube.com https://consent.jtl-software.de https://www.google.ch https://www.google.de https://www.google.at https://www.google.pl https://www.google.com.ua https://www.google.com.pk https://www.google.hu https://www.google.co.uk https://www.google.dk https://www.google.br https://www.google.it https://www.google.ae https://www.google.ca https://www.google.hr https://www.google.com.au https://www.google.sk https://www.google.es https://www.google.ie https://www.googletagmanager.com https://www.google.com.tr https://www.google.cz https://www.google.be https://www.google.co.in https://www.google.ge https://www.google.nl https://www.google.lu https://www.google.fr data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crm.jtl-software.de https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jtl-software.com https://jira.jtl-software.de https://maps.googleapis.com https://www.youtube.com https://stats.jtl-software.de https://www.google.com https://www.gstatic.com https://consent.jtl-software.de https://snap.licdn.com https://tpc.googlesyndication.com data:; style-src 'self' 'unsafe-inline' https://cdn.jtl-software.com https://fonts.googleapis.com https://www.google.com https://consent.jtl-software.de; worker-src 'self' https://www.google.com; 5
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 5
frame-ancestors 'self' https://analyse.dipf.de/ http://analyse.dipf.de/; 5
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 5
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org forms.office.com player.youku.com *.qq.com; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com; report-uri /report-csp-violation 5
default-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https://*.dekra.com https://*.dekra.de https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.hurra.com https://*.hotjar.com https://*.hotjar.io https://*.baidu.com https://*.linkedin.com https://*.bdimg.com https://*.facebook.com https://i.vimeocdn.com https://i.ytimg.com https://pbs.twimg.com https://www.snapengage.com https://js.hsforms.net https://track.hubspot.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://api.map.baidu.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.baidu.com https://*.hotjar.com https://*.hotjar.io https://code.snapengage.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://ssl.hurra.com https://tagmanager.google.com https://www.xing-share.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://snap.licdn.com https://js.hs-analytics.net https://px.ads.linkedin.com https://js.hsforms.net https://app-lon05.marketo.com matomo.dekra.bawue.com https://app.iiq-check.de https://www.snapengage.com https://forms.hsforms.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bdimg.com; 5
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://*.inmoment.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.amplitude.com https://api.amplitude.com https://hkfxbbdzib.notion.so https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net;connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://hkfxbbdzib.notion.so https://www.notion.so https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com;img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com;frame-src https: http:;media-src https: http: 5
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 5
frame-ancestors *.ia.ca *.inalco.com *.ia.iafg.net 5
upgrade-insecure-requests;block-all-mixed-content; 5
upgrade-insecure-requests; base-uri 'self'; 5
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 5
default-src 'self' data: blob: https://app.link https://stats.g.doubleclick.net https://*.fbcdn.net *.google.com:* *.google.ca:* https://d36jefco17r7xm.cloudfront.net https://img.prod.wemesh.com https://www.facebook.com https://www.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://code.jquery.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://app.link *.facebook.net:* *.googleapis.com:* *.bootstrapcdn.com:* *.cloudflare.com:* *.google-analytics.com:* *.branch.io:*; style-src 'unsafe-inline' 'self' *.fontawesome.com:* *.googleapis.com:* *.bootstrapcdn.com:*; img-src 'self'; font-src 'self' *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https://www.facebook.com *.bootstrapcdn.com:* *.googleapis.com:* d36jefco17r7xm.cloudfront.net:*; connect-src 'self' *.fontawesome.com:* https://apis.google.com https://www.google-analytics.com https://api.red.wemesh.ca https://wemesh.com https://*.wemesh.com https://api2.branch.io https://stats.g.doubleclick.net; object-src 'none' 5
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 5
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com static.hotjar.com js.hsforms.net js.hs-scripts.com cdn.bizible.com *.wistia.com *.doubleclick.net 5
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://* 5
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 5
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://discord.com https://cdnjs.cloudflare.com/ajax/libs https://system.warlegend.net https://cdn.datataeamjs.io https://gleam.iobles.net https://s.ytimg.com https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net/ https://www.facebook.com/ https://maxcdn.bootstrapcdn.com/ https://analytics.google.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com https://www.google.com/recaptcha 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com/ https://*.fbcdn.net/ https://*.googleusercontent.com/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io/ https://static-cdn.jtvnw.net/ https://i.ytimg.com/ 5
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 5
img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://maxcdn.bootstrapcdn.com  https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 5
frame-ancestors 'self' apac.marketing.adobe.com 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com www.googletagmanager.com cdn.lightwidget.com cdn.cookielaw.org static.hotjar.com script.hotjar.com geolocation.onetrust.com static.cloudflareinsights.com www.google-analytics.com iframely.shorthand.com analytics.shorthand.com stats.g.doubleclick.net data: cdn.cookielaw.org geolocation.onetrust.com ajax.cloudflare.com cdnjs.cloudflare.com www.youtube.com youtube.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; img-src 'self' reedexhibitions.com www.google-analytics.com www.google.com www.google.co.uk data.shorthand.com maps.googleapis.com cdnjs.cloudflare.com img.youtube.com data: ; frame-src cdn.lightwidget.com vars.hotjar.com youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com iframely.shorthand.com rx.bnurl.com drive.google.com; object-src data: 'unsafe-eval'; connect-src 'self' rxglobal.com cdn.cookielaw.org privacyportal.onetrust.com www.google-analytics.com gateway.shorthand.com stats.g.doubleclick.net data.shorthand.com in.hotjar.com rx.bnurl.com api.segment.io; base-uri 'none'; 5
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net s-agent.newrelic.com sp.analytics.yahoo.com s.yimg.com userprotect.de.stihl-dns.net tagmanager.google.com www.google-analytics.com www.googletagmanager.com analytics-udg.netdna-ssl.com assets.adobedtm.com maps.googleapis.com typekit.net *.typekit.net *.adyen.com *.geoplugin.net *.openweathermap.org *.google.com *.google.de *.gstatic.com *.criteo.net *.criteo.com *.g.doubleclick.net *.facebook.net *.bing.com *.outbrain.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.ytimg.com *.mouseflow.com *.pinimg.com *.excentos.com *.media01.eu *.googleadservices.com *.en25.com *.oracleinfinity.in *.maxymiser.net *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.tiqcdn.com *.google.com *.unpkg.com unpkg.com *.guuru.com *.tealiumiq.com *.newrelic.com *.b2x-env.cloud *.kuponacdn.de *.kpcustomer.de *.clarity.ms *.adsrvr.org *.tealiumiq.com *.maxymiser.net *.tiqcdn.com unpkg.com *.teads.tv *.googleadservices.com *.cookielaw.org *.onetrust.com *.cloudflare.com digitizer.app t.contentsquare.net app.contentsquare.com cdn.trkkn.com zenloop-website-overlay-production.s3.amazonaws.com *.google-analytics.com *.stihl.co.uk *.assistant.watson.appdomain.cloud *.stihl-timbersports.com; connect-src 'self' *.pinterest.com s.yimg.com bam.eu01.nr-data.net *.youtube-nocookie.com *.google.com *.google.de analytics.google.com *.g.doubleclick.net *.bing.com stihl-sso.com stihl.tui-servicelayers.io ext.nonstoppartner.net www.google-analytics.com *.omtrdc.net *.demdex.net adobeioruntime.net *.adobeioruntime.net maps.googleapis.com typekit.net *.typekit.net *.mouseflow.com stihlb2bdocuments.blob.core.windows.net *.excentos.com *.media01.eu checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com ssl.geoplugin.net collect.tealiumiq.com api.openweathermap.org *.guuru.com *.facebook.com *.google.fr *.google.be *.google.nl *.google.es *.google.pt *.google.at *.google.gr *.google.ch *.google.lu *.google.it *.google.hu *.google.pl *.criteo.com *.googletagmanager.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.clarity.ms *.geoplugin.net *.cookielaw.org *.onetrust.com *.cloudflare.com *.digitizer.app *.contentsquare.net cdn.trkkn.com *.google-analytics.com *.zenloop.com *.assistant.watson.appdomain.cloud zenloop-website-overlay-production.s3.amazonaws.com; img-src 'self' *.criteo.com *.smaato.net *.pinterest.com *.pinterest.de *.google.ch *.doubleclick.net *.rubiconproject.com *.smartadserver.com *.3lift.com *.adnxs.com *.yahoo.com *.casalemedia.com *.pubmatic.com *.360yield.com *.openx.net *.twiago.com *.adscale.de *.adform.net *.advertising.com *.teads.tv *.media.net *.yieldlab.net *.omnitagjs.com *.bidswitch.net *.sharethrough.com *.ivitrack.com *.e-planning.net *.stickyadstv.com *.tremorhub.com *.taboola.com *.googleusercontent.com *.youtube-nocookie.com *.atdmt.com *.criteo.net *.ytimg.com stats.g.doubleclick.net *.google.com *.google.de www.google-analytics.com www.googletagmanager.com *.facebook.com *.bing.com *.outbrain.com *.everesttech.net *.demdex.net *.omtrdc.net static.stihl.com *.stihlusa.com typekit.net *.typekit.net *.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com data: *.mouseflow.com *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.stihl.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.facebook.net *.googleadservices.com *.maxymiser.net *.mgid.com *.guuru.com *.kargo.com *.liadm.com *.smartclip.net *.addthis.com *.yandex.ru *.b2x-env.cloud *.tealiumiq.com *.postrelease.com *.krxd.net *.tapad.com *.yieldmo.com *.thebrighttag.com *.bluekai.com *.clmbtech.com *.ants.vn *.rlcdn.com *.fwnm.net *.microad.jp *.mediavine.com *.mediawallahscript.com *.tpmn.co.kr *.adtdp.com *.revcontent.com *.rambler.ru *.aralego.com *.id5-sync.com *.google.fr *.google.be *.google.nl *.google.es *.google.pt *.google.it *.google.at *.google.lu *.google.gr *.google.co.uk *.google.cl *.google.com.mx *.google.hu *.google.cz *.google.pl *.google.se *.google.com.ua *.google.ca *.google.com *.google.nl *.google.com.br *.google.ru *.google.ro *.google.com.co *.google.fr *.google.tn *.google.com.ar *.google.hr *.google.bg *.google.com.tr *.google.sk *.clarity.ms *.googleads.g.doubleclick.net id5-sync.com *.turn.com *.mail.ru *.socdm.com *.admixer.co.kr *.dable.io *.cookielaw.org *.windows.net *.ad-stir.com *.meba.kr *.adingo.jp *.nate.com *.toast.com web-cdnend-techdoc-tsa-q.azureedge.net *.dmxleo.com *.foxbase.de *.rediunid.imrworldwide.com *.herrenseite.de *.contentsquare.net *.stihl.co.uk *.zenloop.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com dam.stihl.cloud *.stihl-timbersports.com segment.prod.bidr.io *.emxdgt.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.excentos.com *.googletagmanager.com *.onetrust.com *.cookielaw.org digitizer.app; font-src 'self' cdnjs.cloudflare.com *.typekit.net typekit.net fonts.googleapis.com fonts.gstatic.com data: *.mouseflow.com *.excentos.com *.guuru.com *.zenloop.com zenloop-assets.s3.eu-west-1.amazonaws.com; frame-src 'self' *.criteo.net userprotect.de.stihl-dns.net *.criteo.com e.video-cdn.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.demdex.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com static.stihl.com *.fls.doubleclick.net *.mouseflow.com *.excentos.com *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com *.redintelligence.net track.adform.net pixel.mathtag.com *.fls.doubleclick.net *.maxymiser.net *.guuru.com *.pinterest.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.kuponacdn.de *.ad-srv.net *.adsrvr.org *.cookielaw.org *.jaggaer.com segment.prod.bidr.io; child-src 'self' *.mouseflow.com *.guuru.com blob: 5
"upgrade-insecure-requests;" 5
default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 5
base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 5
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 5
font-src *;img-src * data:; 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
default-src 'self'; connect-src 'self' www.archgroup.com insurance.archgroup.com mortgage.archgroup.com reinsurance.archgroup.com www.google-analytics.com archcapital2020tf.q4web.com *.licdn.com stats.g.doubleclick.net my.wpengine.com yoast.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; frame-src *.archgroup.com https://www.podbean.com/ www.youtube.com www.google.com *.icims.com player.vimeo.com; img-src 'self' data: www.archgroup.com archgroup.com ps.w.org p.adsymptotic.com wpengine.com dify.wpengine.com maps.gstatic.com *.googleapis.com *.ggpht.com secure.gravatar.com px.ads.linkedin.com www.google-analytics.com; media-src extend.vimeocdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com data: www.archgroup.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com; 5
manifest-src 'self'; 5
frame-ancestors 'self' https://www.mapama.gob.es 5
frame-ancestors 'self' analytics.pt-dlr.de 5
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 5
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 5
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com happyfoxchat.com *.happyfoxchat.com *.dianomi.com itstracking.com *.itstracking.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com 5
script-src https: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 5
frame-ancestors 'self' adform.com livepreview.adform.com adria.ign.com aktivni.metropolitan.si novice.svet24.si www.avto-fokus.si avto-magazin.metropolitan.si www.avto.net avto.over.net avtoarena.si www.avtomobilizem.com www.bmwblog.si www.bolha.com www.vecer.com www.contentexchange.me cosmopolitan.metropolitan.si www.delo.si deloindom.delo.si dijaski.net www.diva.si www.dnevnik.si www.dolenjskilist.si ekipa.svet24.si elle.metropolitan.si www.golfportal.si govorise.metropolitan.si www.hribi.net hudo.com www.igre123.com www.igre365.com igrice.hudo.com www.intimatemedicine.si izletnadlani.com lepdan.si www.lisa.si ljubljanainfo.com www.lokalno.si maribor24.si mariborinfo.com med.over.net megasvet.si www.meteovista.si micna.slovenskenovice.si www.mladina.si mojalbum.com www.mojaobcina.si mojbutik.si mojepotovanje.si www.mojprihranek.si www.mojvideo.com moski.hudo.com www.mtb.si www.nadlani.si www.najdi.si najstnica.svet24.si www.napovednik.com narobesvet.com njena.svet24.si www.nogomania.com nova24tv.si oblizniprste.si oopsi.si paradaplesa.si m.planet-lepote.com playboy.metropolitan.si plugin-magazine.com pogledi.delo.si pomurec.com portal-f1.si pozareport.si www.primorske.si privoscite.si ptujinfo.com radio1.si radioaktual.si radiosalomon.si reporter.si odkrito.svet24.si revijafatalna.si revijazarja.si revijazeleniraj.si www.rtvslo.si oglasi.svet24.si salomonov-ugankar.si sensa.metropolitan.si siol.net www.slovenskenovice.si sobotainfo.com www.spletne-igre.si spored.tv style.zurnal24.si www.student.si studentski.net topnews.si topqpon.si potovanja.over.net www.vandraj.si www.vecerkoroska.com veseljak.si viralko.si vreme-si.com vreme.zurnal24.si zulu.si zenska.hudo.com www.zurnal24.si metropolitan.si www.metropolitan.si 5
"upgrade-insecure-requests" 5
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 5
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.googleadservices.com *.googletagmanager.com;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline' *.reachtheworldonfacebook.com reachtheworldonfacebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.mktoresp.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data: media-dev-reachtheworldonfacebook.s3.us-east-2.amazonaws.com media-reachtheworldonfacebook.s3.ap-southeast-1.amazonaws.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com *.reachtheworldonfacebook.com reachtheworldonfacebook.com;worker-src blob: *.facebook.com data: *.reachtheworldonfacebook.com reachtheworldonfacebook.com 'unsafe-eval' *.googleadservices.com *.googletagmanager.com *.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests; 5
default-src: https: 'unsafe-inline' 5
object-src 'none'; frame-ancestors 'none' 5
frame-ancestors 'self' https://*.unique.be https://*.startpeople.be; 5
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 5
default-src https: data: 'unsafe-inline' 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 5
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 5
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 5
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 5
default-src https: 5
frame-ancestors 'self' *.egovcdn.com 5
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline';                             img-src data: blob: * 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';font-src  data: * 'unsafe-inline' 'unsafe-eval'; 5
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 5
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.bern-altstadt.ch https://www.mediservice-news.ch https://rechner.soziale-sicherheit-chss.ch https://bsv.admin.ch https://www.bsv.admin.ch; 5
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 5
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com customer-stories-feed.github.com spotlights-feed.github.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 4
block-all-mixed-content;         default-src https://loc.gov/ https://*.loc.gov/ ;         media-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             blob:;         worker-src https://loc.gov/ https://*.loc.gov/              blob:;         font-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             data:;         img-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://dpm.demdex.net/             https://cm.everesttech.net/             https://*.amazonaws.com             data:             blob:;         connect-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://thelibraryofcongress.tt.omtrdc.net/             https://dpm.demdex.net/ 	        https://d3c605m4lmznjl.cloudfront.net/             https://*.s3.us-east-1.amazonaws.com/;         style-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             'unsafe-inline'             blob:;         script-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://cdn.jsdelivr.net             https://s.ytimg.com/             'unsafe-inline'             'unsafe-eval';         frame-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://www.nlstalkingbooks.org/             https://unitedstateslibraryofcongress.demdex.net             https://www.youtube-nocookie.com/;         frame-ancestors https://loc.gov/ https://*.loc.gov/              https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://loc.libwizard.com/;         report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 4
frame-ancestors *.mi.com; 4
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster:; 4
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* *.twitter.com *.twimg.com *.ads-twitter.com vk.com *.vk.com ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.stripe.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net *.hotjar.com:* *.hotjar.io wss://*.hotjar.com p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com *.pushnotifications.pusher.com js.pusher.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org core.spreedly.com *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com d2yyd1h5u9mauk.cloudfront.net web.delighted.com change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com *.hotjar.com *.hotjar.io d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: https://fonts.gstatic.com data:; connect-src https: wss:; img-src https: data:; worker-src blob: https:; media-src https: blob:; 4
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 4
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: *.sky.com *.bskyb.com *.skyassets.com *.lpsnmedia.net *.liveperson.net *.doubleclick.net http://ad.doubleclick.net analytics.twitter.com assets.adobedtm.com bat.bing.com cdn3.nowinteract.com *.clicktale.net *.tvsquared.com connect.facebook.net imp3.nowinteract.com *.googlesyndication.com s2.go-mpulse.net secure.quantserve.com *.qualtrics.com *.15gifts.com smct.co track.uniqodo.com *.assistant.watson.appdomain.cloud www.dwin1.com www.google-analytics.com www.googletagmanager.com static.ads-twitter.com staging-liveperson-dtm.herokuapp.com cdn.tt.omtrdc.net *.demdex.net *.cloudfront.net ssl.google-analytics.com ecustomeropinions.com universal.iperceptions.com sd.iperceptions.com britishskybroadcasti.tt.omtrdc.net cti.w55c.net platform.twitter.com www.awin1.com s0.2mdn.net www.zenaps.com *.google.com *.google.co.uk *.google.ie data1.ablapol.com www.facebook.com *.optimizely.com cdn.spatialbuzz.com cdn.privacy-mgmt.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com www.gstatic.com *.8thwall.com cdnjs.cloudflare.com rules.quantcount.com t.contentsquare.net contentsquare.com app.contentsquare.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com dmp.vfwmrm.net match.adsrvr.org pm.w55c.net tr.snapchat.com secure.adnxs.com www.uqd.io *.yimg.com yahoo.com *.teads.tv smct.co js.smct.co smct.io js.smct.io; style-src 'self' 'unsafe-inline' *.sky.com *.skyassets.com *.15gifts.com s0.2mdn.net www.gstatic.com *.liveperson.net www.facebook.com *.doubleclick.net assets.adobedtm.com www.google-analytics.com *.lpsnmedia.net *.clicktale.net *.contentsquare.net *.googlesyndication.com sky.lucidcx.com fonts.googleapis.com; font-src 'self' data: *.sky.com fonts.gstatic.com http://fonts.gstatic.com *.skyassets.com use.typekit.net *.15gifts.com *.google.com *.google.co.uk *.google.ie sky.lucidcx.com cdn.8thwall.com tr.snapchat.com www.pinterest.com fonts.smct.co fonts.smct.io fonts.gstatic.com; img-src 'self' data: android-webview-video-poster: *.sky.com http://search.sky.com *.doubleclick.net *.skyassets.com *.15gifts.com bat.bing.com *.clicktale.net *.optimizely.com *.tvsquared.com *.demdex.net *.online-metrix.net *.qualtrics.com t.co tracking.audio.thisisdax.com www.facebook.com www.google-analytics.com *.google.com *.google.co.uk *.google.ie *.atdmt.com *.cloudfront.net live.staticflickr.com tags.w55c.net www.googletagmanager.com *.contentstack.io *.lpsnmedia.net s0.2mdn.net www.zenaps.com connect.facebook.net engagement.uniqodo.com *.liveperson.net www.gstatic.com www.awin1.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com cdn.privacy-mgmt.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com servedby.flashtalking.com *.lucidcx.com cdn.8thwall.com uniqodo.s3-eu-west-1.amazonaws.com production-image-placeholder.herokuapp.com pixel.quantserve.com http://t.newsletter.contact.sky *.sky 8th.io sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com events.smct.co *.yahoo.com *.gumgum.com smct.co cdn.smct.co smct.io cdn.smct.io px.smct.co px.smct.io ep.smct.co ep.smct.io *.teads.tv; connect-src 'self' blob: android-webview-video-poster: *.sky.com wss://*.sky.com *.skyassets.com *.bskyb.com *.15gifts.com api.amplitude.com bat.bing.com *.bf.dynatrace.com britishskybroadcasti.tt.omtrdc.net *.clicktale.net *.optimizely.com cdn.privacy-mgmt.com *.demdex.net *.doubleclick.net *.assistant.watson.appdomain.cloud *.qualtrics.com vip.timezonedb.com www.google-analytics.com api.amplitude.com *.go-mpulse.net *.akstat.io api.iperceptions.com www.facebook.com www.zenaps.com *.google.com *.google.co.uk *.google.ie s0.2mdn.net *.contentstack.io help-search-api-stage.herokuapp.com wss://*.liveperson.net *.lpsnmedia.net cdn.spatialbuzz.com prod-my-photo-api.herokuapp.com track.uniqodo.com connect.facebook.net engagement.uniqodo.com www.gstatic.com *.liveperson.net assets.adobedtm.com *.tvsquared.com *.googlesyndication.com www.googletagmanager.com wss://127.0.0.1 *.contentsquare.net www.googleadservices.com *.lucidcx.com awk.epgsky.com production-retriever.herokuapp.com cdn-assets-prod.s3.amazonaws.com apps.8thwall.com sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net ct.pinterest.com tr.snapchat.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk *.yimg.com smct.co smct.co js.smct.co smct.io js.smct.io ipb.smct.co ipb.smct.io cfg.smct.co cfg.smct.io ep.smct.co ep.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.teads.tv; frame-src 'self' blob: *.sky.com *.bskyb.com *.skyassets.com *.15gifts.com *.doubleclick.net *.optimizely.com *.demdex.net *.online-metrix.net *.lpsnmedia.net *.qualtrics.com www.facebook.com cdn.privacy-mgmt.com universal.iperceptions.com *.google.com *.google.co.uk *.google.ie *.clicktale.net s0.2mdn.net www.zenaps.com connect.facebook.net *.liveperson.net www.google-analytics.com analytics.twitter.com cdn.spatialbuzz.com assets.adobedtm.com *.googlesyndication.com *.contentsquare.net www.googleadservices.com sky.lucidcx.com live.tvgenius.net servedby.flashtalking.com players.brightcove.net sc-static.net acdn.adnxs.com s.pinimg.com ib.adnxs.com match.adsrvr.org pm.w55c.net dmp.v.fwmrm.net tr.snapchat.com ct.pinterest.com www.pinterest.com secure.adnxs.com www.pinterest.co.uk smct.co smct.io ls.smct.co ls.smct.io d2d7do8qaecbru.cloudfront.net w.etadirect.com; worker-src 'self' blob: *.sky.com *.skyassets.com assets.adobedtm.com *.liveperson.net; child-src 'self' blob:; media-src 'self' data: *.sky.com *.skyassets.com http://static.video.sky.com *.15gifts.com *.contentstack.io *.lpsnmedia.net *.doubleclick.net *.google.com *.google.co.uk *.google.ie *.clicktale.net *.liveperson.net www.facebook.com bat.bing.com *.demdex.net assets.adobedtm.com www.google-analytics.com *.contentsquare.net *.googlesyndication.com; object-src 'self' *.sky.com; report-uri /csp-reports 4
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 4
frame-ancestors 'self' https://*.al-array.com/ 4
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 4
default-src * data: blob: mailto: tel: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4
frame-ancestors 'self' appsec.aarp.org  secure.aarp.org  feeds.aarp.org test.elearn.aarp.org elearn.aarp.org taxappointment.aarp.org banksafetraining.aarp.org; 4
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 4
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 4
frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io *.bloomreach.cloud; 4
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com *.paytm.in *.paytmmoney.com paytmstores.com *.paytmstores.com polyfill.io widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net alipaybridge://* cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in paytmblogfinal.wpengine.com code.jquery.com assets.pinterest.com blob:; frame-src 'self' *.paytm.com *.paytmmoney.com *.paytm.in *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in paytmblogfinal.wpengine.com code.jquery.com assets.pinterest.com *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com polyfill.io paytmstores.com *.paytmstores.com alipaybridge://* widget.gleamjs.io gleam.io;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 4
frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com 4
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 4
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 4
default-src 'none'; form-action 'self'; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self'; prefetch-src 'self'; connect-src 'self' https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://embed.clickmeeting.com https://madmimi.com http://ajax.googleapis.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.matomo.org https://fonts.googleapis.com; img-src 'self' https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org secure.gravatar.com api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://static.matomo.org data: https://fonts.gstatic.com https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 4
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com feedback-us.app.khoros.com *.jmp.com *.outgrow.us;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 4
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors https://app.experiencewelcome.com/ https://test-panther.pantheonsite.io/; 4
default-src 'self' data: wss: blob blob: 'unsafe-eval' 'unsafe-inline' *.2o7.net *.ac-systems.com *.adobe.com *.adobedtm.com *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be.seg.js *.telenet.be:* *.telenetcampagnes.be *.tiqcdn.com *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://eur01.safelinks.protection.outlook.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com;img-src 'self' data: data blob blob: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 4
frame-ancestors 'self' *.lufthansa.com *.brusselsairlines.com 4
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.dickssportinggoods.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.iso.gp01.pcf.dcsg.com *.googleapis.com *.pub-cdn.dksfed.com pub-cdn.dksfed.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com d.impactradius-event.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com sslwidget.criteo.com static.ads-twitter.com dynamic.criteo.com static.criteo.net widget.criteo.com sslwidget.criteo.com dis.criteo.com dis.us.criteo.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com dis.us.criteo.com cdn.hlserve.com b.hlserve.com beam.criteo.com www.google.com *.g.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.contentsquare.net *.contentsquare.com *.fullstory.com; worker-src blob:; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.bugcrowdusercontent.com https://bugcrowd.com *.sportradar.com https://googletagmanager.com www.gstatic.com www.googletagmanager.com https://www.google.com https://www.google-analytics.com www.google-analytics.com https://fonts.googleapis.com https://cdn.priv.center/ https://www.googleadservices.com *.hotjar.com https://snap.licdn.com https://pi.pardot.com https://prod-origin.truendo.com https://googleads.g.doubleclick.net; img-src * data: 'self' blob:; frame-src * 'self'; media-src * 'self'; connect-src * https://www.google-analytics.com www.google-analytics.com; font-src * data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com  https://use.typekit.net; style-src * 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; 4
frame-ancestors 'self' https://cp.sprinthost.ru https://cp.sprintbox.ru https://metrika.yandex.ru http://webvisor.com; 4
default-src wss: data: blob: preply: chrome-extension: ms-appx-web: https: *.preply.com 'unsafe-inline' 'self'; img-src 'self' data: blob: https: preply: chrome-extension: ms-appx-web: *.preply.com neuvoo.ca; object-src 'self' *.preply.com; block-all-mixed-content; script-src 'self' data: blob: *.preply.com preply.com www.googleadservices.com www.redditstatic.com analytics.tiktok.com cdn.pdst.fm *.tvsquared.com *.onesignal.com onesignal.com snap.licdn.com px.ads.linkedin.com js.appboycdn.com app.link *.sumome.com www.gstatic.com *.doubleclick.net *.sumo.com *.branch.io *.google.com *.bing.com *.opentok.com *.hotjar.com *.facebook.net www.googletagmanager.com *.google-analytics.com *.intercomcdn.com *.intercom.io *.taboola.com *.stripe.com *.googleapis.com *.youtube.com *.ytimg.com *.ampproject.org *.googlesyndication.com *.trustpilot.com cdn.ranksci.com www.dwin1.com www.awin1.com www.zenaps.com the.sciencebehindecommerce.com amplify.outbrain.com tr.outbrain.com 'unsafe-eval' 'unsafe-inline' api.braintreegateway.com assets.braintreegateway.com client-analytics.braintreegateway.com js.braintreegateway.com *.braintree-api.com *.paypal.com pay.google.com songbird.cardinalcommerce.com sc-static.net player.vimeo.com ajax.cloudflare.com preply.us1.list-manage.com cdn.cookielaw.org geolocation.onetrust.com www.clickcease.com click.appcast.io boards.greenhouse.io *.clarity.ms tags.crwdcntrl.net *.hs-scripts.com *.hubspot.com *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hsforms.com *.usemessages.com; frame-ancestors 'self' www.upward.net; report-uri https://sentry-ext.preply.org/api/48/security/?sentry_key=f9d940af8b044614932c632dd13ccad6&sentry_environment=production 4
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com 'unsafe-eval' 'unsafe-inline'; 4
default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com https://embed.typeform.com https://js.driftt.com https://widget.drift.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://click.appcast.io https://bat.bing.com https://*.clarity.ms https://epam.widget.insent.ai https://www.redditstatic.com https://*.cookiepro.com https://*.onetrust.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com https://*.clarity.ms https://analytics.google.com https://*.cookiepro.com https://*.onetrust.com https://cookies-data.onetrust.io;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com https://form.typeform.com https://player.vimeo.com https://embed.podcasts.apple.com https://js.driftt.com https://widget.drift.com https://optimize.google.com https://epam.widget.insent.ai;img-src 'self' * data: blob: about: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/interaction/csp-report 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 4
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com https://player.vimeo.com https://www.recaptcha.net data: blob:; connect-src 'self' https://*.lift.acquia.com https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://bam-cell.nr-data.net https://sheets-proxy.knightlab.com https://cdn.cookielaw.org https://*.onetrust.com wss://*.hotjar.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data: https://*.ul.com; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com https://optimize.google.com https://www.recaptcha.net https://*.addtoany.com https://11349830.fls.doubleclick.net http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://airtable.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://www.ul.com https://www-stage.ul.com https://legacy-uploads.ul.com https://optimize.google.com https://s.ml-attr.com/getuid https://secure.adnxs.com/getuid https://attr.ml-api.io https://pixel.mathtag.com https://cdn.cookielaw.org data: https://collateral-library-production.s3.amazonaws.com https://*.ul.com https://*.adnxs.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.onetrust.com https://optimize.google.com https://cdn.c212.net https://c212.net https://pixel.mathtag.com https://commons.ul.com/* https://ww2.ul-renewables.com http://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com blob: https://app-ab48.marketo.com https://www.google.com/recaptcha/api.js https://cdn.knightlab.com https://code.jquery.com https://embed.solosegment.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://optimize.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self'; report-uri https://ulcsp.report-uri.com/r/t/csp/reportOnly 4
default-src 'none';style-src 'self' 'unsafe-inline';script-src 'unsafe-inline' ;img-src 'self' data: yastatic.net;connect-src 'self' auto.ru 4
default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src     'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src   'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 4
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org https://www.googletagmanager.com; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org www.googletagmanager.com mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ https://www.googletagmanager.com *.keepeek-dev.com *.keepeek.com; font-src https: data:; connect-src https:; report-uri /report-csp-violation; upgrade-insecure-requests 4
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com *.marketo.com; connect-src 'self' *.6sc.co *.6sense.com *.adnxs.com *.company-target.com *.google-analytics.com *.litix.io *.bugsnag.com *.bugherd.com *.pusher.com bugherd-attachments.s3.amazonaws.com *.mktoresp.com *.mktoutil.com *.stripe.com *.wistia.com *.wistia.net s3.amazonaws.com api.lever.co embedwistia-a.akamaihd.net hackerone.com secure.adnxs.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com *.bugherd.com *.trustarc.com d2iiunr5ws5ch1.cloudfront.net *.typekit.net; form-action 'self' *.marketo.com *.twitter.com; frame-ancestors 'self'; frame-src 'self' fast.wistia.com js.driftt.com *.trustarc.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.marketo.com *.twitter.com *.wistia.net my.pima.app; object-src 'self'; img-src 'self' data: *.6sc.co *.adsymptotic.com *.bidr.io *.company-target.com *.google-analytics.com *.google.com *.linkedin.com *.techtarget.com *.trustarc.com *.twimg.com *.twitter.com *.wistia.net s3.amazonaws.com bugherd-attachments.s3.amazonaws.com d2iiunr5ws5ch1.cloudfront.net cdn.bizible.com cdn.bizibly.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com id.rlcdn.com stats.g.doubleclick.net t.co via.placeholder.com https://*.googletagmanager.com; media-src 'self' blob: data: *.wistia.com *.wistia.net *.driftt.com *.trustarc.com s3.amazonaws.com embedwistia-a.akamaihd.net; script-src 'self' 'sha256-/k3Lky8OmuiUX6COqMxH79YVPvcq2c55gd/HqG7lsi0=' 'sha256-/W/QtVcR7XvpCfSPHfAe43UyCWy04ArWn3esUvwLQus=' 'sha256-4ogSPhBj5gyjxtI/kkTjyHlW/2tNk4FLetX3+ik9fPs=' 'sha256-8+M6mWeVaqvmXQr6ICEeK1L8fOvFp6I+bpTpkYePz0Q=' 'sha256-beC9gSgoOLBjF6WPV9h2TG/2KJvbVTctAxQ9MTMyYbk=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' 'sha256-dhwFhekPShnrWyiAriTpQlTCTxncYNMFjKcntiike8M=' 'sha256-evOIAQWlBJQ+3KMf/PHqxrFNdU5DSFFYTRb4ZcJL6jk=' 'sha256-f6kiKh1SZ2YHiwRvz1V5iix64hzoUnhgzc5t0kOcNmM=' 'sha256-fUPVzBO4Mo+NL5cVHRBbgZhsv1LF+vvQppJWvNHOPvA=' 'sha256-GIzg/vN5a9TbTavbaC/fu8ZDVJriAcj3NVOm9O9Ez7g=' 'sha256-hU4B0G69nqzy1PZ5Jda591+j5XhFOmWiX9q0zyoaMsY=' 'sha256-irDgLiTAwy41TBlsEthM8ACkswOyhizqioTpKoO+wXQ=' 'sha256-njEVDP22SRLTbvkBGYBk/bZxj3vsHZe/TM7+ykFIPtk=' 'sha256-pJ/Sj6gFFfUZXctm6johubVrAxMvdI1SMAA5/eytCPk=' 'sha256-pRMbUhnw0qjc6R64b23mwCtKdCF6fTKAYnukOH7ZzOw=' 'sha256-R9nryxYNh8QqhbOdCyNECNNMpbroEdPW9unTJqjDCAo=' 'sha256-sviMEnruQvgRGHgNssyqhuvNs7UBpfTCxN6U68FQFDM=' 'sha256-U3ZWizlkvaRmvQF3MnSSKIn0f49Urg9BnkLN+HkjGx8=' 'sha256-vNzhrX6x5GlHLXla0JcTAz/xTWTR/QYzGMg/4FvTF4E=' 'sha256-xk5ZshhV7kpsmwuy/gzaK0piBHyRHg66QcZJYEWE7EI=' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' 'sha256-vAVeEsxCCrkKn3kdxDRPzaYK3mla+jSTnrGwCq/ApJk=' 'sha256-zakVdM0lUDwY/4h92l5vwR9OF5iDvSV2P1t2I+pqAdg=' 'sha256-7j/6kZ0M/5sjXRduONqbE2Hj/QJJHQwF6uV9sH3Q4ck=' *.6sc.co *.ads-twitter.com *.ads-twitter.com *.bred4tula.com *.bugherd.com *.cloudflare.com *.demandbase.com *.google-analytics.com *.jsdelivr.net *.linkedin.com *.marketo.com *.techtarget.com *.trustarc.com *.truste.com *.twitter.com cdn.bizible.com cdn.syndication.twimg.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net fast.wistia.com fast.wistia.net js.driftt.com munchkin.marketo.net s3.amazonaws.com snap.licdn.com unpkg.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net *.marketo.com s3.amazonaws.com checkout.stripe.com fast.wistia.com fast.wistia.net fonts.googleapis.com *.typekit.net d2iiunr5ws5ch1.cloudfront.net; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 4
