Values for content-security-policy:
upgrade-insecure-requests 7,850
upgrade-insecure-requests; 5,975
frame-ancestors 'self' 2,819
block-all-mixed-content 2,012
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 1,005
frame-ancestors 'self'; 558
frame-ancestors 'none' 534
default-src https: data: 'unsafe-inline' 'unsafe-eval' 432
frame-ancestors 'self' ; 404
341
default-src * data: 'unsafe-eval' 'unsafe-inline' 227
img-src https: data:; upgrade-insecure-requests 177
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 173
frame-ancestors 'none'; 162
report-uri /report-csp-violation 109
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 101
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 93
upgrade-insecure-requests; frame-ancestors 'self' 92
frame-ancestors 'self' http://webvisor.com 88
* 80
block-all-mixed-content; 72
frame-ancestors 'self' https://app.kajabi.com 71
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic 69
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 65
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 61
frame-ancestors about: 'self' 58
frame-ancestors 'self' https://explore.oracle.com 54
default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 50
default-src 'self' 47
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 41
frame-ancestors https://*.poki.io http://localhost:1234 40
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com 38
report-uri https://www.yelp.com/csp_block?page=enforced_by_default_directives&site=www; object-src https://*.flickr.com https://*.staticflickr.com; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net 37
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 35
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.webtrends.com statse.webtrendslive.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core; 35
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com verify.agego.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com  *.exoclick.com *.exosrv.com *.doubleclick.net *.google.fr *.google.com; 34
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 33
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 33
self 32
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  31
upgrade-insecure-requests; block-all-mixed-content; 30
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 30
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 29
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 28
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 27
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 26
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.loszona.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.loszona.com; connect-src 'self' wss://*.socialengagementcoaching.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.facebook.com *.facebook.net *.twitter.com *.loszona.com 26
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 25
default-src 'self' http: https: data: blob: 'unsafe-inline' 25
frame-ancestors 'self' https://gizmodo.com; upgrade-insecure-requests 24
report-uri //report-csp-violation 24
frame-ancestors 'self'  https://*.impress.ly  https://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  https://*.ipage.com  https://*.yourhostingaccount.com  https://*.ecwid.com 23
img-src * data: blob:; 23
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 23
frame-ancestors 'self' *.tunegenie.com http://127.0.0.1:* https://127.0.0.1:*; 23
frame-ancestors self 22
frame-ancestors https:; 22
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 22
default-src 'self'; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.multichannelacd.de lidl.media01.eu form.lidl.com *.lidl.com *.ccmp.eu *.lidl *.lidl.net *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.googletagmanager.com tagmanager.google.com assets.zendesk.com connect.facebook.net *.cookiebot.com *.secrz.de *.google-analytics.com connect.facebook.net c.imedia.cz www.dwin1.com www.youtube.com ads.yahoo.com advdl.ammadv.it cm.g.doubleclick.net d.adroll.com s.adroll.com us-u.openx.net lidlplus-prod-api.azurewebsites.net; img-src 'self' data: lidlplusprod.blob.core.windows.net *.lidl *.lidl.net *.ccmp.eu *.lidl.com *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.osm.org *.openstreetmap.org *.doubleclick.net s-static.ak.facebook.com assets.zendesk.com *.secrz.de *.google-analytics.com www.facebook.com c.imedia.cz x.bidswitch.net advdl.ammadv.it d.adroll.com idsync.rlcdn.com ib.adnxs.com stats.g.doubleclick.net lidlplusstoragestaging.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net; style-src 'self' 'unsafe-inline' form.lidl.com fonts.googleapis.com *.bing.com assets.zendesk.com *.secrz.de; font-src 'self' 'unsafe-inline' form.lidl.com data: themes.googleusercontent.com fonts.gstatic.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' content.lidlplus.com *.multichannelacd.de lidl.media01.eu form.lidl.com *.lidl *.test *.lidl.net *.lidl.com *.bing.com *.ccmp.eu *.virtualearth.net *.osm.org *.openstreetmap.org *.secrz.de *.google-analytics.com lidlplus-uat-api.azurewebsites.net lidlplus-prod-api.azurewebsites.net; frame-ancestors 'self' *.lidl *.ccmp.eu *.lidl.com *.test *.lidl.net *.bing.com *.googletagmanager.com *.secrz.de *.google-analytics.com *.poi-service.de *.lidl.ch website-lidl-account-dev.azurewebsites.net accounts-stg.lidl.com accounts-qa.lidl.com accounts-uat.lidl.com accounts.lidl.com; 22
frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 22
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 22
frame-ancestors 'self' *.imodules.com 21
script-src 'self'    21
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 20
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 20
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 20
frame-ancestors https://*.ionos.at https://*.ionos.co.uk https://*.ionos.com https://*.ionos.de https://*.ionos.it https://*.ionos.mx https://*.ionos.fr https://*.ionos.es https://*.ionos.ca https://*.ionos.us 20
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 20
frame-ancestors 'self' https://*.adobe.com 19
default-src https: 'unsafe-inline' 'unsafe-eval' 19
referrer origin 19
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 18
frame-ancestors 'self' azeu.marketing.adobe.com 18
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 17
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com; 17
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 17
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 17
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 17
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 17
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 17
manifest-src 'self' 'unsafe-inline' 'unsafe-eval' 17
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 17
upgrade-insecure-requests; block-all-mixed-content 16
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 16
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 16
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 16
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; object-src 'none'; base-uri 'self'; 16
default-src http: data: 'unsafe-inline' 'unsafe-eval' 16
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ 15
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 15
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 15
object-src 'self' 15
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 15
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com 14
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 14
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com qicm.americanexpress.com  mpsnare.iesnare.com secure.cmax.americanexpress.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/  https://home-c11.incontact.com/inContact/ChatClient/js/embed.min.js https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com https://qicm.americanexpress.com https://secure.cmax.americanexpress.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com;frame-src 'self' https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://home-c11.incontact.com/ https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://online.americanexpress.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://cdn.quantummetric.com/qscripts/quantum-seaworld.js https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://e2qonline.americanexpress.com https://trc.taboola.com/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 14
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 14
default-src 'self'; 14
default-src 'none' 14
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 14
policy-definition 14
frame-ancestors https://www.hk-laisee.com https://www.hk-rewards.com https://www.myopinions.com.au 14
frame-ancestors 'self' https://metrica.yandex.ru/; 14
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 14
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 13
frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com ;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 13
report-uri /report-csp-violation; upgrade-insecure-requests 13
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 13
reflected-xss block 13
frame-ancestors 13
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 13
default-src 'self' blob:; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 13
frame-ancestors 'self' pf.content.nokia.com www.nokia.com; report-uri /report-csp-violation 12
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 12
frame-ancestors none 12
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 12
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 12
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 12
frame-ancestors * 12
frame-ancestors 'self' facebook.com vk.com 12
'self' https://ajax.googleapis.com 12
frame-ancestors 'self'; upgrade-insecure-requests 11
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 11
upgrade-insecure-requests; base-uri 'self' 11
frame-ancestors https://www.freshworks.com 11
script-src *; 11
frame-ancestors https://*.marketo.com 11
frame-ancestors https: 11
default-src 'self'; script-src 'self' 'unsafe-inline' 11
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; upgrade-insecure-requests 11
; 11
object-src 'none' 11
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 11
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 11
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10
frame-ancestors 'self' *.vergic.com 10
frame-ancestors https://nurture.solarwinds.com 10
upgrade-insecure-requests; frame-ancestors 'self'; 10
frame-ancestors 'self' https://*.etracker.com 10