frame-ancestors 'self' https://*.refinitiv.com; 4
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru http://webvisor.com https://portal1.comm100.io 4
frame-ancestors 'self' http://info.barchart.com 4
default-src 'unsafe-inline' 'unsafe-eval' https: data:; object-src 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 4
frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.builder.io/ https://builder.io; report-uri /csp-violation; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://static.addtoany.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com survey.alchemer.com www.surveygizmo.com surveygizmolibrary.s3.amazonaws.com *.ytimg.com, frame-ancestors 'self' 4
object-src 'none'; frame-ancestors 'self' 4
frame-ancestors 'self' *.springernature.com; 4
frame-ancestors *.windstream.net 4
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https:; report-uri /report-csp-violation 4
default-src 'none'; script-src 'self' cdn.b0e8.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com tpc.googlesyndication.com maps.googleapis.com translate.googleapis.com api.microsofttranslator.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com go.forsta.com stats.wp.com c0.wp.com marvel-b2-cdn.bc0a.com cdn.bizible.com jobpal-sm.s3.amazonaws.com api.smooch.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com translate.googleapis.com legal.forsta.com static.smartrecruiters.com go.forsta.com c0.wp.com jobpal-sm.s3.amazonaws.com 'unsafe-inline'; frame-ancestors 'none'; frame-src play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com www.googletagmanager.com survey.us.confirmit.com go.forsta.com subscriptions.smartrecruiters.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com; connect-src 'self' go.forsta.com play.vidyard.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com www.google.com adservice.google.com maps.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.6sc.co epsilon-cloudfront.6sense.com digitalfeedback.us.confirmit.com jobpal-sm.s3.amazonaws.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com jobpal-sm.s3.amazonaws.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io https://h5api.m.taobao.com/h5/mtop.alibaba.translation.generaltranslate/1.0 https://edge.microsoft.com/translate/ https://api.cognitive.microsofttranslator.com/translate https://translate.googleapis.com; font-src 'self' data: fonts.gstatic.com legal.forsta.com jobpal-sm.s3.amazonaws.com; prefetch-src play.vidyard.com; img-src https: data:; media-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://assetscdn.stackla.com https://widget.stackla.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.googleadservices.com https://quiz.chevronstemquiz.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://*.crazyegg.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://www.chevron.com https://fonts.googleapis.com https://cdn.cookielaw.org https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://go.chevron.email; upgrade-insecure-requests; block-all-mixed-content; 4
frame-ancestors 'self' https://webvisor.com 4
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 4
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com blob:        https://www.googletagmanager.com  https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://www.gstatic.com https://static.ctctcdn.com;        img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com;        style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com;        font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;         frame-src 'self' https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com;         upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 4
img-src * data:; 4
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 4
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4
frame-ancestors 'self *.maxon.net 4
connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com http://*.datatables.net https://www.googleapis.com;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src https://hcaptcha.com https://*.hcaptcha.com *.doubleclick.net *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com http://*.googleapis.com https://*.googleapis.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com https://app.mailjet.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com *.index-education.net data:;img-src 'self' https://*.index-education.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.linkedin.com data:; 4
object-src none;font-src 'self' https: data:;img-src 'self' https: data:;upgrade-insecure-requests 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://script.hotjar.com/ https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://script.hotjar.com/modules.4511dadc364f0ee7084d.js https://script.hotjar.com/modules.7225c79fe4e29708c611.js https://www.googleadservices.com/ https://online2.superoffice.com/ https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js https://script.hotjar.com/modules.a6cfc71c5ac4549d913e.js https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/  https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 4
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com; upgrade-insecure-requests; 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline' 4
upgrade-insecure-requests; default-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.altrulabs.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.continental.com www.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.analytics.google.com *.google-analytics.com cdn.trkkn.com unpkg.com blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.continental.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net *.mouseflow.com; img-src * data:; media-src * blob:; 4
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com  dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com *.scribblecdn.net *.esg-global.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com ws.zoominfo.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com *.scribblecdn.net *.esg-global.com *.6sc.co js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.drift.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com tag.aumago.com *.google-analytics.com *.6sc.co secure.adnxs.com *.vidyard.com epsilon.6sense.com js.hs-scripts.com/20987017.js js.hs-analytics.net js.hsadspixel.net js.hs-banner.com api.hubapi.com js.hsforms.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation-db.com *.google.com *.drift.com; report-uri /admin/config/system/seckit/csp-report 4
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; 4
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com ps.w.org klasresearch.com  *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 4
frame-ancestors *.benq.com *.benq.eu 4
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com  https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io https://cdn.botframework.com; connect-src 'self' https://*.oebb.at https://obc.railcargo.com https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io https://*.playertec.de https://powerva.microsoft.com https://graph.microsoft.com https://login.microsoftonline.com https://api.siteimprove.com; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://my.walls.io https://*.vimeo.com https://service.studiobaff.com https://*.playertec.de https://login.microsoftonline.com https://live.brame-gamification.com https://www.komoot.de; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; 4
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://static.idriveonlinebackup.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 4
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 4
frame-ancestors https://accounts.cft.ru 4
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in 4
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4
frame-src 'self' https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://players.brightcove.net https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com https://*.linkedin.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self' https://*.linkedin.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://rec.smartlook.com https://vjs.zencdn.net https://players.brightcove.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.linkedin.com https://*.piwik.pro https://siteimproveanalytics.com https://*.baidu.com https://*.bdimg.com https://maps.googleapis.com; frame-ancestors 'self' https://*.linkedin.com; 4
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.facebook.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.bioz.com *.vwr.com *.googleapis.com *.facebook.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.adobedtm.com *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com; 4
frame-ancestors 'self' *.3sharecorp.com 4
default-src 'self' http://localhost:* http://127.0.0.1:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfills.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com https://web-staging.sol-data.com https://web.aips-sol.com http://*.amplitude.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com; style-src 'unsafe-inline' 'self' http://localhost:* http://127.0.0.1:* https://*.jobsdb.com/ https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.jobstreet.com/ https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:* https://web-staging.sol-data.com https://web.aips-sol.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ http://*.jobsdb.com/ https://dpm.demdex.net/ https://*.jobstreet.com/ http://*.jobstreet.co.id http://*.jobstreet.com.my http://*.jobstreet.com.ph http://*.jobstreet.com.sg https://*.jobstreet.co.id https://*.jobstreet.com.my https://*.jobstreet.com.ph https://*.jobstreet.com.sg http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com https://*.amplitude.com https://*.tealiumiq.com https://*.qualtrics.com; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com https://seekasia.demdex.net 4
default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 4
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: ; font-src http: https: data: 4
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.google.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com; img-src 'self' c.disquscdn.com referrer.disqus.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com www.google.com www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ 'sha256-dblwN9MUF0KZKfqYU7U9hiLjNSW2nX1koQRMVTelpsA=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg=' unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
frame-ancestors 'self' *.lovecrafts.com 4
img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 4
frame-ancestors 'self' *.manomano.co.uk *.manomano.de *.manomano.es *.manomano.fr *.manomano.it *.manomano.com *.manomano.tech 4
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai;  font-src    'self' data: *.googleapis.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com;  object-src  'self' ;  frame-src   'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 4
frame-ancestors 'self' https://c360.cricketwireless.com; 4
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https: wss://*.hotjar.com; img-src 'self' data: https: blob:; font-src 'self' data: https:; 4
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src blob: 4
connect-src 'self' *.cackle.me *.jivosite.com *.maps.yandex.net api-maps.yandex.ru api.hh.ru api.selectel.ru go.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://selectel.status.io/1.0/status/5980813dd537a2a7050004bd https://analytics.google.com https://api.amplitude.com https://api.mindbox.ru/ https://cackle.me https://selectel.ru https://top-fwz1.mail.ru https://tracker.esputnik.com https://tracker.softcube.com https://web.popmechanic.ru leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://*.cackle.me wss://*.jivosite.com wss://api.selectel.ru wss://chat-ru2.jivosite.com wss://node188.jivosite.com wss://ws.selectel.ru www.facebook.com www.google-analytics.com www.youtube.com https://hooks.zapier.com/hooks/catch/11509819/ https://script.google.com/macros/s/AKfycbxV2XXAR0xrDMbWAwb3zq_FLwecjfful2Co8KilO-hH9D8epb6tEML78Pq7ypkJ0dA6/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' webvisor.com my.selectel.ru promo.selectel.ru webvisor.com go.teachbase.ru learn.selectel.org; frame-src 'self' *.cackle.me api-maps.yandex.ru calc.selectel.ru go.selectel.ru googleads.g.doubleclick.net https://cackle.me https://forms.amocrm.ru/ https://optimize.google.com https://player.vimeo.com/ https://vk.com/ www.facebook.com www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' *.jivosite.com https://cdn.selectel.ru https://files.selectel.ru https://code.jivo.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cackle.me *.jivosite.com *.maps.yandex.net analytics.twitter.com api-maps.yandex.ru cdn.ampproject.org connect.facebook.net go.selectel.ru https://api.mindbox.ru/ https://cackle.me https://cdn.amplitude.com https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://dct.mango-office.ru https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://optimize.google.com https://s.ytimg.com https://script.esputnik.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://widgets.mango-office.ru https://www.google.com https://www.googleoptimize.com/optimize.js https://code.jivo.ru mc.yandex.ru pi.pardot.com selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' *.cackle.me *.jivosite.com https://cdn.selectel.ru/ https://cackle.me https://fonts.googleapis.com https://optimize.google.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://code.jivo.ru; upgrade-insecure-requests; 4
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 4
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: blob: *.sitecore.com *.sitecore.net *.hhogdev.com *.stylelabs.cloud *.googleapis.com *.gstatic.com *.azureedge.net *.bolddns.net; frame-src * 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.sitecore.com; script-src * blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline'; script-src-attr * 'self' 'unsafe-inline'; style-src * 'self' 'unsafe-inline'; style-src-elem * 'self' 'unsafe-inline'; style-src-attr * 'self' 'unsafe-inline' data:; img-src * 'self' 'unsafe-inline' data:; font-src * data: 'self' 'unsafe-inline'; connect-src *; object-src 'none'; media-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 4
frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 4
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv; 4
default-src 'self' *.crazyegg.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js  https://ajax.googleapis.com/ajax/libs/ *.modern.min.js; connect-src 'self' data: *.crazyegg.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com  https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/  https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/  https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/  https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 4
img-src https: 4
frame-ancestors 'self' https://*.salesforce.com 4
frame-ancestors 'self' *.lift.acquia.com lift.acquia.com; report-uri /report-csp-violation 4
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; connect-src 'self' https: wss://*.hotjar.com wss://*.hotjar.io 4
default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com; child-src 'self' https://*.hsforms.com 4
frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com 4
frame-ancestors 'self' https://www.growingio.com 4
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.googletagmanager.com https://static.ads-twitter.com https://snap.licdn.com https://www.googletagservices.com *.googleapis.com *.gstatic.com https://unpkg.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com downpaymentresource.com https://www.youtube.com https://mba.aristotle.com https://votervoice.net https://www.votervoice.net https://www.facebook.com *.servedbyadbutler.com servedbyadbutler.com https://servedbyadbutler.com/app.js https://www.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com *.feathr.co; style-src 'self' 'unsafe-inline' https://unpkg.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com  servedbyadbutler.com https://mba.org/fonts/842968/B8147DC6CD8754759.css https://cloud.typography.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com *.typekit.net use.typekit.net *.typography.com https://cloud.typography.com/ data:; img-src 'self' https://apps.mba.org https://match.adsrvr.org *.linkedin.com https://analytics.twitter.com https://t.co *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com servedbyadbutler.com https://www.servedbyadbutler.com *.feathr.co; media-src 'self' data: blob: https://www.youtube.com; frame-src 'self' https://ad.doubleclick.net https://www.google.com downpaymentresource.com https://www.youtube.com https://mba.aristotle.com https://www.votervoice.net https://votervoice.net https://www.facebook.com *.servedbyadbutler.com servedbyadbutler.com https://servedbyadbutler.com/app.js https://www.servedbyadbutler.com https://client.publicrelay.com https://apps.mba.org https://player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com servedbyadbutler.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com servedbyadbutler.com *.feathr.co https://2thepoint.blog/; 4
frame-ancestors 'self' funio.com; upgrade-insecure-requests; 4
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 4
frame-ancestors 'self' https://www.gi-de.com/ https://gi-de-ms.my.salesforce.com/ https://gi-de-ms--dev.my.salesforce.com/; 4
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://www.googletagmanager.com/ https://cdn.cookielaw.org/ maps.googleapis.com/ plugins.flockler.com fl-1.cdn.flockler.com  syndication.twitter.com/ ajax.aspnetcdn.com/ajax/jquery.validate/1.15.0/jquery.validate.min.js ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js analytics.twitter.com/i/adsct  c.evidon.com/sitenotice/ c.evidon.com/geo/country.js code.jquery.com/jquery-1.10.2.min.js connect.facebook.net/en_US/fbevents.js  d3js.org/d3.v3.min.js   platform.twitter.com/widgets.js s.ytimg.com/yts/jsbin/www-widgetapi-vflJFa_jA/www-widgetapi.js snap.licdn.com/li.lms-analytics/insight.old.min.js snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com/uwt.js www.google-analytics.com/analytics.js www.googletagmanager.com/gtm.js www.instagram.com/embed.js www.youtube.com/ cdnjs.cloudflare.com app.bowencraggs.com maps.googleapis.com/maps-api-v3/api/js/44/4/common.js connect.facebook.net/signals/config/;  style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com fl-1.cdn.flockler.com; object-src 'none'; base-uri 'self';  connect-src 'self' https://privacyportal-eu.onetrust.com/ https://maps.googleapis.com/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ www.google-analytics.com plugins.flockler.com optoutapi.evidon.com; font-src 'self' fonts.gstatic.com; frame-src 'self' syndication.twitter.com/ plugins.flockler.com irs.tools.investis.com otp.tools.investis.com platform.twitter.com www.instagram.com www.youtube.com; img-src 'report-sample' 'unsafe-inline' 'self' data:  https://cdn.cookielaw.org/ flockler.com c.evidon.com www.linkedin.com fl-1.cdn.flockler.com media-api.flockler.com scontent.cdninstagram.com i.ytimg.com l.evidon.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com syndication.twitter.com t.co www.facebook.com www.google-analytics.com www.googletagmanager.com p.adsymptotic.com c.evidon.com/sitenotice/images/evidon-change-alert.png https://optanon.blob.core.windows.net; manifest-src 'self'; media-src 'self';  report-uri https://5f9932cfca69962525be30e3.endpoint.csper.io/; worker-src 'none'; 4
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 4
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.esp.ownsolutions.net https://www.youtube.com; 4
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl https://thuismy.t-mobile.nl https://app.storyblok.com 4
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 4
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 4
default-src 'none';media-src 'self';style-src 'self' https: 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com ;  img-src 'self' data: cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com ; ;connect-src 'self' cdn.cookielaw.org ;manifest-src 'self' cdn.cookielaw.org; report-uri /csp_report_parser; 4
default-src https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 4
object-src 'none';frame-ancestors 'self' 4
default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.hotjar.io *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org; 4
frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 4
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 4
default-src https://*.apptio.com 'self'; script-src 'self' https://*.apptio.com https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js https://web.cvent.com https://www.cvent-assets.com https://bat.bing.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net/fullcircle.js https://dev.visualwebsiteoptimizer.com https://*.wistia.com https://*.wistia.net https://www.trustradius.com https://googleads.g.doubleclick.net https://*.clarity.ms https://js.driftt.com https://munchkin.marketo.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://tag.demandbase.com https://tracking.intentsify.io https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js https://www.google.com/pagead/conversion_async.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://src.litix.io https://*.addthis.com https://*.moatads.com https://*.addthisedge.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' blob: https://*.apptio.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fast.wistia.com https://www.cvent-assets.com https://www.gartner.com https://www.trustradius.com https://app.cdn.lookbookhq.com 'unsafe-inline'; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.apptio.com https://*.mktoresp.com https://935-cth-469.mktoutil.com https://www.facebook.com https://apptio.widen.net https://cf-store.widencdn.net/apptio https://api.company-target.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://*.wistia.com https://*.litix.io https://geolocation.onetrust.com https://*.cloudfront.net https://*.clarity.ms https://in.hotjar.com https://vc.hotjar.io https://www.trustradius.com https://jukebox.pathfactory.com https://embedwistia-a.akamaihd.net https://spcollector.pathfactory.com https://st.fullcircleinsights.com https://*.addthis.com https://www.facebook.com https://segments.company-target.com; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://*.wistia.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com https://www.gartner.com; frame-src 'self' https://*.apptio.com https://js.driftt.com https://web.cvent.com https://vars.hotjar.com https://www.facebook.com https://www.gartner.com https://fast.wistia.net https://fast.wistia.com https://maps.google.com https://www.google.com https://*.addthis.com https://*.doubleclick.net; img-src 'self' data: blob: https://*.apptio.com https://*.bing.com https://*.clarity.ms https://cdn.shortpixel.ai https://s.w.org https://*.cloudfront.net https://*.wistia.com https://*.visualwebsiteoptimizer.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://id.rlcdn.com https://match.prod.bidr.io https://*.linkedin.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://segments.company-target.com https://*.adsymptotic.com https://cdn.cookielaw.org https://reviews.static.gartner.com https://cdn.pathfactory.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://js.driftt.com; worker-src https://*.apptio.com blob: 'self'; 4
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com *.medical-xprt.com medical-xprt.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com braintree-api.com *.braintree-api.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com *.d35rpq4gusjz9h.cloudfront.net d35rpq4gusjz9h.cloudfront.net americanexpress.com *.americanexpress.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com *.medical-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com medical-xprt.com 4
default-src 'self'; connect-src 'self' stats.g.doubleclick.net api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net forms.hsforms.com forms.hs-forms.com hubspot-forms-static-embed.s3.amazonaws.com js.usemessages.com js.hs-banner.com; prefetch-src 'self' js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' use.typekit.net data:; frame-src app.hubspot.com player.vimeo.com bid.g.doubleclick.net forms.hsforms.com; img-src 'self' data: wp.ocelotbot.com googleads.g.doubleclick.net secure.gravatar.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com ws.zoominfo.com googleads.g.doubleclick.net www.googleadservices.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com js.hsforms.net forms.hsforms.com forms.hs-forms.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 4
default-src 'self' *.ing.pl *.e-point.pl *.adocean.pl *.google.com *.ingbank.pl https://ing.pl https://analytics.google.com; font-src 'self' *.ingbank.pl *.googleusercontent.com data: *.google.com *.gstatic.com *.ing.pl www.googletagmanager.com *.e-point.pl https://ing.pl https://analytics.google.com *.googleapis.com; style-src 'self' 'unsafe-inline' code.jquery.com *.google.com *.ingbank.pl *.e-point.pl *.ing.pl www.googletagmanager.com *.twitter.com *.gstatic.com https://ing.pl https://analytics.google.com *.ytimg.com *.twimg.com *.googleapis.com; img-src 'self' data: *.ggpht.com *.adocean.pl *.e-point.pl www.google.pl *.googleusercontent.com *.akamaized.net *.gstatic.com ingbankslaski.d2.sc.omtrdc.net *.domy.pl www.googletagmanager.com *.demdex.net *.google.com *.glosdlafirm.pl *.ing.pl https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.hit.gemius.pl *.google-analytics.com *.twitter.com *.doubleclick.net https://ing.pl *.cdngr.pl *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://analytics.google.com *.analytics.google.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.youtube.com *.googleapis.com; frame-src 'self' *.tradedoubler.com *.ing.pl www.googletagmanager.com *.demdex.net *.e-point.pl *.google.com *.hit.gemius.pl *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl *.twitter.com https://ing.pl *.pl.ing-ad https://analytics.google.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com *.googleusercontent.com ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.google.com *.gstatic.com *.ing.pl *.demdex.net www.googletagmanager.com www.googleadservices.com *.twitter.com *.e-point.pl *.adocean.pl https://ing.pl https://analytics.google.com https://www.googleoptimize.com https://ireland.apollo.olxcdn.com *.ytimg.com *.twimg.com *.youtube.com *.googleapis.com; object-src 'self' *.ingbank.pl *.ing.pl www.googletagmanager.com *.e-point.pl https://ing.pl; connect-src 'self' *.e-point.pl *.adocean.pl *.demdex.net www.googletagmanager.com *.ing.pl ingbankslaski.d2.sc.omtrdc.net ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com *.doubleclick.net *.ingbank.pl *.twitter.com *.hit.gemius.pl https://ing.pl https://analytics.google.com *.googleapis.com *.analytics.google.com; frame-ancestors 'self' *.ingbank.pl *.ing.pl *.demdex.net www.googletagmanager.com *.e-point.pl https://ing.pl; 4
frame-ancestors 'self' blank;object-src 'self' blank; 4
default-src 'self' https:; img-src 'self' https: data:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; object-src 'none' 4
font-src https: data:; img-src https: data:; 4
frame-ancestors 'self' https://*.cemex.com https://*.podlaha.cz https://*.beton.cz https://*.valcovany-beton.cz https://www.construrama.com; img-src 'self' data: https://cdn-web.cemex.com https://cdn-web-qa.cemex.com https://cdn-web-intdev.lfgwcemex.services https://cxcdn.lfgwcemex.services https://liferayprod.cemex.com https://assets.cemex.com https://cemex.imgix.net https://aivo-assets.s3.amazonaws.com https://www.facebook.com/tr/ https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/images/ https://googleads.g.doubleclick.net/ https://www.linkedin.com/px/ https://px.ads.linkedin.com https://p.adsymptotic.com/d/px/ https://c.contentsquare.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://c.seznam.cz https://npmcdn.com/leaflet@0.7.3/dist/images/ https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/ https://s916025651.t.eloqua.com https://tags.bluekai.com https://service.maxymiser.net https://www.google.com/ https://www.google.com.mx/ https://www.google.fr/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.hr/ https://www.google.cz/ https://www.google.de/ https://www.google.com.do/ https://www.google.com.eg/ https://www.google.com.gt/ https://www.google.lv/ https://www.google.com.ni/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pr/ https://www.google.es/ https://www.google.ae/ https://www.google.co.uk/ https://www.google.com.sv/; 4
frame-ancestors "self" www.charleskeith.com www.pedroshoes.com 4
default-src 'self' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.cdninstagram.com *.clickdimensions.com *.comaweb.de data: *.easyway.site edge.marker.io *.elfsquad.io www.facebook.com *.fbcdn.net *.firebot.io *.flockler.com flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.iconfinder.com *.ingest.sentry.io *.licdn.com *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com snap.licdn.com ssr.marker.io *.twimg.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net *.bootstrapcdn.com *.clickdimensions.com *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me snap.licdn.com ssr.marker.io *.webasto.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.marker.io app.marker.io *.aticdn.net bat.bing.com *.bootstrapcdn.com cdn.matomo.cloud *.clickdimensions.com https://connect.facebook.net/ *.easyway.site edge.marker.io *.elfsquad.io *.firebot.io firebot.io *.flockler.com *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.ingest.sentry.io *.linkedin.com marker.io *.msecnd.net *.netrk.net *.outbrain.com outlook.office365.com prod.purechatcdn.com pubads.g.doubleclick.net *.purechat.com *.randomuser.me randomuser.me snap.licdn.com ssr.marker.io *.usercentrics.eu *.webasto.com webasto.matomo.cloud *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 4
frame-ancestors 'self' ppe.sps.honeywell.com; 4
frame-ancestors  https://*.netinfo.bg/ 4
default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' https: 4
frame-ancestors 'self'; report-uri https://www.goodnes.com/report-uri/enforce 4
frame-src 'self' *.bilimal.kz *.pscloud.io *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz *.2gis.com; frame-ancestors *; script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *.bilimal.kz *.pscloud.io *.object.pscloud.io *.officeapps.live.com *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.youtube.com *.google.com *.e-daryn.kz *.elumiti.kz *.fpp.kz; default-src * data: 'unsafe-eval' 'unsafe-inline'; 4
frame-ancestors https://*.flexera.com https://*.revenera.com https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; 4
frame-ancestors https://*.1-grid.com/ 'self'; 4
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 4
default-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.cloudfront.net *.youtube.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.bizible.com *.engagio.com *.googletagmanager.com *.google.com *.cookiebot.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.licdn.com *.bing.com *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.joinsherpa.io *.wistia.net *.airpr.com *.marketo.net *.zdassets.com *.zopim.com *.demandbase.com *.zoominfo.com *.expedia.com *.googleoptimize.com *.clarity.ms; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googleapis.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.joinsherpa.io; img-src  'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.gstatic.com *.expedia.com *.bizible.com *.google-analytics.com *.linkedin.com *.adsymptotic.com *.bing.com *.doubleclick.net *.facebook.com data: *.joinsherpa.io *.joinsherpa.com *.airpr.com *.bizibly.com *.zopim.io *.zoominfo.com *.clarity.ms; media-src 'self' *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.youtube.com *.wistia.com *.vimeo.com *.zdassets.com *.cloudfront.net; frame-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us; frame-ancestors 'self' egencia.lookbookhq.com egencia.pathfactory.com discover.egencia.com community.egencia.com egencia--sitestudio.eu25.force.com developers.egencia.com; child-src www.google.com *.gstatic.com *.youtube.com *.egencia.com *.youtube.com *.wistia.com *.vimeo.com blob:; font-src  'self' *.amazonaws.com *.cloudfront.net fonts.gstatic.com fonts.googleapis.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro data: *.joinsherpa.io; connect-src 'self' *.google-analytics.com *.joinsherpa.io *.joinsherpa.com *.mktoresp.com *.zdassets.com *.zopim.com *.company-target.com wss://widget-mediator.zopim.com dpm.demdex.net *.expedia.com wss://*.iot.us-west-2.amazonaws.com *.clarity.ms; upgrade-insecure-requests 4
default-src 'self' https://viademo.via.aspect-cloud.net *.jwplayer.com *.jwpsrv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net ssl.p.jwpcdn.com *.pardot.com *.hotjar.com *.cookiebot.com *.bizible.com *.bizibly.com *.cloudfront.net st1.dialogtech.com *.cloudflare.com https://snap.licdn.com *.clarity.ms *.linkedin.com *.gartner.com *.capterra.com *.g2.com *.jwplayer.com *.alvaria.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.pardot.com st2.dialogtech.com *.cloudflare.com *.gartner.com *.capterra.com *.g2.com *.jwplayer.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com ssl.p.jwpcdn.com *.pardot.com *.gartner.com *.capterra.com *.g2.com *.jwplayer.com st2.dialogtech.com data:; img-src 'self' *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com *.jwplayer.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com jwpltx.com *.pardot.com st2.dialogtech.com data: blob: *.eloqua.com track.hubspot.com via.placeholder.com *.bizible.com *.bizibly.com *.clarity.ms *.adsymptotic.com *.gartner.com *.capterra.com *.g2.com; media-src 'self' *.azureedge.net vod-progressive.akamaized.net st2.dialogtech.com *.vimeo.com *.vimeocdn.com *.magisto.com *.akamaized.net *.jwplayer.com *.jwpsrv.com data: blob:; form-action 'self' https://viademo.via.aspect-cloud.net https://jobs.aspect.com/ *.jwplayer.com; frame-src 'self' *.getfeedback.com *.jwplayer.com https://go.pardot.com https://go2.alvaria.com https://go2.aspect.com *.hotjar.com *.cookiebot.com *.clarity.ms https://viademo.via.aspect-cloud.net *.gartner.com *.capterra.com *.g2.com *.aspect.com *.vimeo.com *.vimeocdn.com *.magisto.com *.akamaized.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com go2.aspect.com go2.alvaria.com *.pardot.com *.hotjar.com *.jwplayer.com *.cookiebot.com *.bizible.com *.bizibly.com *.clarity.ms https://viademo.via.aspect-cloud.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.jwplayer.com *.pardot.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.bizible.com *.bizibly.com *.clarity.ms https://viademo.via.aspect-cloud.net; object-src *.clarity.ms *.jwplayer.com; 4
upgrade-insecure-requests; default-src 'self'; frame-src 'self' *.googleapis.com *.lamapoll.de *.microsoftonline.com *.podigee.com *.podigee-cdn.net *.tuvnordegypt.com *.yammer.com lamapoll.de microsoftonline.com partner.vytal.org www.google.com www.youtube-nocookie.com www.youtube.com yammer.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.bing.com *.googleapis.com *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.walkme.com tuev-nord.de www.nord-kurs.de www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.assets-yammer.com *.bing.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.jquery.com *.lamapoll.de *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.userlike.com *.walkme.com assets-yammer.com connect.facebook.net f.vimeocdn.com hs-analytics.net lamapoll.de tuev-nord.de tuvnordvietnam.com.vn www.google-analytics.com www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.nord-kurs.de www.youtube.com blob:; font-src 'self' *.amazonaws.com *.bing.com *.cloudfront.net *.gstatic.com *.podigee.com *.podigee-cdn.net *.tuev-nord.de tuev-nord.de www.nord-kurs.de data:; connect-src 'self' *.amazonaws.com *.bbbserver.de *.bing.com *.clarity.ms *.consentmanager.mgr.consensu.org *.doubleclick.net *.googleapis.com *.herokuapp.com *.tuev-nord.de *.userlike.com bbbserver.de tuev-nord.de wss://tuev-academy-chatbot.herokuapp.com wss://umd.userlike.com www.google-analytics.com www.youtube.com www.nord-kurs.de; img-src * data:; media-src * blob:; 4
base-uri self 4
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net; report-uri /report-csp-violation 4
frame-ancestors 'self' https://*.ardxdigital.com; 4
default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com https://zn03toxqjbt4lyznh-expediainc.siteintercept.qualtrics.com data: 'unsafe-eval' 'unsafe-inline' 4
object-src 'self'; base-uri 'none' 4
default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com; font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net blog.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net  https://app httpsdelen://app  https://oyensappsimulator.acpt.delen.be   https://delenappsimulator.acpt.delen.be   https://login.acpt.delen.be   https://online.acpt.delen.bank  https://loginoyens.acpt.delen.be   https://delenappsimulator.acpt.delen.lu   https://delenchappsimulator.acpt.delen.lu  https://login.acpt.delen.lu  https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com blog.delen.bank; 4
script-src 'self' ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com 'unsafe-inline' 'unsafe-eval' 4
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 4
frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 4
manifest-src 'self' *.mywebinar.net;default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.net *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net;frame-src 'self' *.mywebinar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io;font-src 'self' data: *.mywebinar.net *.mywebinar.io;object-src 'self' *.mywebinar.net *.mywebinar.io; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 4
frame-src 'self' 4
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; img-src 'self' editor.ne16.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; report-uri /Reports/LogCspError.ashx; 4
default-src https: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com www.googletagmanager.com static.zdassets.com maps.googleapis.com snapwidget.com fonts.googleapis.com ekr.zdassets.com maps.gstatic.com cableone.zendesk.com widget-mediator.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net wss://widget-mediator.zopim.com bat.bing.com *.google-analytics.com static.hotjar.com www.googleadservices.com connect.facebook.net cltgtstor001.blob.core.windows.net js.adsrvr.org *.fls.doubleclick.net *.g.doubleclick.net *.hotjar.com cdn.polyfill.io insight.adsrvr.org targetuscentral.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com *.hotjar.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us; img-src 'self' data: maps.gstatic.com www.cableone.net www.sparklight.com *.fls.doubleclick.net www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 4
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be www.lifewatch.be lifewatch.be www.seachangeproject.eu seachangeproject.eu www.emodnet-biology.eu emodnet-biology.eu; 4
frame-ancestors 'self' https://content.amplience.net; 4
style-src https: 'unsafe-inline' 4
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src 'unsafe-inline' 'unsafe-eval' https: data: 4
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4
upgrade-insecure-requests; frame-ancestors 'self' www.newamericanfunding.com thebrokernetwork.com www.thebrokernetwork.com qa.thebrokernetwork.com staging.thebrokernetwork.com uat.thebrokernetwork.com; default-src 'unsafe-eval' 'unsafe-inline' data: https:; script-src 'unsafe-eval' 'unsafe-inline' data: https: blob:; style-src 'unsafe-inline' data: https:; img-src data: https:  blob:; font-src data: https:; connect-src https: blob:; media-src data: https: blob:; object-src https:; frame-src data: https:; child-src data: https: blob:; form-action https:; 4
frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.reciteme.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.criteo.com *.criteo.net *.googleapis.com *.facebook.net *.twitter.com *.instagram.com *.reciteme.com; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.criteo.com *.criteo.net *.googleapis.com *.ingest.sentry.io *.dkms.org *.dkms.de *.dkms-bmst.org *.dkms.org.uk *.dkms.org *.dkms.pl *.dkms.cl *.dkms-africa.org *.dkms-lab.de *.reciteme.com https://connect.facebook.net https://platform.twitter.com https://platform.twitter.com; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.facebook.com  *.gstatic.com *.googleapis.com *.reciteme.com *.snapscan.io *.zapper.com *.ytimg.com; font-src 'self' data: *.gstatic.com *.reciteme.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.reciteme.com *.youtube-nocookie.com *.twitter.com *.facebook.com *.instagram.com *.criteo.com *.piwik.pro; object-src 'none'; form-action 'self'; 4
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 4
frame-ancestors 'self' https://*.ci360.sas.com; 4
frame-ancestors 'self' shopmetrics.com gigspot.com 4
frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 4
frame-ancestors 'self' weleda.sabio.de 4
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; object-src 'none' 4
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 4
default-src https: ws: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://affiliate.fwd.com.ph https://portal.fwd.com.vn https://affiliate.ifwd.co.id https://www.fwd.com.my; 4
default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf https://opt-out.ferank.eu https://*.hotjar.com; media-src 'self' https://ooyalaeuwest.streaming.mediaservices.windows.net blob: https://www.tntv.pf https://www.youtube.com https://www.dailymotion.com https://*.hotjar.com https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://*.2mdn.net/ https://*.gvt1.com/; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://player.ooyala.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://ssl.google-analytics.com https://player.ooyala.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagservices.com https://adservice.google.fr https://adservice.google.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://connect.facebook.net https://platform.twitter.com https://analytics.ooyala.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://s0.2mdn.net https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr http://player.ooyala.com http://players.brightcove.net https://players.brightcove.net https://vjs.zencdn.net https://analytics.ooyala.com/ https://www.instagram.com http://*.opta.net https://*.opta.net https://acdn.adnxs.com https://*.hotjar.com https://*.privacy-center.org https://js-cdn.dynatrace.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://player.ooyala.com/ https://platform.twitter.com https://www.youtube.com https://www.dailymotion.com https://opt-out.ferank.eu http://opt-out.ferank.eu http://players.brightcove.net https://players.brightcove.net https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://www.instagram.com http://*.opta.net https://*.opta.net https://*.hotjar.com; child-src 'self' blob: https://*.myligue.fr https://www.google.com/ https://*.googlesyndication.com https://player.ooyala.com/ https://platform.twitter.com/ https://staticxx.facebook.com/ https://syndication.twitter.com/ https://widgets.lfp.stats.com https://l.ooyala.com/ https://imasdk.googleapis.com/ https://www.youtube.com https://www.dailymotion.com https://cartemercatoligue1.com https://11type.lfp.fr https://story.tl https://*.ausha.co https://taghcountdown.909c.fr https://snapshots.playingsurface.net http://player.ooyala.com http://players.brightcove.net http://players.brightcove.net http://l.ooyala.com https://twitter.com https://www.facebook.com https://m.facebook.com https://www.instagram.com https://imasdk.googleapis.com http://imasdk.googleapis.com https://www.google-analytics.com http://www.google-analytics.com https://www.sporcle.com https://*.hotjar.com https://*.spotify.com/ https://*.global-mmk.com https://platform.global-mmk.com/LFPMaps/Broadcasters/Index https://*.linkedin.com/; img-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com data: https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://lfpimageproxy.azureedge.net https://secure-cf-c.ooyala.com https://player.ooyala.com https://www.blogduparieur.com https://publish.lfpstg.ooflex.net  https://syndication.twitter.com/ https://abs.twimg.com https://platform.twitter.com https://pbs.twimg.com https://www.youtube.com https://www.dailymotion.com https://www.google-analytics.com http://www.google-analytics.com https://story.tl https://widget.ausha.co https://taghcountdown.909c.fr https://metrics.brightcove.com http://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://www.instagram.com https://cf-images.eu-west-1.prod.boltdns.net http://cf-images.eu-west-1.prod.boltdns.net https://tarteaucitron.io http://*.opta.net https://*.opta.net https://lspprdglcdn.azureedge.net https://ib.adnxs.com https://*.hotjar.com https://*.privacy-center.org https://play-lh.googleusercontent.com; connect-src 'self' https://*.doubleclick.net https://www.google-analytics.com https://dc.services.visualstudio.com https://metrics-api.librato.com https://player.ooyala.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com http://edge.api.brightcove.com http://player.ooyala.com http://manifest.prod.boltdns.net http://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.privacy-center.org; frame-ancestors 'self'; 4
default-src * 'unsafe-inline' data: 'unsafe-eval'; 4
frame-ancestors 'self' https://login.dvci.uk.pt-x.com https://login.dvqa.uk.pt-x.com https://login.uat.uk.pt-x.com https://login.go.pt-x.com https://dvci.uk.pt-x.com https://login.demo.uk.pt-x.com https://login.cat.uk.pt-x.com https://login.vf.pt-x.com http://localhost:9999 https://secure.emandates.co.uk https://uat.emandates.co.uk https://datamart.emandates.co.uk https://sandbox.emandates.co.uk https://demonstration.emandates.co.uk; 4
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4
frame-ancestors 'self' https://*.probikeshop.fr https://*.probikeshop.it https://*.bikeshop.es https://*.probikeshop.de https://*.probikeshop.pt https://*.probikeshop.com https://*.probikeshop.ch; 4
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4
frame-src *; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com *.zingtree.com 4
frame-ancestors 'self' olacabs.com *.olacabs.com; 4
default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.g2.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://proxy.g2.ay.prod.3whst.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com http://script.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.g2.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com *.twitter.com *.google.com *.googleapis.com *.facebook.com *.facebook.net *.youtube.com *.s7.addthis.com *.addthis.com *.addthisedge.com *.gstatic.com www.gstatic.com fonts.gstatic.com *.google-analytics.com *.googletagmanager.com z.moatads.com uat2.enets.sg test.enets.sg www.enets.sg www.commzgate.net *.app.keyreply.com cdn.polyfill.io webchat.botbot.ai; style-src 'self' 'unsafe-inline' 'unsafe-eval' translate.google.com translate.googleapis.com keyreply.blob.core.windows.net; object-src 'none'  4
default-src 'self' http: https:  cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 4
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 4
frame-ancestors 'self' https://*.moody.edu 4
default-src * 'unsafe-eval'; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 4
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 4
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 4
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 4
frame-ancestors 'self' *.usabilla.com https://frontend.pttn.com https://d6tizftlrpuof.cloudfront.net; 4
frame-ancestors 'self' http://webvisor.com https://webvisor.com 4
img-src *;font-src * 4
default-src 'self' data: file: blob: filesystem: *.advarra.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.advarra.com *.cookiepro.com *.googleapis.com *.driftt.com *.drift.com *.demandbase.com *.facebook.com *.facebook.net *.fbevents.js *.google-analytics.com *.googlesyndication.com *.google.com *.googleadservices.com 811597963.privacysandbox.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.hotjar.com *.licdn.com px.ads.linkedin.com *.litix.io *.marketo.com *.marketo.net *.newrelic.com *.nr-data.net *.omappapi.com *.onetrust.com plausible.io *.plausible.io *.surveymonkey.com *.ads-twitter.com *.twitter.com *.wistia.com *.wistia.net *.zoominfo.com; style-src 'self' 'unsafe-inline' *.advarra.com *.cookiepro.com *.google.com *.googletagmanager.com *.googleapis.com *.marketo.com *.omappapi.com *.typekit.net; img-src 'self' data: a.omappapi.com *.advarra.com *.adsymptotic.com *.cookiepro.com *.facebook.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googletagmanager.com *.googleadservices.com *.rlcdn.com match.prod.bidr.io region1.google-analytics.com region1.analytics.google.com segments.company-target.com *.twitter.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.gravatar.com t.co px.ads.linkedin.com px4.ads.linkedin.com *.linkedin.com; font-src 'self' data: *.typekit.net fonts.gstatic.com; connect-src 'self' *.advarra.com *.cookiepro.com *.company-target.com *.fbevents.js *.facebook.com *.google.com *.googlesyndication.com www.google-analytics.com wss://*.hotjar.com *.hotjar.com wss://ws10.hotjar.com ws10.hotjar.com *.hotjar.io *.omappapi.com *.litix.io *.mktoresp.com *.mktoutil.com *.nr-data.net stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.onetrust.com plausible.io *.plausible.io *.zoominfo.com; media-src 'self' data: file: blob: filesystem: *.advarra.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net; object-src *; frame-src 'self' *.advarra.com *.driftt.com *.facebook.com bid.g.doubleclick.net *.hotjar.com *.google.com *.googlesyndication.com *.marketo.com t.co *.surveymonkey.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com *.youtube.com *.youtube-nocookie.com; frame-ancestors 'self' *.advarra.com *.forteresearch.com *.forteresearchapps.com *.nimblify.com *.tableau.com; block-all-mixed-content 4
'' 4
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * blob: ; object-src * ; child-src * ; frame-src * ; worker-src * blob: ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 4
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 4
default-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net;script-src 'self' *.pcdn.co *.dgepress.com *.cloudfront.net cdn.rawgit.com code.jquery.com platform.twitter.com cdnjs.cloudflare.com api-6fce660a.duosecurity.com ajax.googleapis.com cdn.datatables.net *.streamhub.tv *.streamhub.io link.theplatform.com js-agent.newrelic.com bam.nr-data.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com cdnjs.cloudflare.com platform.twitter.com ajax.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net 'unsafe-inline';img-src * data:;font-src * data:;frame-src 'self' *.dgepress.com *.pcdn.co *.cloudfront.net player.vimeo.com duo.com *.duosecurity.com duomobile.s3-us-west-1.amazonaws.com platform.twitter.com;connect-src 'self' *.pcdn.co *.dgepress.com cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net link.theplatform.com stats.streamhub.io disabcpress-vh.akamaihd.net bam.nr-data.net;media-src 'self' *.pcdn.co *.dgepress.com disabcpress-vh.akamaihd.net dge.akamaized.net cdn.rawgit.com code.jquery.com platform.twitter.com api-6fce660a.duosecurity.com cdn.datatables.net blob:;worker-src 'self' *.pcdn.co *.dgepress.com blob: 4
object-src 'unsafe-inline' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://twitter.com https://platform.twitter.com  https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://*.ggpht https://maps.google.com https://*.google.com https://www.dmi.dk 4
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 4
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 4
frame-ancestors 'self' dna.duravit.com *.staffbase.com ; 4
report-uri 4
Content-Security-Policy-Report-Only 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.csgofast.com upi.csgofastbackend.com cdn.csgfst.org *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com d1zi9q96rsh4iw.cloudfront.net;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.devfast.io *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com *.ajdfbkjab.ru wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com wss://*.devfast.io *.csgofast.com wss://*.csgofast.com *.csgofast123.com wss://*.csgofast123.com *.csgofast.tl wss://*.csgofast.tl *.csgocasino.ru wss://*.csgocasino.ru *.csgofast.ru wss://*.csgofast.ru *.dapubg.net wss://*.dapubg.net *.gojackpod.com wss://*.gojackpod.com *.rusgofast.ru wss://*.rusgofast.ru *.dapubg.com wss://*.dapubg.com *.csgofast4.com wss://*.csgofast4.com *.rucsgofast.ru wss://*.rucsgofast.ru *.pubgfast.com wss://*.pubgfast.com *.csgofastbackend.com wss://*.csgofastbackend.com *.cs2gofast.com wss://*.cs2gofast.com *.opdota2.com wss://*.opdota2.com *.demofast.ru wss://*.demofast.ru *.demogofast.com wss://*.demogofast.com *.csgetfast.com wss://*.csgetfast.com *.gainskins.com wss://*.gainskins.com *.casecsgo.com wss://*.casecsgo.com wss://*.xcsgofast.ru *.xcsgofast.ru wss://*.xcsgofast.com *.xcsgofast.com wss://*.csgofastx.com *.csgofastx.com wss://*.csgofastx.ru *.csgofastx.ru wss://*.csgfst.org *.csgfst.org;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com slots-prod.csgofastbackend.com d1phhoo4f618zo.cloudfront.net *.csgofast.com *.csgofast123.com *.csgofast.tl *.csgocasino.ru *.csgofast.ru *.dapubg.net *.gojackpod.com *.rusgofast.ru *.dapubg.com *.csgofast4.com *.rucsgofast.ru *.pubgfast.com *.csgofastbackend.com *.cs2gofast.com *.opdota2.com *.demofast.ru *.demogofast.com *.csgetfast.com *.gainskins.com *.casecsgo.com *.xcsgofast.ru *.csgofastx.com *.csgofastx.com *.xcsgofast.com *.csgfst.org;object-src 'none';report-uri //in.csgofast.com/csp; 4
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' data: *;connect-src * 4
object-src 'self' *; 4
frame-ancestors 'self' *.memberconnex.com 4
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' https://*.facebook.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.cavulus.com https://*.darwinrx.com https://*.google.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com; img-src * data:;script-src 'self' https://*.facebook.net https://ajax.googleapis.com https://amerihealth.enroll.cavulus.com https://*.google.com https://formularynavigator.com https://pr-cpt-ap-lx.amerihealthcaritas.com https://stats.g.doubleclick.net https://*.time.ly https://*.cavulus.com https://*.darwinrx.com https://*.amerihealthcaritas.com https://*.auntbertha.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.crownpeak.com https://*.crownpeak.net https://*.doubleclick.net https://*.formularynavigator.com https://*.google-analytics.com https://*.googletagmanager.com https://*.icontact.com https://*.serving-sys.com https://*.time.ly https://*.youtube.com https://*.ytimg.com https://*.gstatic.com 'unsafe-inline' 'unsafe-eval' ;style-src 'self' https://app.icontact.com https://fonts.googleapis.com https://*.google.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com 'unsafe-inline' ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; 4
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 4
frame-ancestors 'self' *.authorize.net 4
frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com 4
frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch 4
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: 4
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://www.googleanalytics.com https://www.google-analytics.com https://*.googleoptimize.com https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://maps.googleapis.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.gstatic.com https://www.googleadservices.com https://*.clicktripz.com https://cdn.ampproject.org https://*.facebook.net https://*.fontawesome.com https://*.clicktripz.com; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://*.googletagmanager.com https://*.googleoptimize.com https://optimize.google.com; frame-src 'self' https://*.googleoptimize.com https://optimize.google.com https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr; base-uri 'self' i.checkmybus.com 4
unsafe-inline 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com *.youtube.com; img-src 'self' data: *.google.ch *.google.com *.googleapis.com  *.gstatic.com *.google-analytics.com *.ytimg.com 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 4
frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 4
default-src https: mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 4
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com https://*.loja.olx.pt 4
frame-ancestors 'self' https://*.ariba.com https://fswlcdcqvm01.nyumc.org:8071 https://peoplesoftfscm.nyumc.org https://fswlcdcpvm01.nyumc.org:8236 4
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://wuzwyw4b.uriports.com/reports; report-to endpoint-1; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 4
frame-ancestors 'self'                     https://tijdelijk.rvr.org          https://www.ouders-uit-elkaar.nl          https://ouders-uit-elkaar.nl          https://www.rvr.org          https://redactie.rvr.org          https://www.raadvoorrechtsbijstand.org          https://www.bureauwsnp.nl    https://www.bureauwbtv.nl   https://rechtwijzer.nl    https://www.rechtwijzer.nl    https://www.rechtsbijstand.nl    https://rechtsbijstand.nl 4
upgrade-insecure-requests; report-uri 4
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 4
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 4
base-uri 'none'; default-src: 'none'; block-all-mixed-content 4
default-src 'self' *.googlesyndication.com *.hotjar.com; connect-src 'self' wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.googlesyndication.com *.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com securepubads.g.doubleclick.net stats.g.doubleclick.net *.gstatic.com *.google-analytics.com *.bugsnag.com *.biznettechnologies.com ws://*.biznettechnologies.com wss://*.biznettechnologies.com *.zuppler.com ws://*.zuppler.com wss://*.zuppler.com *.braintreegateway.com *.braintree-api.com *.stripe.com *.worldpay.com  *.usersnap.com *.yimg.com; frame-src 'self' youtube.com www.youtube.com *.google.com *.googlesyndication.com *.googleapis.com aexp.demdex.net *.aexp.demdex.net  *.omtrdc.net *.hotjar.com *.braintreegateway.com; style-src 'self' 'unsafe-inline' *.googleapis.com cloud.typography.com skymilesdining.com *.hotjar.com hello.myfonts.net/count/3b4b0c; font-src 'self' *.hotjar.com data: *.zopim.com *.gstatic.com; img-src 'self' cdn.buttercms.com *.zopim.io *.zopim.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com *.zuppler.com dbgcbnch6yz43.cloudfront.net *.hotjar.com  *.usersnap.com *.gravatar.com *.wp.com *.yahoo.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org *.hotjar.com nexus.ensighten.com *.netlify.com *.netlify.app *.biznettechnologies.com *.zuppler.com *.stripe.com *.worldpay.com *.usersnap.com *.facebook.net *.yimg.com; form-action 'self'; media-src 'self' cdn.buttercms.com; 4
default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 4
frame-ancestors 'self' bid.g.doubleclick.net; script-src *.clarity.ms *.hs-analytics.net *.hs-banner.com *.hs-scripts.com bat.bing.com ct.capterra.com googleads.g.doubleclick.net myintervals.cdnedge.bluemix.net ssl.google-analytics.com stats.myintervals.com www.clarity.ms www.getapp.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com 'self' 'unsafe-inline'; object-src 'none' 4
default-src 'self' *.autofactpro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com optimize.google.com analytics.google.com script.crazyegg.com user-event-tracker.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/* browser.sentry-cdn.com *.mkt.autofact.cl mkt.autofact.qa *.mkt.autofact.qa optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com apis.google.com www.youtube.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; img-src 'self' https://script.hotjar.com http://script.hotjar.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net *.match.autofact.qa *.match.autofact.cl data: www.google-analytics.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com https://*.hotjar.com:* *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com https://vars.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com  *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com *.match.autofact.qa *.match.autofact.cl www.google.com www.youtube.com www.facebook.com web.facebook.com staticxx.facebook.com accounts.google.com bid.g.doubleclick.net *.culqi.com *.pagoefectivo.pe; object-src 'self' *.autofactpro.com *.autofact.cl; connect-src 'self' http://*.hotjar.com:* *.delighted.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com ampcid.google.com sentry.io *.google.cl www.google-analytics.com optimize.google.com analytics.google.com ampcid.google.com ampcid.google.cl 54.242.242.218 *.mkt.autofact.cl *.mkt.autofact.qa *.ampproject.org *.ampproject.net *.autofactpro.com autofact.cl *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org *.ampproject.net www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com https://plugin.autentia.mb:7777; 4
require-trusted-types-for 'script';report-uri /_/GeoMerchantPrestoSiteUi/cspreport 4
manifest-src 'self' https://*.ng-source.com 4
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 4
frame-ancestors 'self' *.plentymarkets-cloud-ie.com 4
frame-ancestors *.nordangliaeducation.com *.tfaforms.net 'self' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com analytics.ajla.net bam.nr-data.net 4
block-all-mixed-content;upgrade-insecure-requests; 4
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: http://127.0.0.1:8801 http://www.cockovnik.cz http://www.vasecocky.cz http://www.lentiamo.cz; frame-ancestors 'self' 4
frame-ancestors 'self' https://*.biahosted.com https://*.paymentiq.io https://*.safecharge.com 4
default-src * 'unsafe-inline' 'unsafe-eval' data:;frame-ancestors 'self' http://localhost 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self'; 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 4
default-src 'self' http: https: wss: *.firebaseio.com *.yandex.ru *.google.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://codesbro.com/ https://brocode1s.com/ https://edgrmtracking.com/   https://yandex.ru/ads/system/context.js *.firebaseio.com *.landbot.io https://cdn.chatbot.com https://edugrampromo.com https://edgrmtracking.com  https://widget.my.feedot.com/ https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com  *.google.com.ua *.google.am *.google.at *.google.az *.google.be *.google.br *.google.by *.google.ca *.google.ch *.google.cn *.g.cn *.google.cy *.google.cz *.google.de *.google.ee *.google.fr *.google.ge *.google.gr *.google.hu *.google.id *.google.ie *.google.il *.google.in *.google.it *.google.jp *.google.kg *.google.kz *.google.lt *.google.lv *.google.md *.google.me *.google.nl *.google.pl *.google.ro *.google.ru *.google.tm *.google.com.tr *.google.co.uk *.google.us *.google.co.uz *.google.com.sg *.googlesyndication.com;  img-src 'self'  data: *.landbot.io https://cdn.chatbot.com https://edugrampromo.com *.alicdn.com *.gstatic.com  *.yandex.ru *.yandex.net  https://wcm-ru.frontend.weborama.fr https://www.tns-counter.ru https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.landbot.io fonts.googleapis.com *.google.com *.googlesyndication.com; font-src 'self' *.landbot.io *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 4
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 4
default-src 'self'  'unsafe-inline' 'unsafe-eval' ;script-src 'self' https://www.paypal.com https://www.paypalobjects.com https://connect.facebook.net  'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://www.facebook.com *.fbcdn.net  data:;connect-src 'self' https://www.facebook.com https://graph.facebook.com *.googleapis.com *.googleapis.com  data:;worker-src *;frame-src *; 4
default-src *; script-src 'self' 'unsafe-inline' *.livechatinc.com *.breadpayments.com 'unsafe-eval' *.breadpayments.com *.livechatinc.com *.clarity.ms *.produs1.ciscoccservice.com *.adroll.com *.spotix.com *.kaptcha.com googleads.g.doubleclick.net *.youtube.com *.cloudfront.net *.visualwebsiteoptimizer.com *.google.com *.stripe.com *.pinimg.com *.twitter.com *.ads-twitter.com *.marchex.io *.ecomm-nav.com *.retentionscience.com maps.googleapis.com fast.a.klaviyo.com static.klaviyo.com ac.nextopiasoftware.com r2-t.trackedlink.net cdn.jsdelivr.net dn.jsdelivr.net checkout.getbread.com *.getbread.com www.googletagmanager.com widget.trustpilot.com www.googleadservices.com px.owneriq.net bat.bing.com *.nextopia.net www.gstatic.com px.owneriq.net www.google-analytics.com js-agent.newrelic.com *.boldchat.com bam-cell.nr-data.net connect.facebook.net *.vimeocdn.com www.lightboxcdn.com lightboxapi.azurewebsites.net *.hotjar.com cdn.polyfill.io *.sentry-cdn.com cdn.attn.tv d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com ups.analytics.yahoo.com; style-src 'self' 'unsafe-inline' *.adroll.com *.cloudfront.net maxcdn.bootstrapcdn.com blogm2.spotix.com cdn.nextopia.net *.spotix.com fonts.googleapis.com *.lightboxcdn.com *.livechatinc.com; font-src https: data:; img-src https: data: 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 
	script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 
	connect-src * data: blob: 'unsafe-inline'; 
	img-src * data: blob: 'unsafe-inline'; 
	frame-src * data: blob: ; 
	style-src * data: blob: 'unsafe-inline';
	font-src * data: blob: 'unsafe-inline';
	frame-ancestors * data: blob: ; 4
default-src 'self' http: https: data: blob: wss: *.hotjar.com 'unsafe-inline'; script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors *.vrglass.com www.lojanba.com www.freelace.com.br www.shoestock.com.br www.gapbrasil.com clube.netshoes.com.br 4
frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 4
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4
default-src 'self'; script-src 'self' blob: https://127.0.0.1:32018 'sha256-RCMl7PJ3K2nMoGZppLZeArO5M70Pbu1k+t6RIHZO7gE=' 'sha256-v6MhWrgXnOZrJTw+mK9MqEYevK8vvSmRZFjINsy76Mw=' 'sha256-Tui7QoFlnLXkJCSl1/JvEZdIXTmBttnWNxzJpXomQjg='; worker-src 'self' blob:; connect-src 'self' https://127.0.0.1:32018 ws: wss:; img-src * data: blob:; frame-src 'self' tcx+app:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; media-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self' 4
frame-src 'self' *.jiathis.com *.baidu.com 4
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com ; 3
frame-ancestors 'self' *.cnbc.com *.acorns.com; 3
frame-ancestors 'self' *.grammarly.com 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 3
frame-ancestors 'self' *.intranet *.uolinc.com; 3
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.messenger.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.tenor.com *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com https://*.giphy.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 3
style-src 'self' 'unsafe-inline' *.gov *.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.amplitude.com https://api.amplitude.com https://hkfxbbdzib.notion.so https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://client-registry.mutinycdn.com https://client.mutinycdn.com/ https://user-data.mutinycdn.com https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io;connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so ws://localhost:* ws://127.0.0.1:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://hkfxbbdzib.notion.so https://www.notion.so https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io https://uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://boards-api.greenhouse.io https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://x.clearbitjs.com http://x.clearbitjs.com https://connect.facebook.net https://user-data.mutinycdn.com https://api-v2.mutinyhq.io https://munchkin.marketo.net http://munchkin.marketo.net https://414-xmy-838.mktoresp.com http://414-xmy-838.mktoresp.com https://414-xmy-838.mktoutil.com http://414-xmy-838.mktoutil.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io http://track.customer.io https://track.customer.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com;font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com fonts.gstatic.com;img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com http://track.customer.io https://track.customer.io;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com fonts.googleapis.com;frame-src https: http:;media-src https: http: 3
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com  http://webvisor.com ; 3
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com; object-src https://*.engadget.com https://s.yimg.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 3
frame-ancestors 'self' https://*.apa.org; 3
frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 3
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca https://*.us.adp; 3
frame-ancestors braze-redesign-qa.herokuapp.com braze-redesign-uat.herokuapp.com braze-redesign-production.herokuapp.com homeslice.braze.com https://www.braze.com/ braze.com https://www.braze.co.jp/ braze.co.jp app.optimizely.com 3
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' blob:; child-src 'self' blob:; connect-src 'self' blob: o1.ingest.sentry.siemens-web.com edge.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com assets.new.siemens.com api.dc.siemens.com dev.api.dc.siemens.com uat.api.dc.siemens.com w3.siemens.com searchapi.new.siemens.com privacyportal-eu.onetrust.com siemens.sc.omtrdc.net *.tt.omtrdc.net siemens.demdex.net tools.adlytics.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com geolocation.onetrust.com manifest.prod.boltdns.net www.facebook.com www.google.com www.google.com *.force.com *.salesforce.com *.salesforceliveagent.com adservice.google.com adservice.google.com cdn.cookielaw.org cognito-identity.eu-west-1.amazonaws.com sts.eu-west-1.amazonaws.com dataplane.rum.eu-west-1.amazonaws.com profiles.siemens.com cdn.siemens-web.com cdn.siemens.com; frame-ancestors 'self' resources.dc.siemens.com siemensfactoryautomation.pathfactory.com contentpath.siemens.com mc.contentpath.siemens.com; frame-src 'self' www.facebook.com bid.g.doubleclick.net *.force.com *.salesforce.com *.salesforceliveagent.com jobs.siemens-info.com pages.siemens-info.com sites.siemens-info.com tpc.googlesyndication.com cdn.siemens-web.com cdn.siemens.com playout.3qsdn.com; font-src 'self' data: tools.adlytics.net cdn.siemens-web.com cdn.siemens.com; img-src 'self' data: blob: android-webview-video-poster: *.siemens.com brightcove04pmdo-a.akamaihd.net *.prod.boltdns.net metrics.brightcove.com googleads.g.doubleclick.net ad.doubleclick.net www.facebook.com adservice.google.com adservice.google.com www.googletagmanager.com www.google.com www.google.com 825113843.privacysandbox.googleadservices.com siemens.sc.omtrdc.net *.tt.omtrdc.net px4.ads.linkedin.com px.ads.linkedin.com dc.ads.linkedin.com www.linkedin.com tr.outbrain.com trc.taboola.com stats.adlytics.net secure.adnxs.com t.co siemens.mindsphere.io cdn.cookielaw.org cdn.siemens-web.com cdn.siemens.com; manifest-src 'self'; media-src 'self' blob: data: assets.new.siemens.com secure.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.cf.brightcove.com; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' w3.siemens.com tools.adlytics.net assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com profiles.siemens.com *.ste.dc.siemens.com googleads.g.doubleclick.net www.google.com www.google.com www.googletagmanager.com www.googleadservices.com tpc.googlesyndication.com connect.facebook.net cookies.siemens.com snap.licdn.com scripts.demandbase.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com geolocation.onetrust.com *.force.com *.salesforce.com *.salesforceliveagent.com new.siemens.com cdn.cookielaw.org client.rum.us-east-1.amazonaws.com dataplane.rum.eu-central-1.amazonaws.com cdn.siemens-web.com cdn.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com *.force.com *.salesforce.com *.salesforceliveagent.com new.siemens.com cdn.siemens-web.com cdn.siemens.com; worker-src 'self' 'unsafe-inline' blob:; report-uri https://o1.ingest.sentry.siemens-web.com/api/68/security/?sentry_key=b4382018df484832b4ee2501bc82cea7&sentry_environment=siemenscom-prod&sentry_release=61715c1c; 3
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com  https://servicenow.highspot.com 3
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 3
frame-ancestors https://*.facebook.com https://*.parallels.com https://*.parallels.cn https://*.parallels.com.cn; 3
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com https://wwwpub.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.garmin.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com https://wwwpub.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com https://wwwpub.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.garmin.com https://www.garmin.com https://wwwpub.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://wwwpub.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net https://gum.criteo.com https://static.criteo.net; object-src 'none'; upgrade-insecure-requests 3
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net www.google.com www.gstatic.com www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 3
frame-ancestors 'self' https://amd.pathfactory.com *.reachcm.com reachcm.com 3
frame-ancestors 'self' https://*.edgecast.com https://*.yahooinc.com https://mediaplatform.pathfactory.com 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 3
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 3
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 3
default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gst atic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.nr-data.net *.pinterest.com *.trustarc.com *.truste.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; report-uri /webhooks/csp-report; 3
frame-ancestors 'self' https://www.google.com https://discover-hubpages-com.cdn.ampproject.org; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 3
frame-ancestors 'self' https://learn-cloudsecurity.cisco.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com pay.google.com *.amplitude.com adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com ostrovokru003.webim.ru  ostrovokru006.webim.ru ostrovokru007.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com js.adara.com sdk.adara.com pay.yandex.ru thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com  tracking.bonusway.com checkout.paypal.com pay.google.com static.criteo.net pay.yandex.ru gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com privetmir.ru  *.bluekai.com *.mail.ru ru.surveymonkey.com; img-src * data:; report-uri /hc/csp 3
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; report-uri /report-csp-violation; upgrade-insecure-requests 3
default-src 'self' http: https: 3
frame-ancestors 'self' https://*.adobe.com; 3
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 3
frame-ancestors 'self' http://localhost:* http://127.0.0.1:* https://*.lightning.force.com 3
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 3
default-src https://static.ada.support https://wallet.advcash.com https://t.co https://analytics.twitter.com https://websdk.applozic.com https://h.online-metrix.net https://*.kucoin.plus https://www.googleadservices.com https://googleads.g.doubleclick.net https://revain.org https://api.mobilum.com https://mc.yandex.ru https://widget.mobilum.com https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co  https://*.xcoinsystem.com  https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://api.growingio.com  https://tags.growingio.com  https://ekr.zdassets.com  https://www.growingio.com  https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline' ; connect-src https://apikucoin.quickblox.com https://api.quickblox.com https://kucoin.eu.ada.support https://rollout.eu.ada.support https://apps.applozic.com https://applozic.appspot.com wss://chat.quickblox.com https://bigdata-scfx-push.kucoin.plus https://*.sentry.io https://www.googleadservices.com https://googleads.g.doubleclick.net  https://revain.org  https://api.mobilum.com  https://mc.yandex.ru  https://widget.mobilum.com  https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co https://*.kucoin.plus  https://*.xcoinsystem.com  https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io  https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://api.growingio.com  https://tags.growingio.com  https://ekr.zdassets.com  https://www.growingio.com  https://www.tradingview.com https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline'; font-src http: https: data:; img-src http: https: data: blob:; worker-src http: https: data: blob:; child-src http: https: data: blob:; frame-ancestors 'self'  https://www.google.co.jp https://www.google.com https://*.kucoin.com https://*.kucoin.biz https://*.kucoin.fit https://*.xcoinsystem.com https://*.kucoin.cloud https://*.kucoin.plus 3
frame-ancestors 'self' *.d2l.com *.brightspace.com d2l.local d2lcorp.local; 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3
frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com; 3
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 3
'frame-ancestors' http://localhost:8100 https://*.tn.gov 3
frame-ancestors 'self' https://*.familysearch.org https://*.familysearch.psdops.com 3
frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 3
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors 'self' *.activenetwork.com *.active.com *.activekids.com; worker-src * blob:; object-src *; 3
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss://*.qualified.com; block-all-mixed-content; upgrade-insecure-requests 3
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 3