frame-ancestors 'self' https://*.adventhealth.com 10
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://www.verbraucherzentrale.nrw; 10
default-src 'none' ; child-src 'self' *.ihk.de  ; connect-src 'self' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks wss://chat.userlike.com/chat/ *.etracker.de b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com cdn.contentful.com pam.ihk-schleswig-holstein.de *.google-analytics.com *.dvinci-hr.com *.ihk24.de *.userlike.com *.twitter.com expertenpool.automatisierungsregion.de static.dvinci-easy.com *.googleapis.com *.newsletter2go.com www.powr.io  ; default-src *.ihk.de  ; font-src 'self' data: *.googleapis.com dq4irj27fs462.cloudfront.net *.gstatic.com  ; form-action 'self' *.ihk.de *.highcharts.com *.twitter.com www.tfaforms.com www.forschungsfinder-hessen.de routenplaner.bus-bahn-thueringen.de *.wirecard.com *.ihk24.de web.ihk-pfalz.net  ; frame-src 'self' www.ihk-lehrstellenboerse.de  24703.online-adventskalender.de www.etermin.net www.forschungsfinder-hessen.de livestream.watch/vp/nachhaltigkeitsdialog.html *.google.de www.berufe.tv hk24.perbit-job.de *.twitter.com ihk.selbstdenker.com walls.io *.bright-guide.de detmold.ihk-beitragsrechner.de www.ihk-ecofinder.de www.hk24.de www.ihkac-anwendungen.de *.ihk.de *.vimeo.com b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com ihk-schwerin.wahlplus.de www.onlinebewerbungsserver.de hk24.perbit-job.de  www.gatewatch.eu www.ihk-praktikumsportal.de *.flickr.com geoportal-hamburg.de static-exp1.licdn.com *.xing-events.com vimeo.com *.exmap.de isi.hdb-hamburg.de *.highcharts.com *.facebook.com www.plattform-i40.de www.finest-jobs.com *.youtube.com ihk-potsdam.perbit-job.de cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.azubi-magdeburg-ihk.de cottbus-ihk-pruefungen.de www.youtube-nocookie.com www.powr.io inx.odav.de www.unikam.de ihkob.wekando.eu www.ausbildungslauf.de app.cituro.com static.issuu.com html5-player.libsyn.com tuerchen.com www.vvs.de live.c3networking.de www.praktikum.info dihk.imageplant.de ihk-weiterbildung-oldenburg.de cdn.contentful.com ihk-darmstadt-portal.rexx-recruitment.com umap.openstreetmap.fr www.ihk-magdeburg.de www.ihk-berlin.org kvg-kassel.widget-generator.de e.issuu.com www.instagram.com komsis.inecos.de code.createjs.com www.ihk-bw.digital berufsausbildung-aachen-ihk.de expertenpool.automatisierungsregion.de roundme.com bc.pressmatrix.com doo.net www.terminland.de www.giu-kalender.org www.kandidatenmanagement.de  ; img-src 'self' data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etracker.de www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com *.google.de pam.ihk-schleswig-holstein.de *.userlike.com www.ihk-berlin.de *.twitter.com www.hvv.de www.rmv.de dq4irj27fs462.cloudfront.net *.staticflickr.com www.ihk-wiesbaden.de *.newsletter2go.com *.ihk.de live.c3networking.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-lueneburg.de *.google-analytics.com www.ihk-rlp.de static-exp1.licdn.com infographic.statista.com *.ihk24.de *.gstatic.com *.exmap.de kvg-kassel.widget-generator.de *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.finest-jobs.com expertenpool.automatisierungsregion.de roundme.com www.ihk-ostbrandenburg.de www.bso-hessen.de *.googleapis.com *.twimg.com *.google.com vstdbv3 www.ihk-koblenz.de www.ihk-gfi.de www.bahn.de  ; manifest-src *.ihk.de  ; media-src 'self' *.youtube.com dq4irj27fs462.cloudfront.net ims-files-cdn.net  ; object-src 'self' www.berufe.tv  ; script-src 'unsafe-inline' 'unsafe-eval' 'self' ihk-ar.ycms.rocks  24703.online-adventskalender.de *.etracker.de www.etermin.net www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com pam.ihk-schleswig-holstein.de *.userlike.com cdn.rlets.com *.twitter.com www.tfaforms.com walls.io www.googletagmanager.com static.dvinci-easy.com *.bright-guide.de dq4irj27fs462.cloudfront.net www.google.analytics.com *.newsletter2go.com tuerchen.com www.ihkac-anwendungen.de *.ihk.de live.c3networking.de *.flickr.com *.google-analytics.com www.ihk-magdeburg.de connect.facebook.net static-exp1.licdn.com code.jquery.com/jquery-3.1.1.min.js *.ihk24.de *.xing-events.com *.exmap.de kvg-kassel.widget-generator.de *.highcharts.com *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.instagram.com www.finest-jobs.com code.createjs.com expertenpool.automatisierungsregion.de *.youtube.com routenplaner.bus-bahn-thueringen.de *.googleapis.com doo.net *.twimg.com cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.powr.io  ; style-src 'self'  'unsafe-inline' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks *.etracker.de editor.signavio.com maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de static-exp1.licdn.com *.ihk24.de *.twitter.com www.tfaforms.com www.finest-jobs.com expertenpool.automatisierungsregion.de static.dvinci-easy.com cdnjs.cloudflare.com routenplaner.bus-bahn-thueringen.de *.googleapis.com *.twimg.com  ; worker-src *.ihk.de  ; report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  10
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 10
referrer no-referrer 10