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org https://javabuilderbeta-output.dev-code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org wss://javabuilderbeta.dev-code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com https://javabuilderbeta-output.dev-code.org; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 3
frame-ancestors 'self' *.gov.on.ca; 3
script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; worker-src blob:; report-uri https://www.startpage.com/do/cspvr 3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
frame-ancestors 'self' ssense.com *.ssense.com 3
frame-ancestors https://*.upwave.com 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 3
frame-ancestors 'self' https://comscore.sharepoint.com; 3
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 3
frame-ancestors 'self' https://next.brella.io; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com/i18n/pixel/events.js analytics.tiktok.com/i18n/pixel/config.js analytics.tiktok.com/i18n/pixel/identify.js bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app; img-src 'self' data: *.afterpay.com *.clearpay.co.uk maps.gstatic.com *.googleapis.com *.ggpht cdn.builder.io static.fbot.me www.google.co.nz www.google.co.uk www.google.com www.google.com.au www.googletagmanager.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com cdn.branch.io www.google-analytics.com public.fbot.me connect.facebook.net *.bizible.com *.onetrust.com cdn.dashhudson.com likeshop.me track.linksynergy.com consent.linksynergy.com www.kmart.com.au www.bigw.com.au/ www.pacsun.com www.davidjones.com www.converse.com afterpay-business-site.vercel.app bat.bing.com/action/0 images.asos-media.com www.maccosmetics.co.uk www.jomalone.co.uk m.aveda.com www.aveda.com files.prezzee.com files.prezzee.com.au files.prezzee.uk; object-src 'none'; base-uri 'none'; 3
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 3
frame-ancestors 'self' *.directnic.net 3
default-src 'none'; base-uri 'none'; connect-src 'self' data: *.credit-suisse.com *.hedani.net  *.decibelinsight.net *.demdex.net *.doubleclick.net *.inbenta.com *.inbenta.io *.knowledgevision.com *.omtrdc.net *.qualtrics.com www.google-analytics.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net *.facebook.com *.googletagmanager.com soundcloud.com cdn.ampproject.org *.bing.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cookielaw.org *.onetrust.com *.pinterest.com webexapis.com *.wbx2.com *.ciscospark.com wss://*.ciscospark.com analytics.tiktok.com *.teads.tv;font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.hedani.net *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net *.qumucloud.com; frame-ancestors 'self' *.students.ch *.rowini.net *.ch.hedani.net content-uat.csintra.net content.csintra.net *.credit-suisse.com *.hedani.net *.adobedtm.com *.abusizz.ch *.maglr.com; frame-src 'self' blob: *.adobedtm.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com *.youtube-nocookie.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com *.pinterest.com anchor.fm *.microad.jp; img-src 'self' data: *.hedani.net *.credit-suisse.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ch t.co *.quantserve.com *.everesttech.net *.demdex.net *.youtube.com *.facebook.com *.facebook.net *.inbenta.com maps.gstatic.com maps.googleapis.com *.linkedin.com *.qualtrics.com *.gstatic.com *.inbenta.io  *.mathtag.com *.bing.com gateway.zscloud.net *.googletagmanager.com *.glassdoor.com *.cookielaw.org *.qq.com *.adsymptotic.com *.pinterest.com *.teads.tv *.microad.jp b97.yahoo.co.jp b91.yahoo.co.jp; object-src 'self' blob: *.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.adobedtm.com *.ads-twitter.com cdn.ampproject.org *.anychart.com *.credit-suisse.com *.hedani.net  *.everesttech.net *.facebook.net *.forms.credit-suisse.com *.google.ch *.google-analytics.com *.googleapis.com *.googletagmanager.com *.inbenta.com *.inbenta.io *.jquery.com *.knowledgevision.com *.licdn.com *.linkedin.com *.qualtrics.com *.twitter.com *.youtube.com *.ytimg.com maps.google.com tagmanager.google.com sc-static.net *.googleadservices.com googleads.g.doubleclick.net *.ampproject.org *.mathtag.com *.bing.com gateway.zscloud.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.ceros.com *.cookielaw.org *.qq.com *.qumucloud.com *.pinimg.com *.teads.tv *.microad.jp s.yimg.jp b97.yahoo.co.jp b91.yahoo.co.jp; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.hedani.net *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net analytics.tiktok.com *.teads.tv; style-src-elem 'self' 'unsafe-inline' data: *.credit-suisse.com *.inbenta.com *.inbenta.io; manifest-src 'self' data: *.credit-suisse.com; 3
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com https://portal.allyable.com https://static.allyable.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com https://*.filae.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 3
default-src 'unsafe-inline' https:; img-src data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'self' https://*.unitycms.io; 3
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 3
frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www.zyxel.ch https://www.zyxel.fr https://www12.zyxel.com 3
connect-src edgeapi.ace.teliacompany.net awseukpi.whisbi.com s3.eu-west-1.amazonaws.com t944.telia.se webprovisions-labs.humany.net 'self' api.whisbi.com stats.g.doubleclick.net www.google.se telia-natcenter.humany.net chat.ace.teliacompany.net www.google.com eucentral1-widget.whisbi.com www.google-analytics.com https://connect.facebook.net n467.telia.se nupload.whisbi.com widget.whisbi.com telia-se.blueconic.net api.ace.teliacompany.net wds.ace.teliacompany.com telia-se-b2b.blueconic.net chat2.ace.teliacompany.net static.whisbi.com cgchat.callguide.telia.com pwe.callguide.telia.com *.usabilla.com eucentral1-nodeupload.whisbi.com telia.humany.net chat.ace.teliacompany.com eucentral1-api.whisbi.com; default-src localhost:41680 'self'; font-src static.whisbi.com https://fonts.gstatic.com webprovisions-labs.humany.net 'self' fonts.gstatic.com widget.whisbi.com telia.humany.net wds.ace.teliacompany.com eucentral1-widget.whisbi.com eucentral1-api.whisbi.com data: telia-natcenter.humany.net; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' *.doubleclick.net https://www.facebook.com wds-s.ace.teliacompany.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src t944.telia.se https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com stats.g.doubleclick.net www.google.se telia-natcenter.humany.net www.google.com www.haynespro-services.com www.google-analytics.com humany.blob.core.windows.net img.youtube.com s3-eu-west-1.amazonaws.com n467.telia.se widget.whisbi.com telia-se.blueconic.net telia-se-b2b.blueconic.net awseurtv3.whisbi.com d6tizftlrpuof.cloudfront.net *.usabilla.com www.haynespro-assets.com telia.humany.net plugins.blueconic.net data:; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src t944.telia.se 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com telia-natcenter.humany.net www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com eucentral1-widget.whisbi.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net n467.telia.se widget.whisbi.com telia-se.blueconic.net wds.ace.teliacompany.com library.whisbi.com telia-se-b2b.blueconic.net static.whisbi.com cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net eucentral1-api.whisbi.com plugins.blueconic.net 'unsafe-eval'; style-src https://tagmanager.google.com t944.telia.se 'unsafe-inline' core.dc.teliacompany.net n467.telia.se https://optimize.google.com webprovisions-labs.humany.net 'self' widget.whisbi.com telia-se.blueconic.net wds.ace.teliacompany.com telia-se-b2b.blueconic.net telia-natcenter.humany.net d6tizftlrpuof.cloudfront.net core.dch.got.telia.se wds-s.ace.teliacompany.com telia.humany.net eucentral1-widget.whisbi.com plugins.blueconic.net https://fonts.googleapis.com 3
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net; object-src 'self'; worker-src blob: 3
default-src * data:; style-src 'self' https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com google-analytics.com *.google-analytics.com cloudflare.com *.cloudflare.com boomtrain.com *.boomtrain.com  3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' script-src: https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com object-src: https://fonts.gstatic.com connect-src: *.google-analytics.com *.analytics.google.com img-src: *.google-analytics.com *.analytics.google.com; 3
base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 3
default-src 'self' data: ws: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.cloudfront.net *.createjs.com *.facebook.net *.eloqua.com *.statcounter.com *.youtube.com *.vimeocdn.com *.en25.com *.demandbase.com *.hotjar.com *.licdn.com *.adroll.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.trustarc.com https://www.googletagmanager.com https://vimeo.com *.vimeo.com https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://s7.addthis.com https://v1.addthisedge.com https://m.addthis.com/ https://z.moatads.com https://maxcdn.bootstrapcdn.com https://www.facebook.com *.episerver.net *.bing.com *.virtualearth.net *.unisys.com https://api.company-target.com *.sharethis.com https://unpkg.com *.consensu.org https://ajax.googleapis.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.episerver.net *.bing.com https://maxcdn.bootstrapcdn.com https://unpkg.com *.sharethis.com https://*.unisys.com; img-src 'self' data: http: https:; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.unisys.com; connect-src 'self' *.trustarc.com *.hotjar.io *.hotjar.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com https://forms.hubspot.com https://api.hubspot.com https://m.addthis.com https://dc.services.visualstudio.com https://vimeo.com ws: wss: *.bing.com *.episerver.net *.virtualearth.net https://api.company-target.com https://c.statcounter.com; child-src 'self' *.trustarc.com https://api.hubspot.com https://app.hubspot.com https://vimeo.com *.vimeo.com https://www.youtube.com https://s7.addthis.com; frame-src * 3
frame-ancestors 'self'; object-src 'none'; base-uri 'none';  form-action 'self' www.facebook.com;report-uri https://data.jijiapp.net/csp-report; 3
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.bing.com https://*.bizographics.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net data: 3
frame-ancestors 'self' http://ideas.cloudera.com https://ideas.cloudera.com http://pages.cloudera.com https://pages.cloudera.com https://resources.cloudera.com http://resources.cloudera.com https://*.kampyle.com https://*.medallia.com 3
frame-ancestors http://www.moex.com 3
default-src 'self'  blob:  data:  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kampyle.com  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://r.bing.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.bing.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  intent:  wss://127.0.0.1:*  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.facebook.com  https://*.facebook.net  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://analytics.google.com  https://balancechecks.tx-gate.com  https://dmp.theadex.com  https://event.yoochoose.net  https://facebook.com  https://fonts.gstatic.com  https://h.online-metrix.net  https://lidl.media01.eu  https://lidlde.int.userwerk.com  https://tracking.s24.com  https://www.bing.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://www.lacmp.net  https://csp.cre.lidl-shop.com; object-src data:  https://*.cookiebot.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://r.bing.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://youtube.com  https://*.youtube.com  https://*.facebook.com  https://*.facebook.net  https://*.lidl-info.com  https://*.online-metrix.net  https://facebook.com  https://h.online-metrix.net; base-uri 'self'; style-src 'self'  https://*.cookiebot.com  https://*.kampyle.com  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://r.bing.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.bing.com  https://www.google.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  'unsafe-inline'  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.parcellab.com  https://*.sit.sys.odj.cloud  https://facebook.com  https://www.bing.com; script-src 'self'  blob:  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kampyle.com  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://lidl.de  https://r.bing.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.bing.com  https://www.google.com  https://youtube.com  https://*.youtube.com  'unsafe-eval'  'unsafe-inline'  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.facebook.com  https://*.facebook.net  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.semtrack.de  https://*.simplesurance.de  https://adservice.google.de  https://ajax.googleapis.com  https://api.theadex.com  https://balancechecks.tx-gate.com  https://cdn.ravenjs.com  https://cm.g.doubleclick.net  https://code.etracker.com  https://dmp.theadex.com  https://dsp.adfarm1.adition.com  https://facebook.com  https://h.online-metrix.net  https://lidl.media01.eu  https://lidlde.int.userwerk.com  https://s.ytimg.com  https://tracking.s24.com  https://www.bing.com  https://www.dwin1.com  https://www.etracker.de  https://www.google-analytics.com  https://www.googleadservices.com  https://www.googletagmanager.com  https://www.gstatic.com  https://www.lacmp.net; frame-src 'self'  https://*.cookiebot.com  https://*.kampyle.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://ams.creativecdn.com  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://lidl.de  https://r.bing.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  intent:  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.facebook.com  https://*.facebook.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.mynetfair.com  https://*.sit.sys.odj.cloud  https://*.vrxs.de  https://api.theadex.com  https://ar.lidl.com  https://balancechecks.tx-gate.com  https://facebook.com  https://h.online-metrix.net  https://ldl.viewer.cit-fusion.com  https://lidl-giftcard.eu  https://lidlde.int.userwerk.com  https://review.apps.01.cf.eu01.stackit.cloud  https://www.edge-cdn.net  https://www.lidl-gewinnspiel.de  https://www.lidl-giftcard.eu; report-uri https://csp.cre.lidl-shop.com/csp/report; form-action 'self'  https://accounts.lidl.com  https://survey.g.doubleclick.net; img-src 'self'  data:  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.casalemedia.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://r.bing.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://www.bing.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.youtube.com  moz-extension:  https://*.adition.com  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.facebook.com  https://*.facebook.net  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.stickyadstv.com  https://*.taboola.com  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://balancechecks.tx-gate.com  https://contextual.media.net  https://dmp.theadex.com  https://event.yoochoose.net  https://facebook.com  https://h.online-metrix.net  https://lh3.googleusercontent.com  https://lidlde.int.userwerk.com  https://match.sharethrough.com  https://sync.outbrain.com  https://translate.google.com  https://via.placeholder.com  https://visitor.omnitagjs.com  https://www.bing.com  https://www.google-analytics.com  https://www.googletagmanager.com  https://www.gstatic.com; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co; 3
script-src 'self'; 3
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com 3
frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 3
frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 3
frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de; 3
frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com wss://directline.botframework.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3
frame-ancestors 'self' interserver.net www.interserver.net my.interserver.net hostdepartment.com www.hostdepartment.com chat.is.cc; 3
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 3
frame-ancestors https://*.sutterhealth.org 3
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com 3
default-src 'self' https: data: 'unsafe-inline' 3
default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google-analytics.com *.adobe.com *.gstatic.com *.google.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 3
default-src 'self'  *.grdp.co blob:; img-src 'self' blob: data:  https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com  s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com  www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' *.gradestack.co *.byjusexamprep.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com; style-src 'self' blob: data: *.grdp.co  'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data:  https://byjusexamprep.com gradestack.com; media-src 'self' blob: data:  *.grdp.co https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://connect.facebook.net/signals/config/990336904319800 https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com  https://builder-assets.unbounce.com/published-js/ https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com https://connect.facebook.net/en_US/fbevents.js https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 3
frame-ancestors www.red-gate.com; 3
default-src 'self'; connect-src 'self' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com *.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com optimize.google.com https://optimize.google.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://*.analytics.google.com www.googletagmanager.com https://www.googletagmanager.com www.googleoptimize.com https://www.googleoptimize.com https://optimize.google.com optimize.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 3
frame-ancestors 'self' www.riverbed.com *.riverbed.com *.lookbookhq.com *.pathfactory.com pf.riverbed.com riverbed.lookbookhq.com *.adobecqms.net 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 3
value 3
frame-ancestors https://www.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 3
default-src 'none'; manifest-src 'self'; base-uri 'self'; form-action 'self' * https://jisc.msgfocus.com https://emails.jisc.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ux.digitalresources.jisc.ac.uk https://cdn.wootric.com 	https://live.matomo.jisc.ac.uk https://code.jquery.com https://www.youtube.com https://map.eduroam.uk 	https://www.bing.com https://cdn-eu.dynamicyield.com https://st-eu.dynamicyield.com https://www.gstatic.com 	https://embed.doorbell.io https://www.google-analytics.com https://ajax.googleapis.com http://static.hotjar.com 	https://static.hotjar.com/ https://script.hotjar.com https://www.google.com/recaptcha/api.js 	https://www.googletagmanager.com; connect-src 'self' https://ux.digitalresources.jisc.ac.uk https://adm.dynamicyield.eu https://cdn-eu.dynamicyield.com 	https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://jisc.msgfocus.com/ 	https://live.matomo.jisc.ac.uk https://async-px-eu.dynamicyield.com https://doorbell.io 	https://www.google-analytics.com https://c9k2dloukg.execute-api.eu-west-1.amazonaws.com http://*.hotjar.com:* 	https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://ux.digitalresources.jisc.ac.uk cdn-eu.dynamicyield.com st-eu.dynamicyield.com 	rcom-eu.dynamicyield.com https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com https://embed.doorbell.io 	https://fonts.googleapis.com; img-src 'self' data: https://ux.digitalresources.jisc.ac.uk https://i.ytimg.com https://live.matomo.jisc.ac.uk 	https://www.jisc.ac.uk/ https://www.google-analytics.com www.googletagmanager.com https://script.hotjar.com 	http://script.hotjar.com; font-src 'self' https://ux.digitalresources.jisc.ac.uk https://maxcdn.bootstrapcdn.com https://cdn-eu.dynamicyield.com 	https://fonts.static.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' https://w.soundcloud.com https://soundcloud.com  https://www.slideshare.net https://www.youtube.com 	https://player.vimeo.com https://maps.google.co.uk https://www.youtube-nocookie.com/ https://www.google.com 	https://newassets.hcaptcha.com https://vars.hotjar.com https://jisc.msgfocus.com https://www.jisc.ac.uk;frame-ancestors 'self' https://www.jisc.ac.uk; media-src *; 3
connect-src * 'self' 3
base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 3
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 3
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au; report-uri https://keepersecurity.report-uri.com/r/d/csp/enforce; 3
frame-ancestors 'self' *.eur.nl 3
frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 3
default-src 'self' 'unsafe-inline' https https://*.wistia.com  https://*.wistia.net www.google.com stats.g.doubleclick.net; script-src   'self'   'unsafe-eval'   'unsafe-inline'   https://snap.licdn.com   https://bat.bing.com/   https://snap.licdn.com   https://connect.facebook.net   https://ws.zoominfo.com   https://connect.facebook.net/   https://www.google-analytics.com   https://ssl.google-analytics.com   https://organizer.bizzabo.com/   www.googletagmanager.com   https://tagmanager.google.com   www.googleadservices.com   www.google.com   googleads.g.doubleclick.net   *.wistia.com    *.wistia.net   src.litix.io   js.hs-scripts.com   js.hsleadflows.net   js.hs-banner.com   js.hsadspixel.net   js.hubspotfeedback.com   js.usemessages.com   js.hs-analytics.net   js.hscollectedforms.net   js.hsforms.net   js-na1.hs-scripts.com   forms.hsforms.com   https://script.hotjar.com   https://static.hotjar.com/   https://munchkin.marketo.net/munchkin.js   https://ucarecdn.com/; style-src   'self'   'unsafe-inline'   blob:   fast.wistia.com   tagmanager.google.com   https://fonts.googleapis.com   https://cdnjs.cloudflare.com/; frame-src   https://www.prismhrlive.com   *.youtube.com   https://bid.g.doubleclick.net   *.hubspot.com   forms.hsforms.com   js.hsadspixel.net   js.hscollectedforms.net   js.usemessages.com   fast.wistia.com   fast.wistia.net   https://vars.hotjar.com   https://www.facebook.com   https://player.vimeo.com; child-src   app.hubspot.com   forms.hsforms.com   js.hsadspixel.net   js.hscollectedforms.net   js.usemessages.com   blob:; img-src   'self'   https://c.clarity.ms/c.gif   data:   https://px.ads.linkedin.com/   https://bat.bing.com/   https://p.adsymptotic.com   https://www.facebook.com   *.google-analytics.com   www.googletagmanager.com   https://ssl.gstatic.com   https://www.gstatic.com   googleads.g.doubleclick.net   www.google.com   *.wistia.com   *.wistia.net   embedwistia-a.akamaihd.net   *.hubspot.com   cdn2.hubspot.net   forms.hsforms.com   *.facebook.com   *.wpengine.com; font-src   'self'   data:   *.wistia.com   https://fonts.gstatic.com   https://cdnjs.cloudflare.com; connect-src   'self'   https://events.bizzabo.com   *.google-analytics.com   *.hubspot.com   https://stats.g.doubleclick.net/   api.hubapi.com   js.usemessages.com   js.hsleadflows.net   js.hs-banner.com   js.hubspotfeedback.com   js.hsadspixel.net   js.hs-analytics.net   js.hs-scripts.com   forms.hsforms.com   *.litix.io   *.wistia.com   https://yoast.com   https://my.wpengine.com   embedwistia-a.akamaihd.net; form-action   'self'   forms.hsforms.com   forms.hubspot.com   https://www.facebook.com; media-src    'self'    blob:    data:    *.wistia.com    *.wistia.net    embedwistia-a.akamaihd.net; Worker-src   'self'     blob:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; img-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; style-src 'self' 'unsafe-inline'  data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; font-src 'self' 'unsafe-inline' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; object-src 'self'; connect-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; frame-src 'self' data: *.niq.com niq.com *.nielseniq.com nielseniq.com https://nielseniq.com *.nielsen.com *.go-vip.net go-vip.net *.googletagmanager.com *.google-analytics.com *.google.com googleadservices.com www.googleadservices.com *.g.doubleclick.net *.gstatic.com *.accessibilityserver.org accessibilityserver.org https://accessibilityserver.org *.userway.org *.cookielaw.org secure.adnxs.com *.tinypass.com *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.licdn.com px.ads.linkedin.com *.linkedin.com *.cxense.com *.ipify.org *.newrelic.com *.wp.com secure.gravatar.com *.adsymptotic.com *.nr-data.net *.jifo.co *.infogram.com *.wistia.com *.wistia.net *.twitter.com static.ads-twitter.com ads-twitter.com *.soundcloud.com *.youtube.com *.6sc.co t.co *.piano.io piano.io *.pardot.com pardot.com us-central1-byzzer-qa.cloudfunctions.net us-central1-byzzer-dev-57103.cloudfunctions.net us-central1-core-incentive-288418.cloudfunctions.net us-east4-byzzer-production.cloudfunctions.net wchat.eu.freshchat.com datavizapp.azureedge.net playlist.megaphone.fm baidu.com *.baidu.com *.svc.dynamics.com svc.dynamics.com *.crm.dynamics.com crm.dynamics.com js.hs-scripts.com nielseniq.cn; frame-ancestors 'self' *.nielseniq.com; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss://* http://* https://*; 3
default-src 'self' ; script-src 'self' 'unsafe-inline' * 'unsafe-eval' *; object-src 'self' 'unsafe-inline' * 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: blob:; media-src 'self' 'unsafe-inline' * 'unsafe-eval' * data: blob:; child-src 'self' 'unsafe-inline' * 'unsafe-eval' *; font-src 'self' 'unsafe-inline' * 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' * 'unsafe-eval' *; report-uri /report-csp-violation 3
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3
frame-ancestors *.reviews.co.uk *.reviews.io 3
frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world 3
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com acquia.seismic.com app.veertly.com; report-uri /report-csp-violation 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yxt.com *.soboten.com *.sobot.com *.baidu.com *.bcebos.com *.tankeai.com *.captcha.qq.com captcha.gtimg.com 3
frame-ancestors 'self' *.dumontnet.de amp-ksta-de.cdn.ampproject.org amp-rundschau--online-de.cdn.ampproject.org *.google.com *.google.de *.ksta-workers.de; 3
frame-ancestors https://*.descartes.com; report-uri /report-csp-violation 3
frame-ancestors https://ads.idntimes.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com; frame-ancestors file: cdvfile: 'self'; 3
default-src 'self' *.kwai-pro.com *.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kwimgs.com *.kwai.com *.snackvideo.in *.kwai.net *.yximgs.com *.cloudfront.net hm.baidu.com cdn.polyfill.io g-static.lolitago.net www.googletagmanager.com www.google-analytics.com gifshow-static.download.ks-cdn.com https://connect.facebook.net asset: data:;img-src 'self' https://*.kwai.net http://*.kwai.net https://*.yximgs.com http://*.yximgs.com http://*.kuaishou.com https://*.kuaishou.com http://*.kwai.com https://*.kwai.com http://*.snackvideo.in https://*.snackvideo.in https://*.gifshow.com http://*.gifshow.com *.kwimgs.com *.cloudfront.net https://www.google.cl https://gifshow-static.download.ks-cdn.com hm.baidu.com www.google.com www.google.cn https://www.google.com.br https://www.google.com.co https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://www.gstatic.com https://translate.google.com data: blob: android-webview-video-poster:;media-src 'self' https://*.kwai.net http://*.kwai.com https://*.kwai.com http://*.snackvideo.in https://*.snackvideo.in http://*.kwai.net https://*.yximgs.com http://*.yximgs.com data:;connect-src 'self' *.kwai.net *.kwai.com *.snackvideo.in *.kwai-pro.com *.kuaishou.com *.gifshow.com www.google-analytics.com stats.g.doubleclick.net hm.baidu.com translate.googleapis.com https://log-sdk.ksapisrv.com wss://www.kwai.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.kwimgs.com *.kwai.net *.kwai.com *.snackvideo.in *.yximgs.com *.cloudfront.net g-static.lolitago.net gifshow-static.download.ks-cdn.com data:;font-src 'self' *.kwai.com *.snackvideo.in *.kwai.net *.cloudfront.net use.typekit.net https://img.yzcdn.cn https://img01.yzcdn.cn https://static3.avast.com https://fonts.gstatic.com data: chrome-extension:;frame-src 'self' *.kuaishou.com *.kwai-pro.com;form-action 'self' *.kwai.com *.snackvideo.in *.kwai-pro.com ikwai:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3
frame-ancestors none; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com static.geetest.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'unsafe-inline' at.alicdn.com static.geetest.com coinex.zendesk.com coinex.zendesk.co unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'unsafe-inline' at.alicdn.com data: unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src coinex.zendesk.com coinex.zendesk.co coinex-help.zendesk.com coinex-help.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 3
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'unsafe-inline' 'unsafe-eval' *.windstream.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.adsrvr.org/ https://ag.innovid.com/ https://s-a.innovid.com https://www.googleoptimize.com https://edge.marker.io https://www.google-analytics.com https://558-has-110.mktoresp.com https://acsbapp.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://api.cartstack.com https://app-sj11.marketo.com https://assets.adobedtm.com https://bam.nr-data.net https://bat.bing.com https://c.la2-c2cs-iad.salesforceliveagent.com https://c.la4-c2-ph2.salesforceliveagent.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://d.la2-c2cs-iad.salesforceliveagent.com https://d.la4-c2-ph2.salesforceliveagent.com https://email.windstreamenterprise.com https://googleads.g.doubleclick.net https://hero.kingpinkton.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://munchkin.marketo.net https://optimize.google.com https://pnapi.invoca.net https://polyfill.io https://s.pinimg.com https://sc-static.net https://script.hotjar.com https://se.monetate.net https://siteimproveanalytics.com https://snap.licdn.com https://solutions.invocacdn.com https://static.ads-twitter.com https://static.hotjar.com https://unpkg.com https://villain.kingpinkton.com https://visit.gokinetic.com https://visit.gokinetic.com/ https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.windstreamonline.com https://www.youtube.com; font-src 'self' data: https://use.typekit.net https://acsbapp.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net/ https://optimize.google.com https://app-sj11.marketo.com https://email.windstreamenterprise.com https://fonts.googleapis.com https://kinetic-cart-cms.union.agency https://stackpath.bootstrapcdn.com https://unpkg.com; img-src 'self' https://optimize.google.com https://usermatch.krxd.net https://maps.gstatic.com https://unpkg.com https://hero.kingpinkton.com https://id5-sync.com https://ads.scorecardresearch.com https://acsbapp.com https://aa.agkn.com https://sync.search.spotxchange.com https://loadus.exelator.com https://x.bidswitch.net https://pixel.advertising.com  https://windstream.d2.sc.omtrdc.net https://secure.adnxs.com https://tags.w55c.net https://www.google.com https://www.google.co.in https://6029303.global.siteimproveanalytics.io https://bat.bing.com https://ct.pinterest.com https://www.facebook.com https://t.co https://trkn.us https://www.google-analytics.com https://pixel-a.basis.net https://clickserv.basis.net https://googleads.g.doubleclick.net https://b.6sc.co https://px.ads.linkedin.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://dpm.demdex.net https://beacon.krxd.net https://eb2.3lift.com https://pixel.sitescout.com https://clickserv.sitescout.com https://img.icons8.com https://pixel.rubiconproject.com https://analytics.twitter.com https://contextual.media.net https://img.icons8.com https://clickserv.sitescout.com https://p.adsymptotic.com https://dc.ads.linkedin.com https://ib.adnxs.com https://pixel.tapad.com https://odr.mookie1.com https://idsync.rlcdn.com https://tags.bluekai.com https://dsum-sec.casalemedia.com https://cm.g.doubleclick.net https://cx.atdmt.com https://vc.hotjar.io https://cm.g.doubleclick.net https://connect.facebook.net https://cx.atdmt.com https://pippio.com https://match.adsrvr.org https://www.linkedin.com data: https:; connect-src 'self' https://craftcms.windstream.com/ https://staging-cms.windstream.com/  https://api.marker.io https://kinetic-cart-cms.union.agency https://maps.googleapis.com https://unpkg.com https://436-swj-524.mktoutil.com https://hero.kingpinkton.com https://tr.snapchat.com https://436-swj-524.mktoresp.com https://bam.nr-data.net https://www.facebook.com https://ws12.hotjar.com https://email.business.windstream.com https://bat.bing.com https://558-has-110.mktoutil.com https://www.google-analytics.com https://cdn.acsbapp.com https://connect.supplychain.fedex.com https://ct.pinterest.com https://stats.g.doubleclick.net https://558-has-110.mktoresp.com https://c.6sc.co https://secure.adnxs.com https://in.hotjar.com https://pnapi.invoca.net https://vc.hotjar.io https://maps.googleapis.com/maps; frame-src 'self' https://match.adsrvr.org/ https://insight.adsrvr.org/ https://11771150.fls.doubleclick.net https://optimize.google.com https://app.marker.io https://epaytest.windstream.com/ https://www.pinterest.com/ https://tr6.snapchat.com https://email.windstreamenterprise.com https://acsbapp.com https://bid.g.doubleclick.net https://epay.windstream.com https://epay.windstreamonline.com https://tr.snapchat.com https://www.googletagmanager.com https://vars.hotjar.com https://www.facebook.com https://pixel-a.basis.net https://www.youtube.com https://sr.rlcdn.com https://pixel.sitescout.com https://www.google.com https://app-sj11.marketo.com https://player.vimeo.com https://bcove.video https://players.brightcove.net https://visit.gokinetic.com; object-src https://bcove.video 3
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 3
frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 3
frame-ancestors 'self' *.winfuture.de; 3
frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://fl.fmpedia.lc/ https://fl.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://forexlive.com/ https://forexlive.com:3006/ https://*.forexlive.com/ https://*.forexlive.com:3006/; 3
default-src 'self' *.vivint.com play.vidyard.com; script-src data: 'unsafe-inline' 'unsafe-eval' *; object-src *; style-src blob: 'unsafe-inline' *; img-src data: *; media-src *; frame-src *; frame-ancestors *.vivint.com viv.drupalvm; child-src *; font-src data: *; connect-src *; report-uri /report-csp-violation 3
default-src 'self'; frame-ancestors 'self';upgrade-insecure-requests;script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.omnicalculator.com  https://cdn.omnicalculator.com  https://market.esmchina.com https://s0.2mdn.net https://zz.bdstatic.com  https://mbb.eet-china.com  https://pagead2.googlesyndication.com https://ad.doubleclick.net  https://pos.baidu.com https://www.eet-china.com https://static-eetc.oss-cn-shenzhen.aliyuncs.com  https://dup.baidustatic.com  https://site.eet-china.com https://apps.bdimg.com https://www.googletagmanager.com https://hm.baidu.com https://www.googletagservices.com https://www.google-analytics.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://adservice.google.com https://res.wx.qq.com; style-src 'unsafe-inline' https:;font-src https: data:; img-src data: blob: https:;connect-src https: ;frame-src https:;media-src https: 3
frame-ancestors 'self' *.ci360.sas.com; 3
frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp 3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com  wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.romeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 3
connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net  *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com images.ctfassets.net *.serving-sys.com analytics.tiktok.com; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' maps.googleapis.com s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com cdn.scaleflex.it analytics.tiktok.com; script-src *.dynatrace.com assets.ducati.com platform.twitter.com s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io www.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de maps.googleapis.com s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com; frame-src pixel.mathtag.com platform.twitter.com www.youtube.com youtu.be www.facebook.com www.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com; img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com; script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com; style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com 3
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3
default-src 'self' *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src *;font-src *;object-src *;media-src * 3
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/; 3
upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' https://tre3content.develop.wunder.io https://tre3content.stage.wunder.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 3
object-src 'none';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content 3
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com aristeguinoticias.com http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet; 3
frame-ancestors 'self'; script-src 'unsafe-inline' 'self' blob: 3
default-src 'self' data: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 3
default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3
frame-ancestors 'self' https://careerkarma.com 3
frame-ancestors https://plasticsfinder.com/ https://*.plasticsfinder.com/ 'self'; 3
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 3
frame-ancestors https://luminati.io https://*.luminati.io https://brightdata.com https://*.brightdata.com https://www.bright.events https://luminati-china.biz 3
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 3
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://*.beocms.de https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com  *.buzzsprout.com *.visualwebsiteoptimizer.com *.vwo.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob:; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo *.typekit.net data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.vwo.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com *.vwo.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com; media-src 'self' *.googleapis.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 3
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.purechat.com wss://*.purechat.com; default-src 'none'; font-src static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com; frame-src 'self' www.youtube.com player.vimeo.com; img-src 'self' *.tierra.net secure.gravatar.com *.purechat.com *.wp.com *.purechatcdn.com *.amazonaws.com; media-src app.purechat.com; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com maxcdn.bootstrapcdn.com *.purechatcdn.com use.fontawesome.com *.purechat.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src * data:; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: http://*.youtube.com https://tr.rdrtr.com https://stags.bluekai.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr https://www.linkadoo.co https://linkadoo.co https://channelconnector.smartmessage-connect.com https://www.poltio.com https://tpc.googlesyndication.com; style-src * 'unsafe-inline'; 3
frame-src * data: blob:; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://dev.vatrix.eu; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-scr https://library.ymcapps.net 3
frame-ancestors https://*.ionos.es https://ionos.es; 3
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 3
default-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 3
frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 3
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com fast.wistia.com *.wistia.net embedwistia-a.akamaihd.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/ cdn.evgnet.com cdn.getsmartcontent.com s.getsmartcontent.com v1.addthisedge.com z.moatads.com www.youtube.com view.ceros.com *.wistia.com *.wistia.net src.litix.io; img-src 'self' data: ssl.gstatic.com/ embed.wistia.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net secure.adnxs.com ib.adnxs.com/ www.google.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net cm.g.doubleclick.net assets.getsmartcontent.com id.rlcdn.com/464526.gif match.prod.bidr.io/cookie-sync/demandbase segments.company-target.com block.opendns.com; frame-src 'self' m.addthis.com s7.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com cdn.getsmartcontent.com *.bound360.com tagmanager.google.com www.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net pi.pardot.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz *.fls.doubleclick.net; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com cloud.alert.guardiandirect.com cloud.connect.guardian guardianlife.us-1.evergage.com bat.bing.com www.nerdwallet.com stage.nerdwallet.biz embeds.nerdwallet.biz maps.googleapis.com api.company-target.com m.addThis.com; font-src 'self' data: fonts.gstatic.com *.wistia.com; media-src 'self' blob: data: www.podbean.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net 3
connect-src 'self' https://stats.g.doubleclick.net https://*.omappapi.com heapanalytics.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' https://*.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' heapanalytics.com https://tagmanager.google.com fonts.googleapis.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' www.googletagmanager.com data: *; manifest-src 'self'; media-src 'self'; script-src 'self' https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://account.limesurvey.org/violation.php; 3
frame-ancestors 'self' https://ch3plus.com https://*.ch3plus.com https://*.mello.me https://beci.incart.co 3
frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
frame-ancestors https://*.epson.com https://*.epson.jp https://cm.lpga.com https://cm.epsontour.com https://www.lpga.com https://www.epsontour.com 3
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.mapbox.com *.mqcdn.com *.mapquestapi.com *.mapquest.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com  blob: data:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3
default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com  *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com static.safetydetectives.com; 3
frame-ancestors *.firsthorizon.com 3
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  *.greenwichcompliance.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 3
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 3
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 3
img-src 'self' data: *.hypernode.com *.hypernode.nl *.hubspot.com *.linkedin.com *.licdn.com p.adsymptotic.com *.google-analytics.com www.google.com www.google.com.bd www.google.pl www.google.nl www.google.de www.google.co.uk www.google.co.in www.google.ae www.google.fr www.google.ge www.google.co.tz www.google.pk www.gstatic.com *.gravatar.com www.googletagmanager.com t.co cdn2.hubspot.net forms.hsforms.com www.facebook.com analytics.twitter.com;; script-src-elem 'unsafe-inline' 'self' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com www.hypernode.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src analytics.google.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com stats.g.doubleclick.net www.google-analytics.com 'self' adservice.google.com www.google.co.in www.google.com www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be 1986635568.rsc.cdn77.org code.jquery.com wss://gc.kis.v2.scr.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com plugin.ucads.ucweb.com hpxperformance.hypernode.io hook.eu1.make.com;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl www.hypernode.nl use.typekit.net www.hypernode.com;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com self yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; prefetch-src 'self';; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 3
report-uri / 3
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ad.atdmt.com internalfb.com *.internalfb.com connect.facebook.net;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' ad.atdmt.com internalfb.com *.internalfb.com graph.intern.facebook.com wss://*.internalfb.com wss://*.internalfb.com:*;font-src data: internalfb.com *.internalfb.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com internalfb.com *.internalfb.com data: blob: *;block-all-mixed-content;upgrade-insecure-requests; 3
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 3
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn okings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' ; frame-src 'self' *.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz hotels.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com muscula.herokuapp.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 3
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 3
upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
frame-ancestors 'self' *.jobleads.ae *.jobleads.at *.jobleads.be *.jobleads.ca *.jobleads.cl *.jobleads.co *.jobleads.co.in *.jobleads.com *.jobleads.com.ar *.jobleads.com.br *.jobleads.com.ph *.jobleads.com.ve *.jobleads.co.uk *.jobleads.co.za *.jobleads.de *.jobleads.dev *.jobleads.dk *.jobleads.es *.jobleads.fi *.jobleads.fr *.jobleads.hk *.jobleads.ie *.jobleads.it *.jobleads.mx *.jobleads.nl *.jobleads.nz *.jobleads.pe *.jobleads.pk *.jobleads.pl *.jobleads.pt *.jobleads.qa *.jobleads.sg *.jldev.de https://resume.io/ https://lensa.com/; 3
frame-ancestors https://engage.bruker.com https://tongji.baidu.com self; 3
connect-src 'self' 'unsafe-inline' www.google-analytics.com collect.tealiumiq.com; script-src 'self' 'unsafe-inline' tags.tiqcdn.com www.youtube.com img6.wsimg.com img1.wsimg.com www.google-analytics.com s.ytimg.com; object-src 'none'; default-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; style-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; img-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com www.google-analytics.com; font-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' tal.de *.tal.de; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' tal.de *.tal.de https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.tal.de/st/csp-violator.py 3
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 3
default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 3
frame-ancestors 'self' *.elsiglodetorreon.com.mx *.elsiglodedurango.com.mx *.tar.mx *.elsiglo.mx siglomania.com tar.mx 3
default-src photomath.net photomath.app photomath.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net tpip.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net pip.photomath.net www.google-analytics.com stats.g.doubleclick.net script.google.com; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com d2fi4ri5dhpqd1.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com; object-src 'self'; manifest-src test.photomath.com; media-src player.vimeo.com vod-progressive.akamaized.net; 3
default-src 'none'; connect-src 'self' *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 3
frame-ancestors http://webvisor.com 3
frame-ancestors 'self' https://*.faucetcrypto.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://newassets.hcaptcha.com/ https://*.doubleclick.net https://connect.facebook.net https://cdn.seon.io https://mc.yandex.ru/metrika/ http://bat.bing.com/bat.js https://bat.bing.com/p/ https://mc.yandex.ru/metrika/ https://apis.google.com https://s2.adform.net/ https://a1.adform.net/ https://*.ladesk.com 3
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com https://www.scotiawealthmanagement.com;script-src 'self' 'unsafe-inline'  *.google.com *.google.ca *.google.com.co *.google.com.br *.gstatic.com *.contentsquare.net *.contentsquare.com www.google.com/maps/d/embed www.youtube.com/embed scotiabankfiles.azureedge.net www.facebook.com/ScotiabankColpatria twitter.com/scotiacolpatria www.instagram.com/banco_colpatria www.youtube.com/ScotiabankColpatriaOficial apps.scotiabank.com somniture.scotiabank.com www.googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io assets.adobedtm.com cm.everesttech.net somniture.scotiabank.com tags.bkrtx.com  app.link  www.google-analytics.com  connect.facebook.net cdnssl.clicktale.net www.espn.com.co  cdn.ampproject.org  www.scotiawealthmanagement.com www.scotiabankcolpatria.com;worker-src blob:;img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  *.google.ca  *.google.com.co  *.google.com.br  *.contentsquare.net  *.contentsquare.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  stats.g.doubleclick.net  www.scotiawealthmanagement.com;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  google.com/maps/d/embed *.contentsquare.net *.contentsquare.com youtube.com/embed iabankfiles.azureedge.net facebook.com/ScotiabankColpatria ter.com/scotiacolpatria instagram.com/banco_colpatria youtube.com/ScotiabankColpatriaOficial scotiabankfiles.azureedge.net apps.scotiabank.com somniture.scotiabank.com googletagmanager.com tags.bluekai.com service.maxymiser.net www.banco.colpatria.com.co cdn.branch.io tags.bkrtx.com  www.scotiawealthmanagement.com www.scotiabankcolpatria.com; 3
frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.journal-news.com https://editions.journal-news.com 3
form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 3
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 3
frame-ancestors 'self' *.wrike.com 3
default-src 'self'; connect-src 'self' https://col.site24x7rum.com https://app.litmusworld.com https://*.tataplay.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://s.yimg.com https://e3zogked5l.execute-api.us-west-2.amazonaws.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://rs.fullstory.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://wafs.mfilterit.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://api.ipify.org https://aax-eu.amazon-adsystem.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://script.mfilterit.net/ https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://sokrati.g2afse.com/ https://d2yjce5oayglmo.cloudfront.net/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://amplify.outbrain.com/ https://www.clarity.ms/ https://*.clarity.ms/ ; img-src 'self' https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tataplay.com https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ https://aax-eu.amazon-adsystem.com https://app.easyling.com/ https://crest-dot-skawa-easyling.appspot.com/ https://*.googleusercontent.com/ https://*.ggpht.com/ https://sp.analytics.yahoo.com/ https://sokrati.g2afse.com/ https://tr.outbrain.com data: ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com https://anuvadak-wms.reverieinc.com https://avtstagecdn.blob.core.windows.net https://cdn.invitereferrals.com/ ; font-src 'self' https://*.tataplay.com https://*.tatasky.com/ https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' bytedance: https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://uat.help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com https://youtu.be/ https://docs.google.com/ https://d1r1tbvxnfd82x.cloudfront.net/ https://d2yjce5oayglmo.cloudfront.net/ https://gethelpuat2.tatasky.com/ https://help.tatasky.com/ https://uathelp.tataplay.com/ https://help.tataplay.com/ ; object-src 'self' https://docs.google.com/ ; frame-ancestors https://*.tataplay.com https://*.tatasky.com ; 3
frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 3
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' tracking.netmind-cloud.com *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.start.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 3
default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 3
default-src 'self' https://www.facebook.com/ https://marketing.space.net/; style-src 'self' 'unsafe-inline' use.typekit.net/ p.typekit.net/; script-src 'self' 'unsafe-inline' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://marketing.space.net/; form-action 'self' https://www.facebook.com/ *.space.net/; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/; img-src 'self' https://www.facebook.com/ https://marketing.space.net/ www.space.net/ data:; object-src 'none'; font-src 'self' use.typekit.net/; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 3
upgrade-insecure-requests; default-src 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co 'unsafe-inline' 'unsafe-eval'; base-uri 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co s3.amazonaws.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.ceros.com *.hotjar.com *.d41.co; object-src 'self'; report-uri 'self'; form-action 'self'; 3
default-src 'self' *.vidyard.com *.onetrust.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval';                     img-src * 'unsafe-inline' 'unsafe-eval' data:;                     connect-src *;                     frame-src *;                     font-src * data:;                     media-src *; 3
object-src 'self';frame-ancestors 'self';frame-src 'self';img-src *.mvmnet.com data: maps.gstatic.com *.googleapis.com *.ggpht.com www.google-analytics.com www.facebook.com; 3
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3
default-src 'self' *.capitaland.com *.capitastar.com the-ascott.com *.the-ascott.com *.adobedtm.com *.instagram.com *.facebook.com *.twitter.com *.linkedin.com youtube.com *.youtube.com *.trustarc.com *.mookie1.com googletagmanager.com *.googletagmanager.com *.googleadservices.com *.adnxs.com *.nr-data.net *.newrelic.com *.addthis.com *.googleapis.com *.addthisedge.com *.moatads.com *.adobedtm.com *.stackla.com *.google.com *.google.com.vn *.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com *.baidu.com *.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.tiqcdn.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com *.google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.plavxml.com *.licdn.com *.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com *.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg www.discoverasr.com *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net kuula.co data: 'unsafe-eval' 'unsafe-inline' blob:; 3
default-src * 'unsafe-eval' 'unsafe-inline' data:; 3
upgrade-insecure-requests; default-src https://*.idnet.com https://*.idnet.net 'unsafe-inline' https://analytics.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://fast.fonts.net https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.stripe.com https://*.googleapis.com https://www.youtube.com https://*.purechat.com https://*.purechatcdn.com wss://*.prod-aws.purechat.com data: ;  img-src https: data: android-webview-video-poster: ; font-src https: data: ; object-src 'self';  base-uri 'self'; form-action https://www.idnet.com https://idnet.us4.list-manage.com; report-uri https://www.idnet.com/api/csp_receiver.php; 3
frame-ancestors 'self' *.hivelocity.net 3
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/; style-src 'unsafe-inline' 'self' https://*.vimeocdn.com https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.boost.ai/ https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/; font-src 'self' https://static.entryscape.com/ https://static2.sharepointonline.com/; frame-src 'self' https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; img-src 'self' data: https://api.lantmateriet.se https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 3
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-cf7a1918-19cf-4ed8-944c-ff162293b978'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-cf7a1918-19cf-4ed8-944c-ff162293b978'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 3
frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 3
default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; 3
frame-ancestors; 3
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
object-src 'none'; block-all-mixed-content 3
default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap apps.mypurecloud.de; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com apps.mypurecloud.de *.ewe.de; media-src data.ewe.de; 3
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 3
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors *.rwjbh.org www.mychart.com; 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 3
frame-ancestors undefined 3
default-src 'self'  *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.bttrack.com bttrack.com *.clarity.ms *.intentsify.io *.bizible.com *.easy7bear.com ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com; img-src * data:; font-src 'self' *.bttrack.com http://script.hotjar.com https://script.hotjar.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.bttrack.com bttrack.com *.clarity.ms *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com;  media-src * 'unsafe-inline'; frame-src 'self' *.fls.doubleclick.net *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org  go.ceridian.com  *.hotjar.com 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net  https://cdn.syndication.twimg.com *.google.com *.gstatic.com *.googleapis.com *.translate.goog *.livechatinc.com app.chaport.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it *.modirum.com *.paylife.at *.ctbcbank.com *.ocbc.com *.kbcard.com *.enfuce.com *.airplus.com *.mercurypaymentservices.it ws.zoominfo.com *.linkedin.com *.licdn.com 3
frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 3
font-src *.fontawesome.com data: *.photoslurp.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.redsys.es facebook.com *.redsys.com *.facebook.com *.pinterest.com sas.redsys.es sas.redsys.com checkoutshopper-live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.hotjar.com *.google.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: data: *.w3.org *.bing.com c.bing.com *.paypal.com bat.bing.com *.clarity.ms facebook.com *.kampyle.com *.gstatic.com *.ladybird.com *.google.com *.fbcdn.net *.facebook.com *.pinterest.com *.pronovias.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.cdninstagram.com *.nicolemilano.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com *.photoslurp.com *.googleapis.com *.salesforce.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.empathybroker.com *.lightning.force.com analytics.tiktok.com *.googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.honey.io *.force.com *.photoslurp.com service.force.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.akamaized.net player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io wss: vimeo.com bat.bing.com *.force.com *.tiktok.com *.google.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.tt.omtrdc.net *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com pro.ip-api.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com cdn.siteimprove.net static.hotjar.com stats.g.doubleclick.net *.hotjar.com:* *.hotjar.io wss://*.hotjar.com *.siteimprove.com data:; 3
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viewpoint.com https://unpkg.com https://viewpoint.us12.list-manage.com https://cdn.cookielaw.org https://*.vidyard.com https://js-agent.newrelic.com https://secure.coax7nice.com https://*.facebook.com https://*.marketo.net https://*.marketo.com https://*.driftt.com https://*.adroll.com https://*.sumo.com https://sumo.com https://content.cdntwrk.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://*.vimeo.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://siteimproveanalytics.com https://*.wistia.net https://*.wistia.com https://*.doubleclick.net https://www.reddit.com https://reddit.com https://*.pinterest.com https://api.bufferapp.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://d.adroll.mgr.consensu.org https://tribl.io https://*.uberflip.com https://*.calendly.com; img-src 'self' data: https://*.viewpoint.com https://cdn.cookielaw.org https://*.vidyard.com https://s.amazon-adsystem.com https://*.krxd.net https://fcmatch.youtube.com https://sync.mathtag.com https://www.google.ca https://www.google.co.uk https://*.adroll.com https://s3-us-west-2.amazonaws.com https://cdn.bizibly.com https://gum.criteo.com https://www.google.com https://px.ads.linkedin.com https://www.linkedin.com https://*.sumo.com https://sumo.com https://privacy-policy.truste.com https://c.bing.com https://match.prod.bidr.io https://tags.rd.linksynergy.com https://cw.addthis.com https://segments.company-target.com https://sync.ipredictive.com https://sync.tidaltv.com https://epiv.cardlytics.com https://aa.agkn.com https://px.owneriq.net https://dpm.demdex.net https://bttrack.com https://pixel.spotify.com https://usersync-b3.videoamp.com https://srv4j.net https://usersync-b3.videoamp.com https://ssum.casalemedia.com https://a.tribalfusion.com https://dps.admission.net https://ps.eyeota.net https://segments.company-target.com https://um.simpli.fi https://pixel.tapad.com https://match.adsrvr.org https://px.surveywall-api.survata.com https://sync.srv.stackadapt.com https://rtb.adentifi.com https://bcp.crwdcntrl.net https://pm.w55c.net https://p.rfihub.com https://idsync.reson8.com https://tribl.io https://sync-tm.everesttech.net https://loadm.exelator.com https://secure-gl.imrworldwide.com https://d3sut91l4ajo4b.cloudfront.net https://d3lziyk5qr4b9v.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://optimize.google.com https://*.gstatic.com https://*.bluekai.com https://d3sut91l4ajo4b.cloudfront.net https://s-static.ak.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://www.youtube.com https://*.siteimproveanalytics.io https://x.dlx.addthis.com https://s3.amazonaws.com https://driftt.imgix.net https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://cdn.bizible.com https://pixel.quantserve.com https://www.facebook.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://*.adroll.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://pippio.com https://tr.snapchat.com https://*.wistia.net https://sync.outbrain.com https://simage2.pubmatic.com https://tag.apxlv.com https://tag.cogocast.net https://x.dlx.addthis.com https://maps.googleapis.com https://www.googleoptimize.com https://*.marketo.com https://*.wistia.com https://pluginicons.craft-cdn.com https://*.akamaihd.net https://content.cdntwrk.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.viewpoint.com https://*.google.com https://*.viewpoint.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.net https://*.marketo.com https://js.driftt.com https://hello.myfonts.net https://cdn.jsdelivr.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fast.fonts.net; font-src 'self' data: https://*.viewpoint.com https://*.fonts.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.gstatic.com https://*.vimeo.com https://connect.facebook.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://api2.fonts.com; object-src 'self' https://*.viewpoint.com; child-src 'self' https://*.viewpoint.com; frame-src 'self' https://*.vidyard.com https://www.youtube.com https://w.soundcloud.com https://*.doubleclick.net https://vimeo.com https://*.vimeo.com https://optimize.google.com https://*.marketo.com https://*.wistia.com https://*.wistia.net https://*.driftt.com https://*.facebook.com https://calendly.com https://*.calendly.com; connect-src 'self' https://maps.googleapis.com https://*.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://*.viewpoint.com https://*.sumo.com https://sumo.com https://v2.api.uberflip.com https://clients6.google.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.wistia.com https://*.litix.io https://*.akamaihd.net https://*.mktoutil.com https://bam.nr-data.net; report-uri https://ca1fe692b8b29170cd9bd1769d468774.report-uri.com/r/d/csp/enforce 3
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 3
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data: https:; font-src * 'self' data: https:; connect-src *; media-src *; object-src *; prefetch-src *; child-src * 'self' data: https: blob:; base-uri *; 3
frame-ancestors 'self'; report-uri /csp-log.php 3
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src https: wss: ; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' * 3
frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 3
frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.dev.gri.rate.com https://grate-cms.prate-dev.com https://grate-cms.prate-stage.com https://grate-cms.gr-stage.com grate-cms-stage.dev.gri.rate.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://*.originpoint.com https://www.atproperties.com https://atproperties.com https://www.staging.atproperties.com https://staging.atproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com https://*.yextpages.net http://*.yextpages.net https://rcm.rockco.com https://www.yourhomehub.com/ https://yourhomehub.com 3
base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 3
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 3
frame-ancestors 'self' helioshi.medixmob.com medix-portal.com 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; frame-ancestors 'self' 3
object-src 'none'; form-action 'self'; frame-ancestors 'none' 3
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 3
frame-ancestors http://workflow.tyson.com/ http://workflow-test.tyson.com/ https://tysononline.sharepoint.com https://www.tysonfoods.com https://www-test.tysonfoods.com; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.civiccomputing.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com https://dl.episerver.net https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googleadservices.com https://www.recaptcha.net https://hello.myfonts.net https://widget.surveymonkey.com https://www.surveymonkey.com https://prod.smassets.net; 3
default-src 'self' *.d41.co www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co; img-src 'self' t.co c.bing.com di.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com; frame-src 'self' i.ytimg.com www.youtube.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.youtube.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net va-s.c.liveperson.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.google-analytics.com www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src 'self' tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com  use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com *.d41.co ats.rlcdn.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com; 3
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' pixel.mathtag.com https://cdn.cookielaw.org fundacionlacaixa.org connect.facebook.net platform.twitter.com *.google-analytics.com *.googletagmanager.com *.serving-sys.com *.facebook.com apis.google.com *.brightcove.com geolocation.onetrust.com;img-src 'self' data: https://cdn.cookielaw.org *.google-analytics.com www.facebook.com fundacionlacaixa.org obrasociallacaixa.org www.google.com www.google.es *.doubleclick.net *.fundacionlacaixa.org *.twitter.com *.googletagmanager.com;frame-src 'self' *.youtube.com *.brightcove.net *.doubleclick.net platform.twitter.com www.google.com www.facebook.com *.spotify.com;style-src 'self' 'unsafe-inline' fundacionlacaixa.org *.doubleclick.net fonts.googleapis.com;font-src 'self' data: *.google-analytics.com *.googleapis.com fundacionlacaixa.org *.brightcove.net fonts.gstatic.com;connect-src 'self' https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com *.brightcove.net *.google-analytics.com https://privacyportal-eu.onetrust.com/ *.serving-sys.com *.doubleclick.net 3
frame-ancestors https://www.cwtanalytiqs.com https://int.cwtanalytiqs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.cookielaw.org https://cdnjs.cloudflare.com service.maxymiser.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://img04.en25.com https://connect.facebook.net https://fonts.googleapis.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://geolocation.onetrust.com https://www.youtube.com img04.en25.com/i/elqCfg.min.js https://s.go-mpulse.net siteimproveanalytics.com *.contentsquare.com *.infogram.com *.contentsquare.net *.adobe.com *.turtl.co *.joinsherpa.io https://snap.licdn.com https://s2068514591.t.eloqua.com https://www.buzzsprout.com; object-src 'self'; 3
frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://goconnect.stackla.com https://info.evidon.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.googletagmanager.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 3
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.melita.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.zopim.com https://static.zdassets.com https://cdn.conversationalsdevelopment.nl https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googleadservices.com https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://*.digitalcx.com https://cdn.mxpnl.com https://*.youtube.com https://*.moatads.com https://*.addthisedge.com https://fast.wistia.com https://beacon-v2.helpscout.net https://ekr.zdassets.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com; style-src 'self' 'unsafe-inline' https://*.melita.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://cdn.conversationalsdevelopment.nl https://*.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com; connect-src * 'self' blob:; form-action 'self' https://*.facebook.com https://www.apsp.biz; frame-ancestors 'self'; upgrade-insecure-requests; 3
frame-ancestors 'self' https://*.webvisor.com https://metrika.yandex.ru/ https://www.copytrans.net 3
default-src *.hotjar.com wss://*.hotjar.com 'self' http: bott-tc.nautilus https: vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' data: script.hotjar.com fonts.gstatic.com foerderrechner.bosch-thermotechnology.com https://www.bosch-thermotechnology.us www.bosch-easycontrol.com www.heizung-steuern.com https://fonts.gstatic.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob: https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' cdn.datatables.net https://optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com https://www.bosch-thermotechnology.us; script-src https: 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com https://optimize.google.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 3
frame-ancestors 'self'; block-all-mixed-content; 3
default-src 'self' 'unsafe-inline' blob:; script-src 'self' blob: 'unsafe-inline' data: *.googletagmanager.com *.cookiebot.com *.wistia.com *.google-analytics.com; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.youtube.com *.wistia.com *.cookiebot.com; font-src 'self' 'unsafe-inline' data:; connect-src 'self' 'unsafe-inline' *.cookiebot.com *.google-analytics.com *.doubleclick.net *.wistia.com *.litix.io 3
frame-ancestors 'self' http://webvisor.com; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:;font-src https: data:; 3
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 3
default-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.google.com *.googleapis.com *.wistia.com api.hubapi.com forms.hubspot.com wss://auntbertha.zendesk.com; script-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-eval' 'unsafe-inline' *.demdex.net *.google.com *.googleapis.com *.gstatic.com *.statuspage.io *.wistia.com api.rollbar.com assets.adobedtm.com cdnjs.cloudflare.com/ajax/libs/ connect.facebook.net facebook.com https://*.zopim.com https://*.zopim.io https://ekr.zdassets.com https://static.zdassets.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js-na1.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com js.usemessages.com track.hubspot.com www.googleadservices.com www.google-analytics.com us-central1-searchbertha-hrd.cloudfunctions.net; style-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-inline' *.google.com *.googleapis.com blob: data: file: filesystem:; img-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hubspot.com *.wistia.com data: https://*.zopim.com https://*.zopim.io https://www.googletagmanager.com; font-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.gstatic.com data: https://*.zopim.com https://*.zopim.io https://fonts.googleapis.com; frame-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.careunify.com *.google.com *.periscopedata.com *.statuspage.io *.stripe.com us-central1-searchbertha-hrd.cloudfunctions.net; connect-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.googleapis.com *.hubapi.com *.hubspot.com *.rollbar.com *.wistia.com auntbertha.zendesk.com ekr.zdassets.com wss://*.zopim.com www.google-analytics.com; object-src 'none'; media-src 'self' blob: data:; 3
ok 3
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; object-src 'none' ; base-uri 'self' 3
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://iteratehq.com/ 3
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 3
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.vwfs.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://cdn.bronson.vwfs.tools ;            script-src 'self' 'unsafe-inline' https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://maps.googleapis.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com  https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://*.google.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://fonts.googleapis.com https://target.vwfs.com https://cdn.mercury.ai https://cdn.bronson.vwfs.tools https://*.google.com;            connect-src 'self' https://vimeo.com https://*.youtube.com  https://calculator.vwfs.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://cdn.mercury.ai https://webchat.mercury.ai https://co-browsing.mercury.ai wss://co-browsing.mercury.ai https://maps.googleapis.com https://integrations.etrusted.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' https://fonts.gstatic.com https://cdn.bronson.vwfs.io https://fonts.googleapis.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com ; 3
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://olympia.quironsalud.es https://olympia.quironsalud.es http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.recetaenergia.es https://www.recetaenergia.es http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 3
frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com 3
frame-ancestors 'self' temenos.seismic.com 3
default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 3
default-src 'self'; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-tlcmAHpjuLLOIObL2B6OUHigkbt7aSR3rbjRrPQIpzo=' 'sha256-NXWMVdEMk5gJTF2ihgfp+HMOfk0oF4oszJ/FzkC1WpU=' 'sha256-XFVoV8Qods0limIKhsn5/gq5DXmjw8ut+laKnV/oVFo=' 'sha256-/ciuGx0GSImrd0fLrPPotPD8ly4COZ7w9/IgGozr+C8=' 'sha256-fxBxhEkCgNeh5bIHpULVTyyn4VYtPec2plk1YR7dDNY=' 'sha256-m+0khCx/9gmahaVwUf4q8H3NDeQFD3CGcou8BEvR9Ac=' connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be 'sha256-oj9Pp7WGIiWmcMqSPuwctr6b6QgGyO/yX8yXl5Wa6Zw=' 'sha256-wSxPPLtphx9THi+6Gu4WyBFvgeG1mVvuwyGoSiqZZaw=' public.flourish.studio 'sha256-6M/y9B59SuEd5b5eeZCJR969eWe7lMWnxtA5qNqJgn8=' widget.surveymonkey.com 'sha256-44MtrkgnNFXJJqKheRqcqq9hLK5tYmdZlLKoyLKfP6I=' ajax.googleapis.com 'sha256-dHbSLiAH+H4Ao0KmrWYrtJSaFkcmQkIW4wp0vB4/lhY=' 'sha256-w/Nm0FwWmaeMGqfF/Wgce4yYBS5MLTPaWsv7pL8uwAw=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; img-src 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com images.dnsbelgium.be cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com  i.ytimg.com   secure.surveymonkey.com public.flourish.studio prod.smassets.net images.dnsbelgium.be; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com *.surveymonkey.com flo.uri.sh; connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com www.facebook.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels; worker-src 'self'; object-src 'self' 3
default-src 'self' https://* 'unsafe-eval' 'unsafe-inline' data:; frame-src 'self' mailto: https://*.legrandav.com https://*; connect-src 'self' wss://*.mypurecloud.com/ wss://*.hotjar.com/ https://*; 3
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 3
frame-ancestors 'self' http://dev.hop.it/ https://www.spikenow.com/ https://spikenow.com/ 3
frame-ancestors 'self' *.authorize.net; 3
frame-ancestors www.elasticpath.com; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 3
frame-ancestors 'self' https://*.xealth.io; 3
frame-ancestors https://bulbul.io 3
frame-ancestors 'self' *.medidata.com *.mdsol.com *.3ds.com dev-medidata-next.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io ; 3
default-src 'self' *.readspeaker.com data: https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de; style-src 'self' 'unsafe-inline' *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 3
frame-src *; frame-ancestors 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval' *.simpli.fi/; object-src * 3
upgrade-insecure-requests;frame-ancestors 'self'; 3
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
default-src 'self' https://*.gozego.com; img-src 'self' https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://wzrkt.com https://fast.wistia.net https://fast.wistia.com https://d2r1yp2w7bby2u.cloudfront.net https://*.gaconnector.com https://*.googletagmanager.com https://*.gozego.com https://*.adroll.com https://*.facebook.net https://*.googleadservices.com https://*.licdn.com https://*.google-analytics.com https://*.doubleclick.net https://*.hirebridge.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://optimize.google.com https://*.googleoptimize.com https://calendly.com https://*.calendly.com https://*.marketo.net https://*.hotjar.com https://*.dca0.com https://*.capterra.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.typekit.net data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://*.googletagmanager.com https://*.typekit.net https://*.gozego.com; frame-src 'self' https://*.gozego.com https://*.hotjar.com https://meetings.grooveapp.com https://fast.wistia.net https://fast.wistia.com https://*.facebook.com https://*.hirebridge.com https://*.libsyn.com https://*.addthis.com https://calendly.com https://*.calendly.com https://*.doubleclick.net https://optimize.google.com; connect-src 'self' https://*.addthis.com https://*.google-analytics.com https://*.wistia.com https://*.doubleclick.net https://*.wpengine.com https://yoast.com https://*.mktoresp.com https://*.dca0.com https://*.gaconnector.com https://*.adroll.com https://*.hotjar.com https://*.litix.io; media-src 'self' https://*.gozego.com https://*.wistia.com https://*.wistia.net blob:; 3