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bam.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com https://certify-js.alexametrics.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://bam.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com https://certify.alexametrics.com ;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://bam.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://www.google-analytics.com https://links.services.disqus.com sentry.io https://cbvideoupload.s3-accelerate.amazonaws.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 10
default-src 'self'  http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com 'unsafe-inline'; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ;  connect-src 'self' http://samta.samt.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; img-src * data: 10
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 10
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 10
frame-ancestors 'self' *.roomlynx.net  10
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 9
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 9
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 9
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 9
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 9
connect-src 'self' blob: 172.27.38.23:* *.usautoparts.com *.carparts.com localhost:* cdn.ampproject.org *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.tvpage.com *.youtube.com *.ytimg.com api.resellerratings.com api.trustpilot.com *.turnto.com polyfill.io amp-analytics.autopartswarehouse.com *.braintreegateway.com origin-analytics-sand.sandbox.braintree-api.com api.usautoparts.io api-bot.usautoparts.io api.carparts.io search.unbxd.io analytics-api.cloudinary.com res.cloudinary.com *.paypal.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com bam.nr-data.net *.getblueshift.com *.adnxs.com ctiapi.com api.edq.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com *.amazonpay.com *.auryc.com trc.taboola.com d.btttag.com shopper.shop.pe shop.pe api.turnto.com ws.turnto.com *.forter.com *.visa.com adservice.google.com *.doubleclick.net *.resellerratings.com *.amazon.com *.symantec.com *.buysafe.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.bizrate.com *.connexity.net *.usapcld.io *.facebook.com *.impactradius-event.com *.loggly.com *.uskn.net *.bouncex.net *.bounceexchange.com *.attentivemobile.com *.go-mpulse.net *.akstat.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* cdn.ampproject.org *.googleapis.com blob: deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.tvpage.com *.youtube.com *.ytimg.com api.resellerratings.com api.trustpilot.com *.usautoparts.com *.carparts.com polyfill.io *.cloudinary.com *.turnto.com www.paypalobjects.com pay.google.com *.paypal.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.getblueshift.com *.adnxs.com ctiapi.com api.edq.com apis.google.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com us.upsellit.com bat.bing.com *.auryc.com *.taboola.com carparts.btttag.com px.owneriq.net *.forter.com *.cloudfront.net cdn.attn.tv cdn.shop.pe shop.pe *.amazonaws.com shopper.shop.pe www.google.com www.gstatic.com *.visa.com adservice.google.com *.doubleclick.net *.bounceexchange.com *.resellerratings.com *.cnnx.io connect.facebook.net *.amazon.com *.symantec.com *.buysafe.com *.googleadservices.com *.aexp-static.com *.mastercard.com *.bizrate.com *.connexity.net www.googletagservices.com *.usapcld.io *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.impactradius-event.com *.loggly.com *.uskn.net *.go-mpulse.net; style-src 'self' *.googleapis.com 'unsafe-inline' data: deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.turnto.com tagmanager.google.com ctiapi.com cdn.shop.pe addstrap-ui.addshoppers.com cdnjs.cloudflare.com *.resellerratings.com *.symantec.com *.buysafe.com *.facebook.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: *.turnto.com tagmanager.google.com cdnjs.cloudflare.com cdn.shop.pe *.symantec.com *.buysafe.com *.facebook.com; img-src 'self' *.apwcontent.com images.apw21.com *.cpsimg.com data: blob: *.ytimg.com *.autopartswarehouse.com *.tvpage.com res.cloudinary.com cld.partsimg.com *.gstatic.com www.google-analytics.com *.carparts.com *.paypal.com staging2-cp.staticomp.com *.amazonaws.com www.youtube.com ctiapi.com *.turnto.com payments-sandbox.amazon.com payments.amazon.com wac.edgecastcdn.net images-na.ssl-images-amazon.com *.cloudfront.net bat.bing.com px.owneriq.net events.attentivemobile.com stats.g.doubleclick.net *.getblueshift.com *.adnxs.com *.doubleclick.net *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.visa.com *.bouncex.net *.bounceexchange.com *.resellerratings.com *.googletagmanager.com *.bizrate.com *.connexity.net *.symantec.com *.buysafe.com *.online-metrix.net images.bizrateinsights.com *.facebook.com *.impactradius-event.com *.loggly.com; frame-src *.youtube.com *.braintreegateway.com tst.kaptcha.com www.googletagmanager.com pay.google.com *.paypal.com www.sandbox.paypal.com *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com www.cartlink.net iframe.coverking.com *.turnto.com www.google.com static-na.payments-amazon.com payments-sandbox.amazon.com payments.amazon.com *.dotomi.com px.owneriq.net carparts.attn.tv *.visa.com *.doubleclick.net *.bounceexchange.com *.amazon.com *.symantec.com *.buysafe.com *.mastercard.com *.americanexpress.com *.online-metrix.net *.paypalobjects.com *.googlesyndication.com *.creativecdn.com *.facebook.com *.impactradius-event.com; frame-ancestors 'self' *.youtube.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com *.turnto.com *.symantec.com *.buysafe.com; child-src 'self' *.youtube.com pay.google.com *.googleapis.com deploy-preview-1--videos-autopartswarehouse-com.netlify.com *.ytimg.com *.tvpage.com *.turnto.com *.symantec.com *.buysafe.com; worker-src 'self' blob: 9