default-src 'self' 'unsafe-inline' data: *.googleapis.com *.akamaihd.net *.crossengage.io *.usercentrics.eu *.google-analytics.com *.gstatic.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.kameleoon.com *.kameleoon.eu *.dat.de *.datgroup.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com http://mailings.dat.de/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crossengage.io *.usercentrics.eu *.mouseflow.com *.akamaihd.net *.kameleoon.com *.kameleoon.eu http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.kameleoon.eu *.dat.de *.datgroup.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.kameleoon.com *.kameleoon.eu *.googleapis.com *.twitter.com *.twimg.com *.googleapis.com *.fairgarage.de *.fairgarage.com *.dat.de *.datgroup.com *.googletagmanager.com *.google-analytics.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com; frame-src data: 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.dat.de *.datgroup.com *.usercentrics.eu *.google.com *.googleapis.com *.gstatic.com *.kameleoon.com *.kameleoon.eu http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de *.fairgarage.com *.google-analytics.com; font-src 'self' data: *.fairgarage.com; 3
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com; 3
frame-ancestors officiallondontheatre.com *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info *.si9n.io *.signage.ninja; default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 3
default-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; media-src * blob:; report-uri zywave.com 3
script-src 'self' https://salesiq.zoho.com/ https://js.zohocdn.com https://js.zohostatic.com  https://browser.sentry-cdn.com/ https://cloud-ua.webitel.com/ https://cdn.jsdelivr.net/npm/yandex-metrica-watch/ https://cloud-ua.webitel.com/widgets/domains/fondy/  https://widgets.binotel.com/ https://customer.smartsender.eu/js/client/ https://www.googleadservices.com/ https://analytics.twitter.com/ https://pay.google.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/ *.bing.com app.satismeter.com production-assets.codepen.io https://cdnjs.cloudflare.com/ajax/libs/ https://static.ads-twitter.com/ *.fondy.io *.fondy.ru *.fondy.ua *.fondy.eu https://mc.webvisor.org *.linkedin.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.ua *.doubleclick.net *.googleapis.com ekr.zdassets.com fondyhelp.zendesk.com mc.yandex.ru *.plerdy.com connect.facebook.net www.facebook.com static.zdassets.com widget-mediator.zopim.com *.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ app.satismeter.com recaptcha.net  https://script.ringostat.com/v4/ https://widget.beesender.com 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https://css.zohocdn.com https://css.zohostatic.com  https://widgets.binotel.com/ https://*.jquery.com  https://pay.google.com/ https://widget.beesender.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ data: blob: 'unsafe-inline' 'self' *.fondy.io *.fondy.eu *.fondy.ua *.fondy.ru; connect-src 'self' https://analytics.ringostat.net/ https://callback.ringostat.com/ https://callback.ringostat.net/ https://analytics.ringostat.com/ https://salesiq.zoho.com https://salesiq.zohopublic.com ws: https://sentry.cloudipsp.com https://cloud-ua.webitel.com/  https://stats.g.doubleclick.net https://www.google-analytics.com https://*.plerdy.com www.facebook.com widget-mediator.zopim.com fondyhelp.zendesk.com https://balance.beesender.com mc.yandex.ru mc.webvisor.org ekr.zdassets.com *.fondy.io *.fondy.ua *.fondy.ru *.fondy.eu https://fondy.eu connect.facebook.net app.satismeter.com; frame-ancestors 'self' *.webvisor.com https://*.webvisor.com https://webvisor.com/*  https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net *.fondy.ru *.fondy.ua *.fondy.eu *.fondy.io portal.fondy.eu fondy.ru fondy.ua fondy.eu fondy.io 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sunypoly.edu *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.google-analytics.com *.google.com *.doubleclick.net www.suny.edu *.office365.com *.cdninstagram.com *.instagram.com *.youtube.com *.livechatinc.com *.twitter.com *.twimg.com *.knowmia.com  tscpressunypoly.azureedge.net *.techsmith.com *.useriq.com *.paypal.com iframe.dacast.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hsforms.net https://app-sj25.marketo.com https://player.vimeo.com/; img-src 'self' https://i.vimeocdn.com/ data:; font-src 'self' data:; 3
frame-ancestors 'self' *.ariba.com 3
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3
base-uri 'self' https://hcaptcha.com https://*.hcaptcha.com; child-src https://*.craigslist.org; connect-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; font-src data:; form-action https://*.craigslist.org; frame-ancestors 'self'; frame-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; media-src data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; style-src 'unsafe-inline' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com 3
form-action 'self'; 3
frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch *.privent.ch *.upc-print.ch; 3
frame-ancestors 'self' versatilecredit.com *.versatilecredit.com versatilesmartsign.com *.versatilesmartsign.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com thg-hosting-master100tbcorp.netdna-ssl.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ws://127.0.0.1:35729 *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com thg-hosting-master100tbcorp.netdna-ssl.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com thg-hosting-master100tbcorp.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com thg-hosting-master100tbcorp.netdna-ssl.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk script.hotjar.com; font-src data: 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com script.hotjar.com thg-hosting-master100tbcorp.netdna-ssl.com fonts.gstatic.com 3
frame-ancestors http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com https://horizon.dev-web01.curriculumassociates.com 'self'; frame-ancestors http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com https://horizon.dev-web01.curriculumassociates.com 'self'; 3
frame-ancestors 'self' covideo.com vidmails.com; 3
frame-ancestors https://modelcentro.com/ 3
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 3
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 3
require-trusted-types-for 'script';report-uri /_/MeetingsUi/cspreport 3
frame-ancestors ptisp.pt my.ptisp.pt oppwa.com; 3
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/*; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to; frame-src https://www.oldmutual.co.za/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://dms.oldmutual.com.gh https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets-preprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://dsp-media.eskimi.com/assets/js/e/gtr.min.js?_=0.0.0.3 https://checkout.flutterwave.com;; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za 3
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 3
default-src *;  object-src 'none';  base-uri 'none';  script-src * 'unsafe-eval' 'unsafe-inline';  style-src * 'unsafe-inline';  img-src * blob: data:;  font-src * data:;  frame-ancestors 'self' *.nyla.app *.vercel.app localhost:*; 3
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com i.ytimg.com connect.facebook.net app.adwordsagentur.at *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io 'unsafe-inline' 'unsafe-eval' data: 3
default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com  *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 3
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 3
frame-ancestors 'self' *.upc.pl html5.upcspeedtest.pl *.livechatinc.com d17eiofnbbcyfc.cloudfront.net youtube.com *.zoovu.com upcpoland.dualstack.speedtestcustom.com; 3
frame-ancestors 'self' https://*.virtuloc.com https://iframetester.com https://hexagon.live.virtualvenue.com https://us-hexagon.stage.virtualvenue.com https://hexagon.stage.virtualvenue.com https://us-hexagon.live.virtualvenue.com https://playipp.com; 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 3
frame-ancestors 'self' newapp.etracker.com; 3
frame-ancestors 'self' https://service.valooto.com/; 3
form-action https:; upgrade-insecure-requests 3
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com http://youtube.com/iframe_api https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://www.linkedin.com/ http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://player.vimeo.com/api/player.js https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://analytics.twitter.com/i/adsct https://tagmanager.google.com/debug https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://tagmanager.google.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js https://cdn1.readspeaker.com/script/9190/webReader/webReader.js https://cdn1.readspeaker.com/script/9190/webReader/ReadSpeaker.pub.Config.js https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Core.js https://cdn1.readspeaker.com/ *.lfeeder.com *.leadfeeder.com https://code.jquery.com/jquery-3.4.1.min.js https://www.googletagmanager.com/gtag/js https://twitter.com/ https://pi.pardot.com/pd.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js http://cdn1.readspeaker.com/script/11546/webReader/ https://pi.pardot.com/ https://go.soprasteria.de/ https://www.clarity.ms/ https://walls.io/js/ https://cdn.goldenbees.fr/ https://tag.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://www.youtube.com/ https://chatbot-widget.jobijoba.io https://ytimg.com https://googletagmanager.com https://google-analytics.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://vjs.zencdn.net/7.11.4/video.min.js https://unpkg.com/masonry-layout@4.2.2/dist/masonry.pkgd.min.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://unpkg.com/@gobistories/gobi-web-integration@^6 https://player.gobistories.com/index.js https://www.buzzsprout.com https://d13qcyivyon4xf.cloudfront.net/assistant/js/LivingActorAssistant.min.js https://d13qcyivyon4xf.cloudfront.net/assistant/v1/ozZjNzX6NzXl5Wan5WZ/LivingActorProject/itf_Embedded_WR.xml.json?&r=1652953341324&callback=CallbackFct_ozZjNzX6NzXl5Wan5WZitf_Embedded_WR https://d13qcyivyon4xf.cloudfront.net/assistant/v1/ozZjNzX6NzXl5Wan5WZ/LivingActorProject/resources/Mei_FullBody_320/data.txt.json?&r=1652954516457&callback=CallbackFct_LivingActorAvatar_Mei_FullBody_320; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles-Button.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles.css https://cdn1.readspeaker.com/script/9190/webReader/r/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles.css http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles-Button.css https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://d13qcyivyon4xf.cloudfront.net/assistant/v1/ozZjNzX6NzXl5Wan5WZ/LivingActorProject/skin/E_WR/style12.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://google-analytics.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com/gobi-technologies-as/ https://res.cloudinary.com/gobi-technologies https://d13qcyivyon4xf.cloudfront.net/assistant/v1/ozZjNzX6NzXl5Wan5WZ/LivingActorProject/resources/loader.gif; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/ https://res.cloudinary.com/gobi-technologies-as/ https://res.cloudinary.com/gobi-technologies; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://www.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/ https://maps.google.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://cdn1.readspeaker.com/ https://www.digitale-exzellenz.de/feed/ https://www.digitale-exzellenz.de/category/branchen/ https://www.digitale-exzellenz.de/tag/ https://www.instagram.com/ https://www.instagram.com/soprasteria_fr/ https://www.instagram.com/instagram/ *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://google-analytics.com https://www.linkedin.com/ https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com/gobi-technologies-as/ https://res.cloudinary.com/gobi-technologies; 3
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn *.aliyuncs.com *.aliyun.com *.ctcn.com.cn 3
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl www.edeka-reisen.de www.edeka-urlaubswelt.de www.edeka-reiselust.de www.htc-reisen.de www.mein-kleiner-urlaub.de www.bungalowpark-veluwsehoevegaerde.nl www.deriethorst.com www.drentsewold.nl f.insocial.nl strandparkzeeland.nl www.globista.de; report-to csp-endpoint; report-uri https://www.roompot.nl/cspreports/ 3
frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 3
frame-ancestors 'self' https://m.v12finance.com/; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests;  frame-ancestors 'self' http://cority.lookbookhq.com https://cority.lookbookhq.com http://cority.pathfactory.com https://cority.pathfactory.com http://discover.cority.com https://discover.cority.com https://corityconnect.com/ 3
frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://www.youtube-nocookie.com/ https://changelog.exoscale.com/ 3
frame-ancestors 'self'  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com  https://platform.cloud.coveo.com  https://search.cloud.coveo.com 3
: block-all-mixed-content 3
frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com 3
default-src 'self' https: *.becn.digital *.becn.com https://*.wistia.com https://*.wistia.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.jst.ai *.cloudfront.net https://fonts.googleapis.com fast.wistia.com https://pi.pardot.com https://a.optmnstr.com https://ajax.googleapis.com https://www.googletagmanager.com https://pippio.com https://a.omappapi.com https://ws.audioeye.com https://wsv3cdn.audioeye.com https://analytics.audioeye.com https://go.becn.com https://tools.justuno.com *.ia.initiumsoftware.com *.initiumsoftware.com *.facebook.net *.becn.com *.olark.com *.pingdom.net optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com;  img-src 'self' data: https: *.becn.digital *.becn.digital beaconproplus.com *.beaconproplus.com https://*.wistia.com https://*.wistia.net optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.ia.initiumsoftware.com *.initiumsoftware.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;  frame-src 'self' *.youtube.com *.jst.ai cms.becn.com https://becn.stormersite.com https://wsv3cdn.audioeye.com https://fast.wistia.com https://fast.wistia.net https://www.google.com *.becn.digital data: *.becn.com *.olark.com https://knrpc.olark.com https://static.olark.com/jsclient/loader.js optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.ia.initiumsoftware.com *.initiumsoftware.com  *.visualwebsiteoptimizer.com app.vwo.com;  object-src 'self';  worker-src 'self' *.becn.digital *.becn.com *.cloudfront.net blob: *.olark.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.ia.initiumsoftware.com *.initiumsoftware.com;  style-src 'self' 'unsafe-inline' *.becn.digital *.cloudfront.net https://fonts.googleapis.com https://wsv3cdn.audioeye.com https://fast.wistia.com https://cdnjs.cloudflare.com https://cdn.jst.ai *.ia.initiumsoftware.com *.initiumsoftware.com *.becn.com *.olark.com https://static.olark.com/jsclient/loader.js optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.visualwebsiteoptimizer.com app.vwo.com;  media-src 'self' blob: *.becn.digital *.becn.com beaconproplus.com *.beaconproplus.com https://*.wistia.com https://*.wistia.net d10lpsik1i8c69.cloudfront.net *.olark.com optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.ia.initiumsoftware.com *.initiumsoftware.com;  connect-src 'self' *.becn.com *.becn.digital *.luckyorange.net *.jst.ai *.omappapi.com *.cloudfront.net *.google-analytics.com https://analytics.audioeye.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.litix.io *.initiumsoftware.com *.becn.com *.olark.com https://static.olark.com/jsclient/loader.js pubsub.googleapis.com *.pingdom.net optimize.google.com *.google-analytics.com *.Alchemer.com http://surveys.alchemer.com https://surveygizmobeacon.s3.amazonaws.com *.ia.initiumsoftware.com *.initiumsoftware.com wss://visitors.live wss://in.visitors.live *.visitors.live *.visualwebsiteoptimizer.com app.vwo.com;  font-src 'self' data: https://fonts.gstatic.com https://wsv3cdn.audioeye.com https://*.wistia.com https://cdnjs.cloudflare.com *.ia.initiumsoftware.com *.initiumsoftware.com *.olark.com;  frame-ancestors 'self' https://*.becn.com https://*.becn.digital 3
default-src 'none'; object-src 'self'; media-src blob: https://*.genial.ly https://*.elsevier.com/ https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://*.googleoptimize.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self' https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com/ https://tourmkr.com/ https://*.tourextender.ch/ https://tourextender.ch/ https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com/ https://*.vimeo.com/ https://*.brightcove.net/ https://mixlr.com/ https://*.mixlr.com/ https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 3
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://os.mwscdn.io https://fonts.googleapis.com https://id.myworld.com https://fl-1.cdn.flockler.com/; img-src 'self' https: data:; font-src 'self' data: https://os.mwscdn.io https://fonts.gstatic.com https://maps.googleapis.com; report-uri /csp-report 3
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 3
upgrade-insecure-requests; frame-src 'self' https://www3.mogroup.com https://irs.tools.investis.com https://otp.tools.investis.com https://viz.tools.investis.com https://secure.flife.de https://browserapps.mogroup.com https://service.force.com https://vars.hotjar.com https://policy.app.cookieinformation.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://www.youtube.com https://player.youku.com https://www.facebook.com *.doubleclick.net 3
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 3
default-src https:; frame-src https: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 3
frame-ancestors 'self' *.facebook.com 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.sg  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  widgets.tipranks.com  site.recognia.com  *.traderstation-international.com; 3
frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 3
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 3
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 3
default-src * blob:;connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://analytics.google.com https://api.hubspot.com https://api.hubapi.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://munchkin.marketo.net https://262-hgr-311.mktoresp.com https://262-hgr-311.mktoweb.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://ext.chtbl.com https://web.chtbl.com;frame-src 'self' https://i.prefinery.com https://app.hubspot.com https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://forms.hsforms.com https://vars.hotjar.com https://game.crisp.chat https://ext.chtbl.com https://262-hgr-311.mktoweb.com https://web.chtbl.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat https://262-hgr-311.mktoweb.com;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clickcease.com https://ajax.googleapis.com https://js.hs-banner.com https://widget.prefinery.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://js.hsadspixel.net https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com https://hubspot.clearbit.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat https://ext.chtbl.com https://web.chtbl.com;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 3
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://*.cookiebot.com https://edgecdnhd2-vh.akamaihd.net 3
frame-ancestors 'self' https://lcc30.lifecare.com; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; style-src https: 'unsafe-inline' 'unsafe-eval' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 3
frame-ancestors 'self' http://project44.lookbookhq.com https://project44.lookbookhq.com http://project44.pathfactory.com https://project44.pathfactory.com http://discover.project44.com https://discover.project44.com; 3
default-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 3
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 3
worker-src 'self' blob: 3
child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to * smartlook.cloud e.infogram.com *.smartlook.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net api.mapbox.com e.infogram.com www.facebook.com www.google.com va.tawk.to optimize.google.com www.googleoptimize.com; font-src 'self' data: fonts.gstatic.com; 3
default-src 'self' *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.datatables.net recruitingbypaycor.com cdnjs.cloudflare.com youtube.com *.vimeo.com app.five9.com *.luxsci.com *.google-analytics.com siteimproveanalytics.com *.siteimproveanalytics.com *.vo.msecnd.net www.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdn.datatables.net youtube.com *.vimeo.com app.five9.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placehold.it *.global.siteimproveanalytics.io app.five9.com; media-src 'self' data: blob: youtube.com player.vimeo.com; frame-src 'self' *.recruitingbypaycor.com recruitingbypaycor.com *.youtube.com player.vimeo.com *.google.com *.luxsci.com apply.indeed.com app.five9.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://amwins-portal-api.azurewebsites.net https://app-amwinsportalapi-dev-uat.azurewebsites.net https://app-amwinsportalui-dev-uat.azurewebsites.net https://portal.amwins.com *.google-analytics.com nia-carrierstatesapi-app.azurewebsites.net *.services.visualstudio.com https://app-clportal-api.azurewebsites.net; object-src *.google-analytics.com; 3
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.appdynamics.com *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com s.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.eum-appdynamics.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com sonda.com www.sonda.com snap.licdn.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.weglot.com cdn.weglot.com *.google.com translate.google.com *.googleapis.com *.gstatic.com  www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com cdn.weglot.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; img-src 'self' *.linkedin.com www.googletagmanager.com sonda.com www.sonda.com www.google.cl p.adsymptotic.com px.ads.linkedin.com *.google.com *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' ws24.hotjar.com wss://ws24.hotjar.com vc.hotjar.io cdn-api-weglot.com stats.g.doubleclick.net analytics.google.com in.hotjar.com cdn.weglot.com translate.googleapis.com data:  https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.gstatic.com *.frontify.com *.cloudinary.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com;child-src 'self' vars.hotjar.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; 3
default-src 'self' https://ww2.paytronix.com; script-src 'self' 'unsafe-inline' https://script.hotjar.com http://pi.pardot.com https://snap.licdn.com https://static.hotjar.com http://cdn.pardot.com http://static.ads-twitter.com https://www.google-analytics.com https://nodetracker.datawrkz.com https://fonts.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googleoptimize.com http://www.googleadservices.com https://www.googleadservices.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://dmp.datawrkz.com https://www.googletagmanager.com https://px.ads.linkedin.com https://ww2.paytronix.com http://ww2.paytronix.com; img-src 'self' https://p.adsymptotic.com https://t.co https://analytics.twitter.com https://www.google.com https://fonts.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.googleoptimize.com http://www.googleadservices.com https://www.googleadservices.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://dmp.datawrkz.com https://www.googletagmanager.com https://px.ads.linkedin.com https://ww2.paytronix.com http://ww2.paytronix.com; font-src 'self' data: https://fonts.gstatic.com https://ww2.paytronix.com https://fonts.googleapis.com; child-src 'self' https://vars.hotjar.com/ https://player.vimeo.com/ https://ww2.paytronix.com https://ajax.googleapis.com/;connect-src 'self' https://in.hotjar.com https://nodetracker.datawrkz.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ww2.paytronix.com; 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'none' 3
default-src 'self' https://status.sentia.dk 'unsafe-inline';connect-src 'self' *.gravatar.com *.hotjar.com *.google-analytics.com *.hubapi.com *.hubspot.com *.sharethis.com *.googleadservices.com *.sleeknote.com *.google.nl *.facebook.com *.sleeknote.com sleeknote.com stats.g.doubleclick.net *.cookiebot.com *.doubleclick.net *.googleapis.com *.hsforms.com;font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net data:;frame-src 'self' *.hotjar.com status.sentia.dk *.vimeo.com *.google.com www.youtube.com youtube.com forms.hsforms.com c.sharethis.mgr.consensu.org *.hubspot.com *.cookiebot.com sleeknote.com *.sleeknote.com;img-src 'self' data: *.google-analytics.com *.doubleclick.net *.gstatic.com *.azureedge.net *.hubspot.net *.sentia.com *.hubspot.com *.google.com *.google.ie *.google.nl www.googletagmanager.com *.googleapis.com *.blob.core.windows.net *.sharethis.com forms.hsforms.com *.linkedin.com *.facebook.com *.lfeeder.com *.sleeknote.com blob: *.hsforms.com;manifest-src 'self';media-src 'self' *.vimeo.com *.vimeocdn.com *.youtube.com *.akamaized.net;object-src 'self';script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.amazonaws.com *.googletagmanager.com *.gstatic.com *.licdn.com *.bizographics.com *.googleadservices.com *.linkedin.com tagmanager.google.com *.hotjar.com *.akamized.com *.google.nl *.vimeo.com vimeo.com *.google.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net googleads.g.doubleclick.net *.google.ie js.usemessages.com *.googleapis.com *.hsforms.net *.hsforms.com *.sharethis.com *.hiss3lark.com *.hsleadflows.net *.google.be *.hubspot.com *.facebook.net *.sleeknote.com *.lfeeder.com *.cookiebot.com js.hs-banner.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com tagmanager.google.com *.typekit.net *.sleeknote.com;worker-src 'self'; 3
default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.fitchsolutions.com app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com www.googletagmanager.com players.brightcove.net www.google-analytics.com c.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net; object-src 'none'; frame-src 'self' *.fitchsolutions.com vars.hotjar.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.fitchsolutions.com metrics.brightcove.com l.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co www.google-analytics.com www.google.com www.google.co; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net; prefetch-src 'self' *.fitchsolutions.com; connect-src 'self' blob: *.fitchsolutions.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group c.evidon.com *.funnelenvy.com www.google-analytics.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com notify.bugsnag.com https://c.evidon.com https://l3.evidon.com 3
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' *.oldmutualwealth.co.uk 3
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.eu01.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com; frame-src 'self' staticcontents.investis.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com ir.tools.investis.com staticxx.facebook.com www.youtube.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com; report-uri //report-csp-violation 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://js.monitor.azure.com http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://bat.bing.com/p/action/23001836.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com https://www.google.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/ https://cdn.conversationalsdevelopment.nl/eneco/;connect-src 'self' *.eneco.nl https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.adcalls.nl https://bat.bing.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.adobe.com https://*.adobe.io https://*.adobe.net https://*.omniture.com; connect-src 'self' https: wss://*.hotjar.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' podcast-stream.wbez.org;                connect-src 'self' *.google-analytics.com fast.fonts.net ipmeta.io/api/enrich stats.g.doubleclick.net/j/collect;                font-src 'self' fast.fonts.net fonts.googleapis.com fonts.gstatic.com use.typekit.net;                frame-src 'self' *.google.com cdn.yoshki.com faegredrinker.mediasite.com html5-player.libsyn.com player.pbs.org legaltalknetwork.com sho.co *.youtube.com *.vimeo.com;                img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com;                script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com fast.fonts.net  ipmeta.io siteimproveanalytics.com snap.licdn.com;                style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net p.typekit.net use.typekit.net 3
img-src 'self' data:; 3
default-src 'self'; img-src 'self' https://w3.flatex.de data: https://res.cloudinary.com; font-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://w3.flatex.de; script-src 'self' 'unsafe-inline' https://responder.wt-safetag.com; frame-src 'self' https://konto.flatex.de https://stock.flatexdegiro.com 3
frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 3
default-src *; font-src 'self' data: https://fonts.gstatic.com https://acsbapp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https:; report-uri https://saasopenpa.report-uri.com/r/d/csp/enforce 3
frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk; 3
default-src 'self' whatsapp:; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleoptimize.com/ https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://geoip-js.com https://*.upscope.io wss://*.upscope.io https://*.appsflyer.com https://bat.bing.com https://*.oscato.com https://t.co https://google.com https://*.appsync-api.eu-west-2.amazonaws.com wss://*.appsync-realtime-api.eu-west-2.amazonaws.com https://*.tote.ie https://*.clarity.ms https://*.sports.tote.co.uk https://*.test.sports.tote.co.uk wss://*.sports.tote.co.uk wss://*.test.sports.tote.co.uk; form-action 'self' https://bridge.aircall.io https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com https://*.oscato.com https://webapp.securetrading.net https://danskebank-3ds-vdm.wlp-acs.com https://www.clicksafe.lloydstsb.com https://*.arcot.com https://*.worldpay.com https://*.securesuite.co.uk https://*.cardinalcommerce.com; frame-ancestors 'self'; frame-src https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://minigame.tote.co.uk https://minigame.tote.digital https://colossus.stage.tote.co.uk https://colossus.tote.co.uk https://development.tote.digital https://test.tote.digital https://stage.tote.co.uk https://tote.co.uk https://test-branch.tote.digital https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://*.upscope.io https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com https://*.inseincvirtuals.com/ https://*.oscato.com https://*.prerelease-env.biz/ https://*.pragmaticplay.net/ https://wa.me/ https://*.userzoom.com https://app-pp.trunarrative.cloud https://app.trunarrative.cloud https://development-aws.tote.co.uk https://test-aws.tote.co.uk https://stage-aws.tote.co.uk https://games.pplivedealer.com; img-src 'self' blob: data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://images.ctfassets.net https://images.racingpost.com https://www.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://connect.facebook.net https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://www.google.ie https://insight.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://*.upscope.io https://servedby.flashtalking.com https://cdn.sportcaller.com https://*.oscato.com https://googleads.g.doubleclick.net https://*.userzoom.com https://*.clarity.ms; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://*.upscope.io https://websdk.appsflyer.com https://*.userzoom.com https://*.oscato.com https://*.clarity.ms; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://*.upscope.io https://cdn.tote.co.uk; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.upscope.io https://*.oscato.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://*.userzoom.com; media-src 'self' https://js.intercomcdn.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.secure.footprint.net https://*.atgvision.com https://*.upscope.io https://wab-visualisation.performgroup.com/ blob:; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.upscope.io https://*.attheraces.com https://*.oscato.com blob:; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com analytics.google.com stats.g.doubleclick.net stats.g.doubleclick.com *.searchiq.co *.gstatic.com *.googleapis.com *.addthis.com *.cookielaw.com *.cookielaw.org *.cloudapi.de *.onetrust.com; frame-src 'self' tools.eurolandir.com *.instagram.com *.searchiq.co *.youtube.com *.addthis.com *.hypemarks.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.instagram.com *.licdn.com *.googleapis.com *.searchiq.co *.youtube.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.addthis.com *.addthisedge.com *.cookielaw.com *.cookielaw.org *.hypemarks.com *.moatads.com *.cloudapi.de *.onetrust.com; img-src 'self' data: px.ads.linkedin.com *.searchiq.co *.google-analytics.com analytics.google.com stats.g.doubleclick.com stats.g.doubleclick.net *.google.com *.google.co.uk *.cookielaw.org; font-src 'self' privacyportal-eu-cdn.onetrust.com data: 3
default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 3
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 3
frame-ancestors 'self' *.bronto.com bronto.com 3
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://api.na.chilipiper.com/marketing/getkisi https://a.clickcertain.com https://a.omappapi.com https://a.optmnstr.com https://a.quora.com https://a.remarketstats.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.na.chilipiper.com/marketing.js https://js.usemessages.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com https://netlify-cdp-loader.netlify.app https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.redditstatic.com https://www.youtube.com 3
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 3
worker-src "none" 3
frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 3
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 3
default-src 'self'; frame-src *; connect-src *; font-src *; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *, style-src-elem 'unsafe-inline' * 3
default-src 'self' 'unsafe-inline';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://ws.zoominfo.com;  connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/ https://ws.zoominfo.com;  media-src 'self' data:;  img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud;  frame-ancestors 'self';  child-src 'self';  frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/;  font-src 'self' https://use.typekit.net; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com s.ytimg.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com zz.connextra.com s.btstatic.com s.thebrighttag.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 3
upgrade-insecure-requests; report-uri /__csp-collector/index 3
default-src 'self'  https://docs.google.com  https://www.engie.ro;  script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://cdnjs.cloudflare.com  https://snap.licdn.com  https://cookie-cdn.cookiepro.com https://gateway.zscloud.net https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com/ https://googleads.g.doubleclick.net;  style-src 'self' 'unsafe-inline'  https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: blob: https://www.google.at  https://www.googletagmanager.com https://www.linkedin.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com https://www.engie.ro https://gateway.zscloud.net https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net https://*.google.it;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://docs.google.com https://www.youtube-nocookie.com  https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://engie-romania.force.com https://*.powerapps.com/ https://*.research.net https://*.gdfsuez.ro; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: http://engie.ro http://*.engie.ro https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://cookie-cdn.cookiepro.com  https://gwss.engie.ro https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io/ https://*.onetrust.com; media-src 'self' https://www.youtube.com; 3
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com 3
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://cdnapisec.kaltura.com/ https://*.gstatic.com/ 'self'; child-src  'self'; connect-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://vod.nucleusvideo.astrazeneca.com/ https://cdnapisec.kaltura.com/ https://analytics.kaltura.com/ https://stats.kaltura.com/ https://*.omappapi.com/ wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://omny.fm https://docs.google.com/ https://quadia.webtvframework.com/ http://quadia.webtvframework.com/ https://share.transistor.fm/ https://www.bbc.com/ https://dms.licdn.com/ https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.bbci.co.uk/ https://cfvod.kaltura.com/ https://www.facebook.com/ http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/  https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ 'self' data:; media-src https://cdnapisec.kaltura.com/ blob: 'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://artsportaal.nl/ https://*.artsportaal.nl/ https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 3
default-src 'self'; script-src 'self'; 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 3
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3
default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com http://*.scarabresearch.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://trck.spoteffects.net https://googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://www.google.com/pagead/ https://*.clarity.ms; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://tagmanager.google.com www.googletagmanager.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; font-src 'self' https://themes.googleusercontent.com data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: https://www.google-analytics.com https://analytics.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://*.taboola.com https://ctx-nsp-sell-watches-dev.s3.eu-west-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://prs.stage.chronext.com https://prs.ful.chronext.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://api.zenloop.com https://maps.googleapis.com 3
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3
frame-ancestors 'self' *.pangle.io *.pangle-b.io 3
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://partssource.report-uri.com/r/d/csp/enforce 3
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com app-script.monsido.com connect.facebook.net *.cloudfront.net media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com drive.google.com *.googleusercontent.com docs.google.com web-messenger.ingenious.ai *.smooch.io; style-src 'self' 'unsafe-inline' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au fonts.googleapis.com tagmanager.google.com fast.fonts.net *.openforms.com fontlibrary.org *.googletagmanager.com web-messenger.ingenious.ai *.smooch.io; img-src 'self' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au dhhs.vic.gov.au www.dhhs.vic.gov.au base.maps.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jp www.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com *.fastly.net cdn.storerocket.io assets.storerocket.io *.gravatar.com *.smooch.io *.ingenious.ai; font-src 'self' data: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org *.smooch.io *.ingenious.ai; frame-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net livestream.com flo.uri.sh zingtree.com deakin.h5p.com padlet.com e.infogram.com; manifest-src 'self'; media-src *.ingenious.ai; connect-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.myvictoria.vic.gov.au discover.data.vic.gov.au directory.data.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au api.go.vic.gov.au geo.mapshare.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net api.ipify.org *.mapbox.com drwgdblqzrfiz.cloudfront.net iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com *.fastly.net storerocket.io *.storerocket.io analytics.google.com web-messenger.ingenious.ai stat.data.abs.gov.au wss://*.smooch.io *.smooch.io *.au.ingenious.ai; frame-ancestors 'self' *.vic.gov.au; report-uri https://sdpops.report-uri.com/r/d/csp/enforce 3
default-src 'self' https://*.dormakabagroup.com ; prefetch-src 'self' https://*.dormakabagroup.com ; frame-src 'self' https://*.dormakabagroup.com https://*.dormakaba.com https://cdn.iframe.ly https://*.vimeo.com https://*.vimeocdn.com https://irs.tools.investis.com https://*.jotformeu.com https://*.jotform.com https://*.pardot.com https://www.youtube.com https://web.inxmail.com ; frame-ancestors 'self' https://*.dormakabagroup.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dormakabagroup.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://cdn.cookielaw.org ; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; img-src 'self' data: blob: https://*.dormakabagroup.com https://images.ctfassets.net https://videos.ctfassets.net https://cdn.uc.assets.prezly.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://www.google-analytics.com https://fonts.gstatic.com https://cdn.cookielaw.org ; media-src 'self' https://videos.ctfassets.net;  font-src 'self' https://fonts.gstatic.com data: ; connect-src 'self' https://*.dormakabagroup.com https://*.contentful.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.onetrust.com https://analytics.google.com https://*.doubleclick.net https://api.prezly.com ; worker-src 'self' ; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 3
default-src 'self'; frame-src 'self' data: https://optimize.google.com https://oc-assets.klarnaservices.com https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://oc-library.klarnaservices.com https://*.criteo.com https://*.criteo.net https://*.api.useinsider.com https://*.useinsider.com https://*.g.doubleclick.net https://*.doubleclick.net https://www.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://optimize.google.com https://*.klarnacdn.net https://*.useinsider.com https://*.api.useinsider.com https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com 'unsafe-inline'; font-src 'self' data: https://static.zipmoney.com.au https://*.klarnacdn.net https://*.useinsider.com https://*.api.useinsider.com https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.klarnaservices.com https://*.useinsider.com https://*.criteo.com https://*.api.useinsider.com https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbtp.nzsale.co.nz https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com analytics.google.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.es www.youtube.com *.googlesyndication.com http://api.map.baidu.com *.bdimg.com *.baidu.com aidback-test.applus.solutions aidback.applus.solutions aid-public.applus.solutions apps.applus.com code.jquery.com v.qq.com maps.googleapis.com www.applus.com docs.google.com bookeo.com *.bookeo.com cdn.usefathom.com static.hotjar.com httpbin.org api.ipify.org tracker.metricool.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com applus.media data:; object-src 'none'; base-uri 'self'; 3
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net cdn.podigee.com; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 3
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 3
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; base-uri 'self'; 3
frame-ancestors 'self' dampsoft.de *.dampsoft.de 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  3
frame-ancestors 'self' app.contentful.com 3
default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net *.readspeaker.com sadmin.brightcove.com syndication.twitter.com cdn.syndication.twimg.com tagmanager.google.com *.vimeocdn.com; img-src 'self' data: ssl.gstatic.com https://files.fundacionlacaixa.org https://cdn.cookielaw.org *.atdmt.com www.gstatic.com *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net caixaforum.emexs.es cosmocaixa.emexs.es ucarecdn.com *.readspeaker.com syndication.twitter.com *.twimg.com platform.twitter.com *.fbcdn.net *.ytimg.com *.cdninstagram.com *.vimeocdn.com; frame-src 'self' https://secure-ds.serving-sys.com fls.doubleclick.net open.spotify.com caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com www.google.com *.readspeaker.com platform.twitter.com players.brightcove.net syndication.twitter.com player.vimeo.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com caixaforum.emexs.es cosmocaixa.emexs.es *.readspeaker.com platform.twitter.com *.twimg.com tagmanager.google.com *.vimeocdn.com; font-src 'self' data: *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://secure-ds.serving-sys.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org caixaforum.emexs.es cosmocaixa.emexs.es 3
default-src 'self' *.storyblok.com; connect-src 'self' ws: *.demdex.net *.g.doubleclick.net *.google-analytics.com *.infobip.com *.hotjar.com *.hotjar.io *.shell.com *.storyblok.com *.recruitee.com *.evidon.com *.demdex.net *.metrics-shell.com *.hsforms.net *.hsforms.com *.hubspot.com *.google.com *.livestorm.co; frame-ancestors 'self' *.storyblok.com; frame-src 'self' *.demdex.net *.g.doubleclick.net *.hsforms.net *.hsforms.com *.newmotion.com *.pardot.com *.flashtalking.com *.hotjar.com *.evidon.com *.hsforms.com *.hubspot.com *.google.com *.goo.gl *.salesforce.com *.shellrecharge.com *.infobip.com *.srstest.io *.youtube.com *.vimeo.com *.doubleclick.net *.livestorm.co; style-src 'self' *.storyblok.com 'unsafe-inline'; script-src 'self' *.adobedtm.com *.demdex.net *.evidon.com *.g.doubleclick.net *.facebook.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.hubspot.com *.infobip.com *.lfeeder.com *.licdn.com *.shell.com *.storyblok.com *.salesforce.com *.metrics-shell.com *.google.com *.goo.gl *.youtube.com *.vimeo.com *.doubleclick.net *.livestorm.co 'unsafe-inline' 'unsafe-eval'; object-src 'self' data:; img-src 'self' data: *.adsymptotic.com *.everesttech.net *.evidon.com *.google.com *.google-analytics.com *.googletagmanager.com *.lfeeder.com *.linkedin.com *.storyblok.com *.doubleclick.net *.demdex.net 3
default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://vars.hotjar.com https://optimize.google.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube.com https://w.soundcloud.com https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://lltrck.com;script-src 'self' 'unsafe-inline' https://snap.licdn.com https://s.ytimg.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com;font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://www.google.com.co;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://pi.pardot.com https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com/ https://*.algolia.net https://*.algolianet.com;prefetch-src 'self' https://pi.pardot.com https://www.googletagmanager.com https://www.google-analytics.com 3
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://pub-storage.s3.us-east-1.amazonaws.com/ *.system1.com *.typekit.net *.formstack.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com s.flocdn.com mapquest.com *.mapquest.ca *.youtube.com s3.amazonaws.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com jobs.lever.co *.soflopxl.com data:; img-src *; 3
frame-ancestors 'self' https://buttercms.com 3
default-src 'self'; img-src 'self' images.ctfassets.net https://www.google-analytics.com https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://v2assets.zopim.io https://tr.snapchat.com https://www.facebook.com https://ct.pinterest.com https://www.pinterest.com https://network-stg.bazaarvoice.com https://d.adroll.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://simage2.pubmatic.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://idsync.rlcdn.com https://us-u.openx.net https://ib.adnxs.com https://cm.g.doubleclick.net https://10800822.fls.doubleclick.net https://sync.mathtag.com https://match.adsrvr.org https://rc.rlcdn.com https://edge.curalate.com https://bat.bing.com https://cdn.feedbackify.com https://tag.yieldoptimizer.com https://s3.amazonaws.com https://*.bazaarvoice.com https://production-web-michaelhill.demandware.net https://www.michaelhill.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://optimize.google.com https://*.zip.co https://*.zipmoney.com.au; style-src 'self' https://www.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.carousel.css https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.theme.css https://optimize.google.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.zip.co https://*.zipmoney.com.au; font-src 'self' data: localhost https://fonts.gstatic.com; media-src https://player.vimeo.com/ https://vod-progressive.akamaized.net/ https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com www.googleadservices.com https://*.hotjar.com https://sc-static.net https://unpkg.com http://cloudfront.barilliance.com https://*.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://static.zdassets.com https://connect.facebook.net https://googleads.g.doubleclick.net https://s.pinimg.com https://analytics.tiktok.com https://s.adroll.com https://cdn.rudderlabs.com http://edge.curalate.com https://d.adroll.com https://cdn.feedbackify.com https://www1.feedbackify.com https://ajax.googleapis.com https://s3.amazonaws.com https://bat.bing.com https://www.barilliance.net https://www.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.zip.co https://*.zipmoney.com.au; connect-src 'self' https://www.google-analytics.com https://www.googleapis.com https://maps.googleapis.com https://ekr.zdassets.com https://michaelhill.zendesk.com wss://widget-mediator.zopim.com https://ct.pinterest.com https://apps.bazaarvoice.com https://api.rudderlabs.com https://michaelhill-dataplane.rudderstack.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://in.hotjar.com https://edge.curalate.com https://tr.snapchat.com https://bat.bing.com https://api.pinpiaa.com https://d.adroll.com https://*.zip.co https://*.zipmoney.com.au; frame-ancestors 'none'; object-src 'none'; frame-src https://bid.g.doubleclick.net http://10800822.fls.doubleclick.net https://tr.snapchat.com https://vars.hotjar.com https://www.facebook.com https://www.pinterest.com https://www.pinterest.com.au https://optimize.google.com https://www.youtube.com https://*.zipmoney.com.au 3
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 3
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com *.google-analytics.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 3
frame-ancestors 'self' http://webvisor.com ; 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 3
report-uri https://www.hoka.com/_/csp-reports?siteKey=d494UHifw_Ts-A 3
font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://www.socialintents.com; img-src 'self' data: https://www.digistate.nl https://www.digistate.eu https://www.digistate.lt https://www.facebook.com https://secure.gravatar.com https://www.google-analytics.com; default-src 'self' *.digistate.nl *.digistate.eu *.digistate.lt 'unsafe-inline' 'unsafe-eval' http://www.digistate.nl https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net https://www.socialintents.com https://www.google.com https://secure.gravatar.com https://api.w3-edge.com *.facebook.com https://www.gstatic.com https://www.youtube.com https://youtu.be 3
report-uri https://echo360.com 3
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 3
default-src 'self' images.salzburg-ag.at; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' maps.googleapis.com assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net  tr.snapchat.com www.google-analytics.com www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.salzburg-ag.at www.google-analytics.com tr.snapchat.com *.g.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track  *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' *.cablelink.at www.google.com ocilion.com p.artworx.at form.typeform.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 3
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 3
frame-ancestors 'self' psa.digitalinsight.com; 3
frame-ancestors 'self' *.azdev.direct *.adobe.com 3
default-src wss://*.jivosite.com/ https://insights.sitesearch360.com https://*.jivosite.com https://telemetry.jivosite.com https://*.victoriabank.md/ https://web.vb24.md/wb/ https://www.victoriabank.md/solicitare-credit/index.html https://play.google.com/ https://vbcredit.victoriabank.md/CreditOnline/CreditExpres.aspx https://starcard.md/ https://starcard.md/magazine-star/ https://www.victoriabank.md/SMS-notifications/Default.aspx https://vanzari.victoriabank.md/ https://www.facebook.com/VictoriabankMD/ https://twitter.com/victoriabankmd https://www.linkedin.com/company/victoriabank/ https://www.instagram.com/victoriabank.md/ https://www.youtube.com/user/VictoriaBankMoldova https://*.scribd.com https://*.youtube.com/ https://numbers.md/ https://*.admixer.net/ https://*.google.ro https://*.sitesearch360.com https://*.gstatic.com/ https://maps.googleapis.com/ https://*.typekit.net/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ blob: data:; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.gstatic.com/ https://*.typekit.net/ data:; object-src 'none' 3
script-src www.anuvu.com qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com *.sajari.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com *.sajari.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' d1io3yog0oux5.cloudfront.net 3
default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ;  style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:  3
default-src *   ;report-uri /xp/CSPReport.ashx   ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:   ;style-src * 'unsafe-inline'   ;connect-src * blob:   ;font-src * data:   ;object-src *   ;img-src * data: blob:   ;media-src * blob:   ;frame-src * data: gsa: ajaxhandler:   ;child-src * blob:   ;worker-src * blob:   ;form-action * javascript:   ;frame-ancestors 'self' 3
default-src 'self'; style-src 'self' 'unsafe-inline' 3
default-src data: https: mailto: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: mailto: 'self' 'unsafe-eval' 'unsafe-inline' 3
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 3
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval'; block-all-mixed-content; upgrade-insecure-requests 3
default-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com *.mauve.work www.google-analytics.com www.googletagmanager.com unpkg.com; img-src https://* data: *.mauve.work; font-src 'self' netdna.bootstrapcdn.com data:; script-src 'self' 'unsafe-inline' www.privacypolicies.com ajax.googleapis.com data: www.google-analytics.com www.googletagmanager.com cdn.ckeditor.com unpkg.com www.google.com www.gstatic.com 'unsafe-eval'; child-src 'none'; frame-src 'self' www.google.com outlook.office365.com www.youtube-nocookie.com www.youtube.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://mc.yandex.ru https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net; img-src 'self' data: https://api.cs.fail https://cs.fail https://api.csfail.net https://csfail.net https://api.csfail.pro https://csfail.pro https://api.csfail.org https://csfail.org https://mc.yandex.ru https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com https://s-static.ak.facebook.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self'  https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com; frame-ancestors 'self' https://app.utorg.pro ; connect-src 'self' data: wss://api.cs.fail https://api.cs.fail wss://api.csfail.net https://api.csfail.net wss://api.csfail.pro https://api.csfail.pro wss://api.csfail.org https://api.csfail.org https://mc.yandex.ru https://www.google-analytics.com https://ssl.google-analytics.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com; object-src 'none'; 3
frame-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; frame-ancestors 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; object-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; 3
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add; 3
frame-ancestors 'self' https://www.baylismediabookings.co.uk/ 3
base-uri 'self'; default-src 'self'; script-src 'unsafe-inline' 'self' 'report-sample' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com https://optimize.google.com https://www.googleoptimize.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-4UhLCgKlVNhASJe4pv87BqrVAtuWHCCIL4vLrQaArvE=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-IFdHP6FKY0MQBC+od6xMrh5QAMoU+tO/MK+dcom7YfM=' 'sha256-DXD1T4kn9NV0uhPxqnX0E3P1N8Xw334hO4wRHijx4yw='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com *.bing.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com; img-src 'self' data: https://www.google.com https://www.google.be https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu https://optimize.google.com *.bing.com *.microsoft.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://optimize.google.com sdx.microsoft.com; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 3
frame-ancestors 'self' https://*.ageoflearning.com; 3
frame-ancestors 'self' marketing.myresman.com; report-uri /report-violation 3
img-src * data: 3
https: 3
frame-ancestors https://io.apply.creditkarma.com 3
default-src data: 'self' https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 3
default-src 'self' *.stackadapt.com *.truste.com *.omtrdc.net *.livechatinc.com *.chatbot.com *.adobe.com c.6sc.co secure.adnxs.com epsilon.6sense.com *.tableau.com *.experian.com *.experianmarketingservices.com api.ipgeolocation.io *.adobedtm.com *.adsrvr.org *.ads-twitter.com *.bing.com *.brightcove.com *.brightcove.net *.brightfunnel.com *.cloudflare.com *.demdex.net *.doubleclick.net *.eloqua.com *.everesttech.net *.facebook.com *.facebook.net metrics1.experian.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hsadspixel.net *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hs-scripts.com *.hubapi.com *.hubspot.com *.hubspot.net *.licdn.com *.linkedin.com *.omappapi.com *.omniture.com *.optmnstr.com *.terminus.services *.twimg.com *.twitter.com *.usemessages.com *.youtube.com *.zencdn.net *.google-analytics.com img.en25.com p.adsymptotic.com bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; 3
default-src 'none'; script-src 'self' consent.cookiebot.com consentcdn.cookiebot.com assets.adobedtm.com connect.facebook.net snap.licdn.com www.googletagmanager.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net munchkin.marketo.net www.google.com www2.techem.com https://app-nld102.marketo.com/js/forms2/js/forms2.min.js https://app-nld102.marketo.com/ https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://assets.sitescdn.net/answers-search-bar/v1.0/ https://answers-embed.techem.de.pagescdn.com/ *.adition.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net/answers-search-bar/v1.0/ https://app-nld102.marketo.com/ www2.techem.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data:; img-src 'self' data: https: *.adspirit.de; frame-src consentcdn.cookiebot.com www.youtube.com www.facebook.com bid.g.doubleclick.net techem.prospective.de *.yextpages.net answers-embed.techem.de.pagescdn.com app-nld102.marketo.com www2.techem.com; manifest-src 'self'; connect-src 'self' https://784-bqv-997.mktoresp.com https://549-bho-641.mktoresp.com/ www.google.com www.facebook.com 549-bho-641.mktoutil.com 784-bqv-997.mktoutil.com googleads.g.doubleclick.net www2.techem.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/ https://www2.techem.com/ https://adservice.google.com/pagead/regclk https://consentcdn.cookiebot.com/ https://tmd.sc.omtrdc.net/ https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com api.friendlycaptcha.com https://prod-102.westeurope.logic.azure.com:443/workflows/83f5229f56584e679f262805c2577a90/triggers/manual/paths/ https://answers.yext-pixel.com/realtimeanalytics/ https://liveapi.yext.com https://liveapi-cached.yext.com; media-src 'self' https://static.widget.trengo.eu; child-src blob: 3
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' www.youtube.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com twitter.com static.queue-it.net p.typekit.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googleadservices.com connect.facebook.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com www.google-analytics.com stats.g.doubleclick.net optimize.google.com widgets.instantencore.com services.instantencore.com code.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com www.youtube.com twitter.com s.pinimg.com www.googleadservices.com use.typekit.net s.yimg.com static.queue-it.net queue-it.net assets.queue-it.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net static.ads-twitter.com sp.analytics.yahoo.com analytics.twitter.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net googleads.g.doubleclick.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io cdn.siteimprove.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com widgets.instantencore.com services.instantencore.com code.jquery.com recruitingbypaycor.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca optimize.google.com code.jquery.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.typekit.net data: tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.youtube.com p.typekit.net pixel-a.basis.net pixel.sitescout.com stats.g.doubleclick.net bat.bing.com t.co www.google.com ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com ssl.gstatic.com lh3.googleusercontent.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.youtube.com widgets.instantencore.com services.instantencore.com s3.amazonaws.com *.fls.doubleclick.net *.analytics.yahoo.com tags.w55c.net pubads.g.doubleclick.net; media-src 'self' data: blob: www.youtube.com o-pa.org www.o-pa.org ticketomaha.com www.ticketomaha.com vimeo.com player.vimeo.com; frame-src 'self' www.youtube.com twitter.com pixel-a.basis.net pixel.sitescout.com fls.doubleclick.net 6899690.fls.doubleclick.net bid.g.doubleclick.net 8071554.fls.doubleclick.net www.google.com 8093096.fls.doubleclick.net omahapa-preprod.azurewebsites.net ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com www.pinterest.com recruitingbypaycor.com vimeo.com player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com optimize.google.com www.google-analytics.com code.jquery.com *.siteimprove.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net s.yimg.com ct.pinterest.com performance.typekit.net omahapa-preprod.azurewebsites.net bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com stats.g.doubleclick.net www.google-analytics.com optimize.google.com code.jquery.com *.siteimprove.com *.googleadservices.com *.google.com *.facebook.net; 3
script-src 'unsafe-inline' 'self' data: 'unsafe-eval' blob: www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com assets.adobedtm.com;frame-src 'self' www.google.com www.googletagmanager.com www.youtube.com 3
upgrade-insecure-requests; frame-ancestors 'self' *.aviationhub.aero aviationhub.aero webnavweb-qa-pandcplus-hub.azurewebsites.net webnavweb-test3-pwc-hub.azurewebsites.net *.azurewebsites.net; 3
default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com *.youtube.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.opmnstr.com *.omappapi.com *.gstatic.com *.google-analytics.com *.youtube.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.jobscore.com; 3
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 3
policy-uri /'none' 3
frame-ancestors 'self' https://*.facebook.com 3
default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 3
frame-ancestors 'self' *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com 3
frame-ancestors https://my.bigcartel.com https://www.bigcartel.com https://bigcartel.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com; block-all-mixed-content; upgrade-insecure-requests; 3
script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 3
default-src 'self' 'unsafe-eval' https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com  https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com  https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tamm.abudhabi https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae http://w3.org  https://httpbin.org https://directline.botframework.com  https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://schdmngr.tamm.abudhabi https://recaptcha.net  https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com  https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' wss://directline.botframework.com https://comms.omnichannelengagementhub.com  https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https:; 3
connect-src 'self' https: http://localhost:3035 ws://localhost:3035 3
default-src 'self' https://tpc.googlesyndication.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.brighttalk.com https://cdn.wisepops.com https://cdn.inspectlet.com https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://secure.cave9tape.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.adroll.mgr.consensu.org https://*.adroll.com https://munchkin.marketo.net https://www.google.com https://optimize.google.com https://cdn.ampproject.org https://www.googletagmanager.com https://tagmanager.google.com https://securepubads.g.doubleclick.net https://cdn.euromoneyapi.com https://js.revsci.net https://www.gstatic.com https://adservice.google.com https://adservice.google.rs https://www.google-analytics.com https://loader.wisepops.com https://sjs.bizographics.com https://cdn.subscribers.com https://www.googletagservices.com https://cdn.mouseflow.com https://*.ubembed.com https://z.moatads.com https://tpc.googlesyndication.com https://*.serving-sys.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com;                font-src 'self' data: https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com;                style-src 'self' 'unsafe-inline' https://ton.twimg.com https://code.jquery.com https://optimize.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com https://tagmanager.google.com https://platform.twitter.com;                style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.twimg.com https://*.jquery.com https://*.twitter.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com;               connect-src 'self' https://*.inspectlet.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.google-analytics.com https://popup.wisepops.com https://cdn.subscribers.com https://googleads4.g.doubleclick.net https://csi.gstatic.com/ https://*.mktoresp.com https://*.serving-sys.com;                img-src * data: https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;                frame-src 'self' 'unsafe-inline' https://*.net https://*.com https://*.twitter.com https://*.googlesyndication.com;               object-src 'self';                prefetch-src 'self' https://*.googlesyndication.com 3
default-src https: 'unsafe-inline' blob: data: 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self' data: 3
frame-ancestors http://*.viewlift.com 3
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro www.google.com *.googlesyndication.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com *.ampproject.net *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com; img-src * data: blob: 'self'; script-src * https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 3
default-src 'self' *.myyellow.com https:; script-src 'self' https://assets.adobedtm.com https://www.google-analytics.com https://www.google.com https://www.youtube.com https://www.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://connect.facebook.net https://action.dstillery.com 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; form-action 'self' *.salesforce.com *.myyellow.com https:; frame-ancestors 'self' 3
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com images.ahpc.us www.googletagmanager.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 3
upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.utconf.ru *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 3
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self' 3
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 3
default-src 'self' https://graph.instagram.com/ https://open.spotify.com/ https://twitter.com https://*.twitter.com https://googletagmanager.com https://*.ads-twitter.com http://localhost https://qa.cognizantsoftvision.com https://*.cognizantsoftvision.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org https://*.cloudflare.com https://*.hsforms.net https://*.hsforms.com https://*.jsdelivr.net https://*.hotjar.com/ https://*.hubspot.com https://*.hs-scripts.com https://*.softvision.com https://softvision.com https://*.hsleadflows.net https://*.hs-analytics.net https://*.usemessages.com https://*.bootstrapcdn.com https://*.wpengine.com https://*.cdninstagram.com https://*.googletagmanager.com https://*.driftt.com https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.youtube.com https://*.alicdn.com https://*.amazonaws.com https://linkedin.com https://*.google.com https://*.vimeo.com https://*.drift.com https://*.hotjar.io https://*.hubspot.net https://*.ytimg.com https://*.yoast.com https://yoast.com https://*.github.com https://*.cognizantsoftvision.com https://*.googleadservices.com https://*.hs-banner.com https://*.redditstatic.com https://*.sc-static.net https://*.facebook.net https://*.quora.com https://*.adsymptotic.com https://*.fontawesome.com https://*.hs-analytics.com https://*.reddit.com https://*.newrelic.com  https://sc-static.net https://*.facebook.com https://youtube.com https://*.google.com.ar https://*.snapchat.com https://web-prod.cognizantsoftvision.com https://*.cognizantsoftvision.com script-src: 'unsafe-inline' 'unsafe-eval' img-src: data: 'self' font-src: 'self' blob: 3
frame-ancestors 'self' https://nl.indeauville.fr https://en.indeauville.fr https://de.indeauville.fr https://es.indeauville.fr https://www.domainedevillers.fr https://www.thalasso-deauville.com https://benerville.fr http://www.lacloseriedeauville.com http://www.augeval.com http://www.congres-deauville.com https://www.hotel-saint-james.fr https://www.bellevue-hotel.fr https://www.mairie-benerville.neopse-site.fr https://www.benerville.fr https://www.acapars.com/ https://www.central-trouville.com/ 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://app.firedrumemailmarketing.com fdsend.com; 3
default-src 'self' www.google-analytics.com *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com *.openstreetmap.org; img-src 'self' 'unsafe-inline' www.google-analytics.com secure.gravatar.com *.tile.openstreetmap.org data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google.com *.openstreetmap.org; object-src 'none'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; 3
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com https://webvisor.com http://*.webvisor.com https://*.webvisor.com 3
default-src 'none'; font-src https://www.cobytes.com/assets/; img-src 'self' data: https://insight.cobytes.com/matomo.php; object-src 'none'; script-src https://www.cobytes.com/assets/ https://insight.cobytes.com/matomo.js; connect-src 'self' https://insight.cobytes.com/matomo.php; style-src https://www.cobytes.com/assets/ 'unsafe-inline'; frame-src 'self' https://insight.cobytes.com/index.php; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' 3
default-src 'self' 'unsafe-eval'; frame-src 'self' *.fls.doubleclick.net/ *.leaddesk.com https://research.innolink.fi/ https://metsaliitto.demdex.net/ https://app.powerbi.com https://analytics-eu.clickdimensions.com/ https://dreambroker.com/ https://cloudui-emea01.profilestore.episerver.net *.youtube.com https://youtube.com https://youtu.be *.vimeo.com https://vimeo.com *.dreambroker.com *.euroland.com *.op-koti.fi https://op-koti.fi https://events.icareus.com/ https://interactive.brightgroup.com *.videosync.fi https://cdn.videosync.fi *.calculationtools.com *.jquery.com https://www.google.com/ *.flockler.com https://storage.net-fs.com/; script-src 'self' https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com *.leaddesk.com https://ajax.googleapis.com https://research.innolink.fi https://omniture.com https://adobe.com https://adobe.net https://adobe.io *.omtrdc.net https://adminconsole.adobe.com *.services.adobe.com https://assets.adobedtm.com https://sstats.adobe.com https://adobeid-na1.services.adobe.com https://assets2.adobe.com https://maps.googleapis.com https://assets.adobedtm.com https://fl-cdn.scdn1.secure.raxcdn.com *.flockler.com https://plugins.flockler.com https://app.powerbi.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com/ https://analytics-eu.clickdimensions.com/ https://cloudui-emea01.profilestore.episerver.net https://dl.episerver.net https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://login.microsoftonline.com *.jquery.com *.euroland.com http://maps.google.com/maps/api/ http://maps.googleapis.com/maps/api/ http://maps.google.com/maps-api-v3/api/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://youtube.com *.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://research.innolink.fi https://fl-1.cdn.flockler.com https://app.powerbi.com https://cloudui-emea01.profilestore.episerver.net https://dl.episerver.net https://fonts.googleapis.com 'unsafe-inline'; img-src * data:; media-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' ws: https://publish.ne.cision.com https://maps.googleapis.com https://research.innolink.fi https://dpm.demdex.net https://omniture.com https://adobe.com https://adobe.net https://adobe.io *.omtrdc.net *.onetrust.com https://adminconsole.adobe.com *.services.adobe.com https://assets.adobedtm.com https://sstats.adobe.com https://adobeid-na1.services.adobe.com https://assets2.adobe.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com/ https://dc.services.visualstudio.com *.flockler.com 3
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3
style-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com partners.designmynight.com atlas.microsoft.com; font-src 'self' data: *.googleapis.com *.google-analytics.com *.gstatic.com *.tenkites.com atlas.microsoft.com; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.hotjar.com *.tiktok.com *.licdn.com *.ads-twitter.com *.twitter.com *.bing.com *.facebook.net *.google.com *.gstatic.com  *.google-analytics.com *.exponea.com *.tenkites.com menus.tenkites.com partners.designmynight.com code.jquery.com secure.livebookings.com bda.bookatable.com atlas.microsoft.com connect.facebook.net; worker-src 'self' blob: atlas.microsoft.com; frame-ancestors *.googleapis.com *.google.com *.google.com *.gstatic.com menus.tenkites.com; object-src 'none' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 3
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 3
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 3
default-src 'self';      script-src 'self' *.husky.ca *.episerver.net *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://jelly.mdhv.io/ *.licdn.com *.gstatic.com *.onetrust.com https://cdn.cookielaw.org https://az416426.vo.msecnd.net https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://img.en25.com https://ajax.googleapis.com/ajax/libs/ https://code.jquery.com https://*.eloqua.com http://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js 'unsafe-inline' 'unsafe-eval';      connect-src 'self' *.episerver.net *.google-analytics.com *.doubleclick.net *.services.visualstudio.com *.onetrust.com https://cdn.cookielaw.org https://ws.sessioncam.com/ https://analytics.google.com/g/collect;      frame-src 'self' https://app.tealbook.com *.google.com *.microsoftonline.com www.youtube.com *.spotify.com *.apple.com;      style-src 'self' *.episerver.net https://cdn.jsdelivr.net https://ajax.googleapis.com/ajax/libs/ 'unsafe-inline';      img-src 'self' *.episerver.net *.adsymptotic.com *.linkedin.com *.doubleclick.net *.google.com *.google.ca *.googletagmanager.com *.google-analytics.com *.ytimg.com https://cdn.cookielaw.org https://img.en25.com https://s1893.t.eloqua.com https://ajax.googleapis.com/ajax/libs/  https://jelly.mdhv.io/ data:; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com 3
'self' 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/enforce 3
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-itops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-bau-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-devops-sair-static-assets.s3-eu-west-1.amazonaws.com eu01-dev-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 3
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.intersport.serv.si www.intersport.si intersport.si cdnjs.cloudflare.com www.google-analytics.com www.google.com www.google.si omara.cdn-cnj.si img.cdn-cnj.si www.google.de stats.g.doubleclick.net fonts.googleapis.com cpx.smind.si cpx.smind.hr fonts.gstatic.com www.gstatic.com www.googletagmanager.com chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com www.googleadservices.com *.paypal.com www.paypal.com ajax.googleapis.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com googleads.g.doubleclick.net www.intersport.hr *.mercator.si maps.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com tagmanager.google.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.segmentify.com *.google.com  api.instacloud.io *.cdninstagram.com *.fna.fbcdn.net fcm.googleapis.com *.vimeo.com my.matterport.com my.mpskin.com graph.instagram.com *.fitanalytics.com; frame-ancestors 'self' https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs 3
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com wss://api.qooqie.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.crownstudent.com; 3