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 9
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 9
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 9
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.tmaws.eu *.googleapis.com *.monetate.net tagmanager.google.com;img-src 'self' data: *.livenationinternational.com *.tmaws.eu *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.tmaws.eu *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de api.permutive.com;font-src *.livenationinternational.com *.tmaws.eu fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net secureframe.doubleclick.net universe.queue-it.net www.google.com www.universe.com www.youtube.com *.ticketmaster.co.uk;worker-src 'self' blob: 9
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 9
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors * 9
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 9
frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 9
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 9
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 9
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline' blob:; font-src *; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com 'self'; frame-src *;  9
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 8
frame-ancestors 'self' http://localhost:* https://*.bustle.com 8
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data: 8
frame-ancestors http://kpmg.experiencecloud.adobe.com 8
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; 8
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 8
frame-ancestors 'self' http://allmed.mdlink.org https://allmed.mdlink.org http://allmedx.com https://allmedx.com https://demo.allmedx.com https://dev.allmedx.com; 8
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 8
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 8
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com *.telerain.com:* 8
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8
frame-ancestors *.ivanti.com https://dash.cloudflare.com 8
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 8
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 8
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.rzrs.de kaufland.staffbase.com 'self' 8
default-src * data: 'unsafe-inline' 'unsafe-eval' 8
frame-src https:; report-uri /csp-violation-endpoint/ 8
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com  https://www.google-analytics.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com https://www.google-analytics.com 8
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 8
none 8
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.ametek.com *.ametekweb.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.surveymonkey.com *.hsforms.net *.hsforms.com 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 8
default-src 'self' 'unsafe-inline' http://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 8
frame-ancestors 'none'; default-src https: 'unsafe-inline' 8
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 8
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 7
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 7
script-src 'unsafe-inline' 'unsafe-eval' https: 7
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com ^(http|https)\:\/\/[a-z.-]*\.schwab\.(com|tech)(|\/)$; 7
default-src * data: 'unsafe-inline' 'unsafe-eval'; 7
block-all-mixed-content;frame-ancestors *.mail.com 7
script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com 'unsafe-eval' 'unsafe-inline'; 7
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com; object-src 'self' 7
frame-ancestors 'self' orange.com *.orange.com *.orange-business.com *.cops-prp.multimediabs.com *.cops-prod.multimediabs.com *.multimediabs.com; 7
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 7
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com; 7
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 7
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 7
frame-ancestors 'self' https://www.growingio.com 7
frame-ancestors *; 7
default-src * 'unsafe-inline' 'unsafe-eval'; 7
allow 'self'; 7
frame-ancestors 'self' https://account.huobi.co https://account.hbg.com https://account.huobi.br.com https://account.huobi.so https://otc.huobi.co https://otc.hbg.com https://otc.huobi.br.com https://otc.huobi.so https://c2c.huobi.co https://c2c.huobi.so https://dm.huobi.co https://dm.hbg.com https://dm.huobi.br.com https://dm.huobi.so https://dm.huobi.com https://www.hbdm.com https://account.huobi.vn https://c2c.huobi.vn https://dm.huobi.vn https://account.huobi.io https://c2c.huobi.io https://dm.huobi.io 7
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 7
img-src *  7
default-src 'self' 'unsafe-inline' 7