default-src 'self'; script-src 'self' *.storyblok.com 'unsafe-inline' *.cloudfront.net *.googleapis.com *.gstatic.com recaptcha.net *.facebook.net *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.livechatinc.com *.stripe.com *.youtube.com *.mappedin.com *.adsrvr.org www.googleadservices.com js.adsrvr.org googleads.g.doubleclick.net http://bid.g.doubleclick.net/ 'unsafe-eval'; style-src 'self' blob: *.storyblok.com 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com; img-src 'self' *.storyblok.com *.cloudinary.com *.facebook.com *.google.com *.google.com.au placehold.it *.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.simplybook.me lh3.googleusercontent.com data: *.trackjs.com *.vicinity.com.au *.mappedin.com mipubapistorageprod.blob.core.windows.net; font-src 'self' *.amazonaws.com *.storyblok.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com data:; connect-src 'self' stats.g.doubleclick.net *.cloudfront.net *.mappedin.com *.googleapis.com *.google-analytics.com sentry.io *.simplybook.me *.vicinity.com.au *.trackjs.com mipubapistorageprod.blob.core.windows.net; frame-src 'self' *.youtube.com *.vimeo.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com *.livechatinc.com *.stripe.com socialq.net recaptcha.net *.trybooking.co.nz *.trybooking.com insight.adsrvr.org 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com *.googletagservices.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com www.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com *.googlesyndication.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com *.facebook.com https://*.facebook.com  bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 3
frame-ancestors 'self' *.ghrr.com; block-all-mixed-content; default-src 'self' 'unsafe-inline'  *.amazonaws.com display.popt.in *.popt.in *.ghrr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.stripe.com globalhr.my.salesforce.com *.force.com pi.pardot.com https://use.fontawesome.com *.amazonaws.com *.popt.in go.ghrr.com www.google.com www.gstatic.com *.vimeo.com vimeo.com *.cloudflare.com https://kit.fontawesome.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com *.salesforceliveagent.com; style-src 'self' 'report-sample' 'unsafe-inline' *.force.com *.popt.in *.cloudflare.com fonts.googleapis.com *.fontawesome.com; object-src data: 'unsafe-eval'; frame-src 'self' *.ghrr.com *.sharefile.com vars.hotjar.com *.googletagmanager.com *.stripe.com *.google.com *.zoom.us service.force.com *.vimeo.com vimeo.com; child-src 'self' www.googletagmanager.com; img-src 'self' data: blob: fonts.gstatic.com s3.us-east-1.amazonaws.com *.stripe.com *.craft-cdn.com script.hotjar.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.ghrr.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com fonts.googleapis.com *.fontawesome.com script.hotjar.com; connect-src 'self' vimeo.com *.vimeo.com *.force.com  *.craftcms.com *.popt.in *.sharefile.com *.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.cloudfront.net *.hotjar.com wss://*.hotjar.com *.hotjar.io www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about:; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' s3.us-east-1.amazonaws.com *.amazonaws.com s3.us-east-1 *.popt.in *.ghrr.com; 3
frame-ancestors 'self';frame-src 'self' youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 3
default-src 'unsafe-inline' 'unsafe-eval' localhost:* localhostbh:* localhostfp:* localhostbf:* speedybooker.com *.speedybooker.com hostelhunter.com *.hostelhunter.com caravanrentals.com *.caravanrentals.com beachhuts.com monasteries.com universityrooms.com *.fishannan.co.uk *.fishbann.co.uk *.fishchalkstreams.com *.fishchalkstreams.com *.fishcumbria.co.uk *.fishdee.co.uk *.fishdurham.co.uk *.fisheasterross.co.uk *.fishesks.co.uk *.fishfoyle.com *.fishgalloway.co.uk *.fishiceland.com *.fishkyle.co.uk *.fishmiramichi.com *.fishspey.com *.fishtay.com *.fishtestanditchen.com *.fishtweed.com *.fishtyne.com *.fishyorkshire.co.uk britainsfinest.co.uk *.beachhuts.com *.monasteries.com *.universityrooms.com *.britainsfinest.co.uk *.cmail20.com *.clarity.ms *.userlike.com wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com d3dc1lgancj6l0.cloudfront.net d3upe020n1uosc.cloudfront.net *.securesuite.co.uk *.bing.com *.gstatic.com *.sagepay.com *.rsa3dsauth.co.uk *.createsend1.com classic.avantlink.com *.avantlink.com *.cmail19.com *.cloudfront.net *.google.com *.googleapis.com *.googlesyndication.com embed.windy.com *.amazonaws.com *.recaptcha.net *.fontawesome.com *.twitter.com *.jsdelivr.net *.twimg.com *.facebook.com *.msecnd.net *.visualstudio.com *.googletagservices.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleusercontent.com *.doubleclick.net *.hotjar.com *.facebook.net *.hotjar.io *.youtube.com *.vimeo.com *.cloudflare.com *.cloudflareinsights.com *.turbo-pms.com *.fishpal.com *.sat24.com *.windyty.com *.meteoradar.co.uk *.uricache.com *.tile.openstreetmap.org *.ampproject.org maps.googleapis.com *.datatables.net data: blob: *.fontawesome.com flex.msn.com; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 3
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 3
default-src https:;style-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 'unsafe-inline' blob:;connect-src https: 3
default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:; 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; form-action 'self' https://www.server-team1.de https://www.server-team3.de; child-src 'self' https://www.google.com https://www.server-team1.de https://www.server-team3.de; frame-ancestors 'self'; connect-src 'self' https://api.imgur.com; report-uri 'self'; report-to 'self'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com  *.globalsign.com *.cloudflare.com ; frame-ancestors *; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net; frame-ancestors 'self'; img-src 'self' https://www.msd-animal-health.com https://secure.gravatar.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://policy.privacyandcookies.eu data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 3
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data: 3
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' buildings.honeywell.com; 3
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 3
default-src 'self' https://tribeca.vidavee.com https://img.youtube.com http://business.twitter.com https://analytics.twitter.com http://ad.doubleclick.net http://*.fls.doubleclick.net https://googleads.g.doubleclick.net http://pixel.facebook.com https://www.facebook.com/tr/ http://dc.ads.linkedin.com https://px.ads.linkedin.com https://client.demdex.net https://dpm.demdex.net/ https://cdn.krxd.net/ https://beacon.krxd.net http://bs.serving-sys.com https://googleads.g.doubleclick.net https://assets.adobedtm.com https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://tribeca.vidavee.com https://img.youtube.com https://www.homeloans1.standardbank.co.za https://googleads.g.doubleclick.net https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tribeca.vidavee.com https://img.youtube.com https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net  https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://tribeca.vidavee.com https://img.youtube.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self'; 3
'self'; 3
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 3
default-src 'self' blob: data:; media-src 'self' blob: data:; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src blob: data: www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 3
default-src 'unsafe-inline' 'self' https: wss: data: blob:; object-src 'none' 3
frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space 3
frame-ancestors https://www.einpresswire.com https://world.einnews.com  'self' 3
upgrade-insecure-requests;   default-src 'self' *.openbank.es *.bancosantander.es;   script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com     *.openbank.es *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com *.openbank.com.ar *.zinia.com     https://maps.googleapis.com simuladores-pre.afi.es simuladores.afi.es     *.nr-data.net https://browseranalytic.com https://www.google.com     *.gstatic.com https://tags.tiqcdn.com *.google-analytics.com *.tealiumiq.com     https://tealium.hs.llnwd.net https://*.g.doubleclick.net  *.amazonaws.com     *.youtube.com *.googleadservices.com *.ads-twitter.com *.facebook.net     *.ytimg.com api-ob.nd.nudatasecurity.com     https://cdnjs.cloudflare.com static.criteo.net sslwidget.criteo.com     *.googletagmanager.com *.we-stats.com static.browseranalytic.com     optimize.google.com bat.bing.com blob: openbanksimuladores-pre.afi.es     openbanksimuladores.afi.es;   style-src 'self' 'unsafe-inline' optimize.google.com https://fonts.googleapis.com     *.amazonaws.com *.openbank.es *.openbank.de *.openbank.nl *.openbank.com.ar *.openbank.com *.zinia.com      *.openbank.pt https://maxcdn.bootstrapcdn.com;   img-src 'self' px.ads.linkedin.com *.idealista.com     www.financeads.net data: 'unsafe-inline' *.amazonaws.com     *.googletagmanager.com https://maps.googleapis.com *.gstatic.com     *.google-analytics.com *.doubleclick.net *.openbank.es     *.openbank.de *.openbank.nl *.openbank.pt *.openbank.com.ar *.openbank.com *.zinia.com *.google.com *.google.es     *.google.ie *.facebook.com     https://aax-eu.amazon-adsystem.com bat.bing.com     tr.outbrain.com www.linkedin.com s-central1-madrid-investing.cloudfunctions.net     tbl.tradedoubler.com dmpue.el-mundo.net action.metaffiliation.com;   media-src 'self' 'unsafe-inline' *.amazonaws.com  *.openbank.es *.openbank.com *.youtube.com;   frame-src 'self' optimize.google.com https://www.google.com *.gstatic.com     *.youtube.com simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     *.openbank.com.ar *.zinia.com     open.spotify.com     gum.criteo.com *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   child-src  https://www.google.com *.gstatic.com *.youtube.com     simuladores-pre.afi.es simuladores.afi.es *.doubleclick.net     *.openbank.es blob:     openbanksimuladores-pre.afi.es openbanksimuladores.afi.es;   font-src 'self' *.openbank.es *.openbank.com *.openbank.de *.openbank.com.ar *.zinia.com     *.openbank.nl *.openbank.pt maxcdn.bootstrapcdn.com data:     https://fonts.gstatic.com     maxcdn.bootstrapcdn.com;   connect-src 'self' www.google-analytics.com *.openbank.pt *.openbank.nl     *.openbank.de *.openbank.es *.openbank.com.ar *.zinia.com *.nr-data.net *.we-stats.com     *.tealiumiq.com     wup-othellotest.eu.v2.customers.biocatch.com log-othellotest.eu.v2.customers.biocatch.com     lib-eu-1.brilliantcollector.com op.browseranalytic.com *.ok-cloud.net     adservice.google.com www.google.com *.googleapis.com *.openbank.com;   frame-ancestors 'self' *.openbank.de *.openbank.nl *.openbank.pt *.openbank.es     api.paycomet.com https://www.paytpv.com *.openbank.com.ar *.zinia.com     https://openbank-mkt-dev1-1.campaign.adobe.com https://openbank-mkt-stage1-1.campaign.adobe.com https://openbank-mkt-prod1-1.campaign.adobe.com     https://openbank-mkt-dev1.campaign.adobe.com https://openbank-mkt-stage1.campaign.adobe.com https://openbank.campaign.adobe.com;   object-src 'self' *.openbank.es 3
block-all-mixed-content; connect-src 'self' translate.googleapis.com *.google-analytics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.sproutlabs.com.au wss: *.hotjar.com; default-src 'none'; font-src 'self' data: application/font-woff *.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com; frame-src 'self' *.hotjar.com *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.surveymonkey.com *.createsend1.com *.tas.gov.au *.vimeo.com zingtree.com; img-src 'self' *.tas.gov.au i.ytimg.com prod.smassets.net data: www.google-analytics.com *.google.com *.gstatic.com *.googleapis.com code.jquery.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' *.tas.gov.au *.google.com *.googleapis.com *.surveymonkey.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.facebook.net *.createsend1.com *.hotjar.com *.jwpcdn.com *.ravenjs.com code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com zingtree.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com code.jquery.com *.jwpcdn.com *.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; 3
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 3
frame-ancestors 'self' https://www.facebook.com 3
default-src 'self'  https://www.google.com/recaptcha/api2/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://fonts.gstatic.com/ https://fonts.gstatic.com/ http://www.googleapis.com https://www.googleapis.com http://mojoactiveerrorreporting.firebaseio.com https://mojoactiveerrorreporting.firebaseio.com https://use.typekit.net https://stats.g.doubleclick.net http://s7.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://api-public.addthis.com https://insight.adsrvr.org https://m.addthis.com https://api.userway.org https://maps.google.com https://maps.googleapis.com https://content.adacado.com https://bid.g.doubleclick.net https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/ http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/; script-src 'self'  https://www.google.com/recaptcha/ http://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google.com/ http://www.google.com/ http://www.youtube.com/ https://www.youtube.com/ http://www.google-analytics.com https://www.google-analytics.com http://s.ytimg.com https://s.ytimg.com http://resources.mojoactive.com https://resources.mojoactive.com https://use.typekit.net https://api-public.addthis.com http://s7.addthis.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com http://www.googletagmanager.com https://www.googletagmanager.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.userway.org http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://content.adacado.com https://cdn01.basis.net https://ad.adacado.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://www.googleadservices.com https://www.googleadservices.com https://ajax.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googleapis.com http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/ http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ 'unsafe-eval' 'unsafe-inline'; style-src 'self'  http://fonts.googleapis.com/ https://fonts.googleapis.com/ https://www.google.com/ http://www.google.com/ http://www.gstatic.com/ https://www.gstatic.com/ https://bbox.blackbaudhosting.com https://resources.mojoactive.com http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ 'unsafe-inline'; object-src 'self';img-src 'self'  http://www.google-analytics.com https://www.google-analytics.com https://www.google.com/ http://www.google.com/ https://p.typekit.net https://www.googletagmanager.com https://cdn.userway.org https://maps.gstatic.com https://maps.googleapis.com https://bbox.blackbaudhosting.com http://insight.adsrvr.org https://ups.analytics.yahoo.com https://*.doubleclick.net https://x.bidswitch.net https://segment.prod.bidr.io https://resources.mojoactive.com http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ http://*.facebook.com/ https://*.facebook.com/ http://*.facebook.net/ https://*.facebook.net/ http://localhost/ https://phhealthcare.org/ https://www.phhealthcare.org/ https://phhealthcare.mojoactive.dev/ https://phhealthcare-current.mojoactive.dev/ data: blob: 3
frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 3
... 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
frame-ancestors 'self' https://app.socialscreen.com 3
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 3
script-src 'self' https://*.schloesser-und-gaerten.de https://fast.fonts.net https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net; frame-ancestors 'self'; 3
frame-ancestors 'self' https://api.opentlv.com https://borne-leclerc.opentlv.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.brightcove.com *.brightcove.net *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.marketo.com *.marketo.net *.qualtrics.com *.twimg.com analytics.twitter.com apps.mypurecloud.com bat.bing.com browser-update.org cdn.cookielaw.org connect.facebook.net platform.twitter.com protect-us.mimecast.com snap.licdn.com static.ads-twitter.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.googletagmanager.com ;  connect-src 'self' *.akamaihd.net *.boltdns.net *.brightcove.com *.brightcove.net *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.marketo.com *.mktoresp.com *.onetrust.com *.onetrust.io *.qualtrics.com *.widen.net *.widencdn.net bat.bing.com cdn.cookielaw.org dc.services.visualstudio.com fti.wsodqa.com n85sog88a3.execute-api.us-east-1.amazonaws.com qhqt7tkknl.execute-api.us-east-1.amazonaws.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.fti.wallst.com www.google-analytics.com ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.google.co.in *.google.co.uk *.google.com *.google.pl *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.qualtrics.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net bat.bing.com d21y75miwcfqoq.cloudfront.net fml-x.com platform.twitter.com r.turn.com syndication.twitter.com t.co tk-static.fml-x.com www.google-analytics.com ;  font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com ;  worker-src blob: ; 3
font-src *.gstatic.com *.carrotquest.app *.flocktory.com streamerce.ru *.loreal.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.pharmacosmetica.ru *.rigla.ru rigla.ru 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com makeupstat.ru *.makeupstat.ru *.doubleclick.net *.flocktory.com *.modiface.com *.streamerce.ru *.1dmp.io *.facebook.com *.creativesoldiers.ru *.mail.ru *.adhigh.net *.weborama.fr www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googletagmanager.com *.maps.yandex.net vk.com *.vk.me *.mail.ru *.mneniya.pro *.carrotquest.app *.carrotquest.io *.mobfox.com *.betweendigital.com *.onaudience.com *.adnxs.com *.digitaltarget.ru *.bestssp.com *.whiteboxdigital.ru *.rutarget.ru *.admixer.net *.1dmp.io *.aidata.io *.weborama.fr *.doubleclick.net *.adriver.ru *.bidswitch.net *.facebook.com flocktory.com *.flocktory.com *.hybrid.ai *.openx.net *.retailrocket.net *.scaletrk.com *.jivosite.com pafutos.com lenkmio.com *.admitad.com *.asbmit.com artfut.com advertising.com *.advertising.com *.adform.net adform.net *.adhigh.net *.mts.ru *.popmechanic.ru *.userapi.com *.360yield.com *.stevensegallery.com streamerce.ru *.analytics.yahoo.com *.rubiconproject.com vichyconsult.ru *.pubmatic.com *.taboola.com *.loreal.io *.smartadserver.com *.gumgum.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.mindbox.ru *.yandex.ru *.maps.yandex.net yastatic.net *.yastatic.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.mail.ru vk.com *.facebook.net cdn.jsdelivr.net *.carrotquest.io *.retailrocket.ru *.tkrconnector.com *.artfut.com *.doubleclick.net *.jivosite.com *.youtube.com *.facebook.com *.fbcdn.net *.modiface.com *.cloudflare.com *.carrotquest.app *.carrottrack.io *.nr-data.net flocktory.com *.flocktory.com *.hybrid.ai *.jsdelivr.net *.lenmit.com *.newrelic.com *.retailrocket.net *.ttarget.ru *.unpkg.com *.jquery.com *.popmechanic.ru streamerce.ru dsf-cdn.loreal.io *.loreal.io *.tiktok.com *.weborama.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.jivosite.com wss://*.jivosite.com *.retailrocket.net *.flocktory.com *.googletagmanager.com www.googletagmanager.com *.cloudflare.com *.popmechanic.ru streamerce.ru *.loreal.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.jivosite.com *.carrotquest.app *.flocktory.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.mindbox.ru yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleapis.com *.googletagmanager.com *.dadata.ru *.carrotquest.app ws://*.carrotquest.app wss://*.carrotquest.app *.carrotquest.io *.carrottrack.io *.jivosite.com wss://*.jivosite.com *.modiface.com *.doubleclick.net *.retailrocket.net *.mail.ru vk.com *.adhigh.net *.nr-data.net *.hybrid.ai *.weborama.fr *.akamai.com *.facebook.com *.popmechanic.ru streamerce.ru *.loreal.io *.visualstudio.com *.mux.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 3
script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' 3
default-src 'self' data: wss: api.idnt.net www.idnt.net fonts.gstatic.com;script-src api.idnt.net www.google-analytics.com maps.google.com maps.gstatic.com *.twitter.com *.twimg.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';style-src api.idnt.net platform.twitter.com fonts.googleapis.com 'self' 'unsafe-inline';img-src api.idnt.net data: wss: www.google-analytics.com *.twitter.com *.twimg.com maps.gstatic.com maps.google.com www.gravatar.com 'self';frame-src data: wss: *.youtube.com *.youtube-nocookie.com *.twitter.com 'self'; 3
default-src 'self'; img-src 'self' blob: data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http https: *.google.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' data: http: https: *.maphub.net; connect-src 'self' http: https: maps.googleapis.com 3
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://www.facebook.com https://*.bing.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://chat.aplayslots.de https://chat.aplaycasino.com https://chat.aplay.casino; font-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://fonts.gstatic.com data: https://ui.invisiblesport.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.aplayslots.de https://chat.aplaycasino.com https://chat.aplay.casino; frame-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://ui.invisiblesport.com https://cf-mt-cdn2.relaxg.com https://tk-game-mt1.thunderkick.com https://gamelaunch.wazdan.com https://*.unetsafe.com https://*.zignsec.com https://www.facebook.com bankid://* wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.trustly.com https://tpc.googlesyndication.com https://*.atlantgaming.com https://*.regily.com https://*.sptpub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://chat.aplayslots.de https://chat.aplaycasino.com https://chat.aplay.casino; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com localhost:40000 https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.unetsafe.com https://ui.invisiblesport.com https://connect.facebook.net https://*.bing.com https://*.cloudflare.com wss://*.sptpub.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.sptpub.com *.visualwebsiteoptimizer.com https://app.vwo.com https://cdn-cn.vwo-analytics.com https://chat.aplayslots.de https://chat.aplaycasino.com https://chat.aplay.casino; style-src 'self' https://sport.web1-ro.slotv.com https://sport.slotv.ro https://sport.mrbit.ro https://cdn-sp.kertn.net https://*.fasttrack-solutions.com https://fonts.googleapis.com 'unsafe-inline' https://ui.invisiblesport.com https://livechat24.tech https://*.livechat24.tech https://*.sptpub.com https://app.vwo.com https://chat.aplayslots.de https://chat.aplaycasino.com https://chat.aplay.casino; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 3
default-src 'self'; base-uri 'self'; form-action 'self';connect-src 'self' wss://aipi.support/ws https://piwik.aipi.de; font-src www.aipi.de 'self';style-src-attr 'unsafe-hashes' 'sha256-nCtYqZm0TNQQ+U6cXsAjRWjgKgAcAC5EQGqtKUxK3vw=' 'sha256-1v7EUPO3OEib7RRCnrE1wWyo0L+fVMBtrmF4zWnylBU=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=';style-src www.aipi.de 'self' 'sha256-6sIirSjk3oMeq2FlEKzaPQ7IYNaX+HqF9VqRWIc7nuI=' 'sha256-QXYcyzpBG1Dk1TNxlL6Wx5OzhyiENrLRDOMIxnGc0m4=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=' aipi.de www.aipi.de aipi.support data:;img-src 'self' piwik.aipi.de aipi.support data:;script-src 'self' 'sha256-MXlRNlxiJENqTbNNighIGA8h1e1roYzHpYTzsQ/3Ig8=' 'sha256-V1jfgpWg4LJj7uEoGS+1IGGJKY0yJutd21MasuP8vrs=' piwik.aipi.de aipi.support;frame-src 'self' piwik.aipi.de; frame-ancestors 'self' piwik.aipi.de; object-src 'none'; report-uri https://aipi.report/csp-violation-report 3
frame-ancestors 'self' https://*.abcmouse.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 3
default-src https: data: wss: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.facebook.com *.googletagmanager.com *.demdex.net *.trustarc.com; 3
default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 3
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=l 2
frame-ancestors https://*.qq.com 2
default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 2
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.aaxads.com https://*.criteo.com https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com https://cdn.embedly.com https://qinternal.quora.net https://*.sprig.com https://*.userleap.com https://*.doubleverify.com https://*.adsafeprotected.com https://cdn.cookielaw.org https://*.onetrust.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.aaxads.com https://*.iteratehq.com https://iteratehq.com https://*.sprig.com https://*.userleap.com https://app.adjust.com https://app.appsflyer.com https://branchster.app.link https://control.kochava.com https://c.singular.net https://*.doubleverify.com https://*.adsafeprotected.com https://cdn.cookielaw.org https://*.onetrust.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net cdn.veriff.me lightstep.com 2
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 2
default-src 'self' *.gatsbyjs.io; script-src 'self' *.linktr.ee *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.cloudfunctions.net *.googleadservices.com public.profitwell.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.pdst.com cdn.pdst.fm connect.facebook.net *.pinterest.com d.adroll.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee s.adroll.com analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.co *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.hsforms.net *.hsforms.com *.youtube.com *.lever.co *.profitwell.com *.sentry-cdn.com *.chargebee.com *.stripe.com 'unsafe-inline'; img-src 'self' data: *.gatsbyjs.io *.hsforms.com *.w55c.net *.stackadapt.com ml314.com *.cxense.com *.sharethis.com *.ctfassets.net q.quora.com bat.bing.com *.facebook.com heapanalytics.com *.linktr.ee *.google.com *.google.com.au t.co *.yahoo.com *.adnxs.com *.bidswitch.net *.openx.net *.rlcdn.com *.twitter.com *.facebook.com *.pinterest.com *.adroll.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com; style-src 'self' fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.gatsbyjs.io fonts.gstatic.com; form-action 'self' *.facebook.com *.hsforms.com; connect-src 'self' *.linktr.ee *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.lever.co *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.cloudfunctions.net *.sentry.io *.profitwell.com; media-src 'self' *.ctfassets.net; frame-src *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com 2
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=att; 2
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
frame-ancestors 'self' https://*.target.com; 2
frame-ancestors http://*.ieee.org https://*.ieee.org 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 2
frame-ancestors 'self' *.pathfactory.com *.lookbookhq.com *.newrelic.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2
frame-ancestors 'self' *.wallet.airpay.tw *.shopee.kr *.airpay.tw *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com *.shopee.io;  2
frame-ancestors 'self'; base-uri 'none' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors 'self' *.indiatimes.com *.idiva.com 2
base-uri 'self'; connect-src * blob: data: ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: ;script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; object-src 'none' 2
frame-ancestors 'self'; default-src https: *.crazyegg.com blob:; frame-src https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com blob:; connect-src 'self' https: wss: *.crazyegg.com; img-src https: 'self' data: *.crazyegg.com; style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; 2
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' *.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com;script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com;img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net www.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net;connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com;media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com;prefetch-src 'self' cloudinary.com; object-src 'none' 2
frame-ancestors 'self' *.wallet.airpay.co.th *.shopee.kr *.airpay.co.th *.shopeemobile.com *.shopee.co.th *.shopee.cn *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com *.shopee.io;  2
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; connect-src 'self' https:; font-src 'self' https: data: *.fontawesome.com fonts.googleapis.com *.googletagmanager.com; media-src 'self' http: https: data: blob: *.vimeo.com; form-action 'self' https:; frame-ancestors 'self' https:; object-src 'self'; frame-src 'self' https: *.trustarc.com 2
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 2
frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 2
frame-ancestors https://teams.powerbi.com 'self' https://teams.microsoft.com https://gov.teams.microsoft.us https://dod.teams.microsoft.us https://outlook.office.com https://outlook-sdf.office.com https://outlook.office365.com https://outlook-sdf.office365.com https://www.office.com https://scuprodprv.www.office.com 2
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zdassets.com *.zopim.com *.amplitude.com https://websdk.appsflyer.com https://s.yimg.com https://d.impactradius-event.com https://sp.analytics.yahoo.com *.surveymonkey.com js.adsrvr.org ajax.googleapis.com www.googleadservices.com *.zdassets.com *.zopim.com life360.zendesk.com static.ads-twitter.com analytics.twitter.com analytics.tiktok.com bat.bing.com sf16-scmcdn-va.ibytedtos.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org *.appboycdn.com *.facebook.net; style-src 'self' 'unsafe-inline'; connect-src 'self' https://wa.appsflyer.com https://static.zdassets.com https://*.onelink.me https://*.amplitude.com https://amplitude.life360.com/ https://amplitude.qa.life360.com/ https://bat.bing.com https://s.yimg.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zendesk.com wss://*.zopim.com *.google-analytics.com *.analytics.google.com *.zdassets.com *.zopim.com stats.g.doubleclick.net cdn.cookielaw.org life360.zendesk.com support.life360.com *.greenhouse.io *.braze.com analytics.tiktok.com; img-src 'self' *.cloudfront.net *.locationiq.org life360-wordpress.s3.amazonaws.com https://pixel.streetmetrics.io https://r.turn.com life360.zendesk.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io cdn.cookielaw.org insight.adsrvr.org support.life360.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com t.co www.facebook.com https://bat.bing.com https://sp.analytics.yahoo.com *.ytimg.com https://v2assets.zopim.io https://static.zdassets.com data: *.gravatar.com; child-src 'self' www.surveymonkey.com cdn.cookielaw.org insight.adsrvr.org www.ajax.googleapis.com www.youtube.com www.youtube-nocookie.com www.google.com www.facebook.com; font-src 'self' data:; 2
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 2
script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' blob:; img-src * data: blob:; media-src * data: 2
frame-src 'self' *.google.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net; 2
frame-ancestors 'self' *.coe.int 2
child-src 'self'; object-src 'none'; manifest-src 'self'; worker-src blob: *.bookmyshow.com; style-src 'self' 'unsafe-inline' https://*.freshchat.com https://*.freshbots.ai https://www.riddle.com https://optimize.google.com https://fonts.googleapis.com; default-src 'self' data: blob: ssl.gstatic.com 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: *.bmscdn.com *.bmstvod.com *.testbms.com *.google.com https://*.bing.com https://i.ytimg.com https://*.youtube.com https://*.google.co.in https://*.facebook.com https://*.cloudfront.net https://*.brightcove.com https://*.freshbots.ai https://s3.amazonaws.com *.doubleclick.net https://res.cloudinary.com https://secure.gravatar.com http://www.googleadservices.com http://googleads.g.doubleclick.net https://*.googlesyndication.com https://cf-images.ap-southeast-1.prod.boltdns.net *.gravatar.com https://www.instagram.com https://platform.twitter.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com; media-src blob: 'self' *.bookmyshow.com *.bmscdn.com *.bmstvod.com 'unsafe-inline' https://*.cloudfront.net; script-src 'self' *.bmscdn.com *.bmstvod.com *.pusher.com 'unsafe-eval' 'unsafe-inline' *.bookmyshow.com https://wzrkt.com https://s0.2mdn.net https://*.google.com https://script.4dex.io http://code.jquery.com https://vjs.zencdn.net http://www.gstatic.com https://www.gstatic.com https://www.youtube.com https://*.cloudfront.net https://*.brightcove.net https://*.brightcove.com https://www.riddle.com https://cdn.ampproject.org http://static.clevertap.com http://p.adlooxtracking.com http://client.perimeterx.net https://connect.facebook.net https://imasdk.googleapis.com https://rtbcdn.andbeyond.media https://adservice.google.co.in *.doubleclick.net http://www.googletagmanager.com http://*.googleadservices.com http://www.googletagservices.com https://www.googletagservices.com http://rtbpass-us.andbeyond.media http://global.cloud.netacuity.com https://s3.ap-south-1.amazonaws.com https://customerglu-ui-v3.vercel.app https://*.googlesyndication.com https://*.freshchat.com https://*.freshbots.ai https://*.bing.com https://ajax.cloudflare.com https://runtime.imagekit.io https://www.instagram.com https://platform.twitter.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://optimize.google.com https://*.sharechat.com; connect-src ws: wss: 'self' *.bms.bz *.bookmyshow.com *.bmstvod.com *.pusher.com https://bs.com https://*.bmscdn.com https://*.google.com https://*.gstatic.com https://*.google.co.in https://*.facebook.com https://script.4dex.io https://*.akamaihd.net https://*.bookmyshow.com https://*.cloudfront.net https://*.freshbots.ai https://cdn.ampproject.org https://*.vdocipher.com https://*.brightcove.com https://manifest.prod.boltdns.net http://global.cloud.netacuity.com https://www.googletagmanager.com https://attestation.android.com *.doubleclick.net https://*.googlesyndication.com https://us-central1-amp-error-reporting.cloudfunctions.net https://bs.serving-sys.com https://view.adjust.net.in http://www.google-analytics.com https://www.google-analytics.com https://*.sharechat.com; font-src https://fonts.gstatic.com 'self' data: https://maxcdn.bootstrapcdn.com; frame-src 'self' 'unsafe-inline' https://*.google.com https://*.youtube.com https://*.facebook.com https://*.freshchat.com *.doubleclick.net http://imasdk.googleapis.com https://app-bms.customerglu.com https://*.googlesyndication.com https://www.riddle.com https://www.instagram.com https://platform.twitter.com https://optimize.google.com; 2
frame-src 'self'; 2
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' https://*.softpedia.com/; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2
default-src 'self' *.ecosia.org data: *.sentry.io; script-src 'sha256-/ibV4xhKb/Vos58oBeJCoiBNnFWf3PAzienlQ9lPgEs=' 'self' 'self' *.ecosia.org *.sentry.io dy1cy3yp6fd82.cloudfront.net; img-src 'self' *.ecosia.org s3.amazonaws.com data: ecosia-notifications.ghost.io; style-src 'self' *.ecosia.org 'unsafe-inline'; connect-src 'self' *.ecosia.org *.sentry.io; frame-ancestors 'none' 2
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com *.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://*.decibelinsight.net *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.biocatch.com *.we-stats.com activitymap.adobe.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 2
frame-ancestors 'self';default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn *.googleapis.com blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' zalo://* *.zalo.me zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com data: blob:; 2
script-src 100027498.collect.igodigital.com cdns.brsrvr.com servedby.flashtalking.com *.googletagservices.com *.wal.co *.samsclubresources.com *.googletagmanager.com *.google.com *.doubleclick.net bam.nr-data.net cdn.ampproject.org d1n00d49gkbray.cloudfront.net connect.facebook.net tr6.smarterhq.io *.googleadservices.com intljs.rmtag.com *.mparticle.com cdn.branch.io acdn.adnxs.com app.link *.linksynergy.com *.criteo.net *.walmart.com *.googlesyndication.com *.typekit.net gf47k2jv.micpn.com content.syndigo.com services.xg4ken.com *.criteo.com *.recaptcha.net *.samsclub.com *.googleapis.com bat.bing.com pixel.mathtag.com *.bazaarvoice.com *.microsoft.com cdn.cookielaw.org *.gstatic.com *.demdex.net salsify-ecdn.com *.brightcove.net media.flixfacts.com a.sellpoint.net *.moatads.com media.flixcar.com *.cnetcontent.com *.webcollage.net *.doubleverify.com *.perimeterx.net *.iesnare.com *.brightcove.com *.zencdn.net *.affirm.com resources.xg4ken.com *.px-cdn.net *.quantummetric.com *.arkoselabs.com *.oraclecloud.com *.livelook.com *.flix360.io *.widget.custhelp.com *.fbot.me *.rewardstyle.com i5.walmartimages.com edge.curalate.com blob: 'self' 'unsafe-inline' 'unsafe-eval';  object-src 'none'; base-uri 'self'; report-uri  https://csp.walmart.com/c/r/sams 2
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.iubenda.com https://*.hotjar.com data: https://tagmanager.google.com https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://js.intercomcdn.com http://fonts.intercomcdn.com https://fonts.gstatic.com https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; img-src 'self' data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https:; connect-src 'self' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.iubenda.com https://*.algolia.net https://*.algolianet.com https://content.arduino.cc https://fonts.gstatic.com https://*.hotjar.com https://login.arduino.cc https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://*.hotjar.com https://login.arduino.cc https://consent-pref.trustarc.com https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com https://*.iubenda.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' *.arduino.cc 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
script-src 'self' 'unsafe-inline' http: https: 'strict-dynamic' 'sha256-yFgv3z+LPPZGWnp8mklPx/bNgMGQvpW8j1E3j8DABBI=' 'sha256-R/CAGqFl6mgfyijXO4RVSoiPYelEM4FX6oiLbfIAhQ8=' 'sha256-Z/J+GXilQFq6xrxWRqMxEnjc9k+nD3SWlIhWtr/920o=' 'sha256-eaRhvxD1NyP8b9GsCnJn4shBsc7mJmqH8vusmC6VJrs=' 'sha256-lntt6xwZpMVJD8VYW4eiAJ6xx2lnIJitf2UHpoGi0r4=' 'sha256-qJ/r4nwLcx2n+W9M0OBJtYsAYCNdjHktq6psM6uXhLs=' 'sha256-0e1dIbBO2EkpjpvL2dl0RosGiWMEEhf2L/erCvMaoTo=' 'sha256-h/4iyLIv9NhMTM6BJR+J1Gm1cp1q+yYxBVeBzDVQo7g=' 'sha256-gdg77f1mdyY8sRxZlaBbnI2EoeP63ktYSelBpLj76Sw=' 'sha256-AD60ioPGIFlkmKom9re8GIDE45iwlYzDdbcyVPNNZLU=' 'sha256-gJy3DOGtkg/fUGrDvOoOy1YJqT1ucaLQvSfM6mLiB7E=' 'sha256-6kc8DiQaa+OTxnG5t2XhBrcOoc67XJTinYKfvx43cYg=' 'sha256-u0I5S36WPMGUh+U8Flq5enHnVmcjP0e1l5gyKIwaZm8=' 'sha256-VXA6xRTnUKeVHcU0rDPnFMW+WhzTA+Pq1wEnei1N7Ls=' 'sha256-IsScNpchkE5v9hdX74QtP9/3z+E3S0ATHzT4zAVapq8=' 'sha256-6brx1kHeloYCJCONmUhNMUbfg2ITm/7eVNmCnoGq+t0=' 'sha256-PMnUmWR8+gHghHrOiVj8fMU2fSsgGCX9ig/VdldVna0=' 'sha256-xbQmtG6w61ivvPsp1j2ylmBFe7I7x0BpkKvhBHZcJII='; style-src 'self' https: http: 'unsafe-inline'; font-src 'self' https: http:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.waze.com wac-stg.sandbox.google.com *.wikipedia.org; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com; object-src 'none'; base-uri 'self'; default-src 'self'; img-src 'self' data: https: http: data:; report-uri https://csp.withgoogle.com/csp/wazelivemap/20220519_experiment 2
default-src 'self' https: 'unsafe-inline' blob: data:; frame-ancestors 'self' 2
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 2
frame-anc