default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://hcom.report-uri.com/r/t/csp/enforce 7
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 7
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 7
frame-ancestors 'self'; default-src 'self' https://www.stanbicibtcfundsmanagement.com https://dpm.demdex.net https://maps.googleapis.com https://fast.standardbank.demdex.net https://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel https://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: https://ad.doubleclick.net https://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za https://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://cdn.krxd.net https://assets.adobedtm.com https://secure-ds.serving-sys.com https://cdn.krxd.net https://www.googleadservices.com https://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://*.map2.ssl.hwcdn.net; 7
frame-ancestors 'self' https://*.mawebcenters.com 7
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; base-uri 'self' https://optimize.google.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: android-webview-video-poster: 7
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com   ; frame-src 'self' *.indeed.com  https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net d3fw5vlhllyvee.cloudfront.net https://fonts.gstatic.com/ https://fonts.googleapis.com/; 6
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=anonweb 6
frame-ancestors https://*.verizon.com http://*.verizon.com https://*.verizonwireless.com http://*.verizonwireless.com https://*.consensuscorp.com http://*.consensuscorp.com  https://vbmbos.lightning.force.com  http://vbmbos.lightning.force.com https://vbmbos--c.na73.visual.force.com http://vbmbos--c.na73.visual.force.com https://vbmbos.my.salesforce.com http://vbmbos.my.salesforce.com 6
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 6
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io; upgrade-insecure-requests 6
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 6
frame-ancestors 'self' hhs.gov *.hhs.gov 6
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: 6
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 6
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 6
base-uri 'self' 6
frame-ancestors 'self' http://webvisor.com https://webvisor.com 6
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com 6
frame-ancestors 'self' *.psplugin.com 6
default-src: https: 'unsafe-inline' 6
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *;frame-src *; object-src * data: 'unsafe-eval'; worker-src blob: 6
frame-ancestors 'self' localhost:* *.helios.bethss.com helios.bethss.com 6
<options and value> 6
script-src 'self' 'unsafe-inline' www.google-analytics.com quadia.webtvframework.com code.createjs.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com data:;media-src 'self';frame-src 'self' g.jwpsrv.com www.youtube.com tools.eurolandir.com quadia.webtvframework.com ahold.hostedby.quadia.com aholddelhaize.projects.quadia.net;font-src 'self' ssl.p.jwpcdn.com;form-action 'self';report-uri /WebResource.axd?cspReport=true 6
frame-ancestors 'self' https://partners.arozone.com https://treehousei.com https://www.impartner.com *.3sharecorp.com 6
block-all-mixed-content; upgrade-insecure-requests; 6
default-src http: https: data: blob: mediastream: wss:; script-src http: https: data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: blob: mediastream: 'unsafe-inline'; 6
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 6
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 6
block-all-mixed-content; frame-ancestors 'self' 6
frame-src * 6
default-src https: 'unsafe-eval' 'unsafe-inline' 6
base-uri 'self'; 6
upgrade-insecure-requests;block-all-mixed-content; 6
frame-ancestors *.entertainmentcruises.com *.odysseycruises.com *.spiritcruises.com *.mysticbluecruises.com *.seadogcruises.com *.bateauxnewyork.com reservations.entertainmentcruises.com; 6
frame-ancestors 'self' *.cloudflare.com *.activateroadside.com *.americasgunsmith.com *.americasgunsmithshop.com *.campingworld.ca *.campingworld.com *.campingworldcareers.com *.campingworldleadership.com *.chairworld.com *.coast-coast.com *.coastaffiliates.com *.coastresorts.com *.cwtechinstitute.com *.employeeroadside.com *.fastrescue.com *.ganderoutdoors.com *.goodsam.com *.goodsamcamping.com *.goodsamclub.com *.goodsamcreditcard.com *.goodsamesp.com *.goodsamespquote.com *.goodsamnetwork.com *.goodsamroadside.com *.goodsamroadsideassistance.com *.goodsamrvshow.com *.goodsamsafetyalert.com *.goodsamtravelassist.com *.gsevents.com *.marcusbuyit.com *.motorhome.com *.nationalrvsupply.com *.overtons.com *.rv.com *.rv.net *.rvbg.com *.rvs.com *.trailerlife.com 6
frame-src 'self' 6
frame-ancestors 'self' https://*.facebook.com; 6
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 6
frame-ancestors 'self' agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net elcidsales.latitudeguestservices.com 6
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self' data: 'unsafe-inline' https: *; 6
frame-ancestors 'self'; object-src 'self' blob:; 6
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com 6
default-src 'self' https:  *.cms.vwfs.tools server.adform.net vwfs.demdex.net *.iadvize.com fonts.gstatic.com; img-src 'self' https:  data: *.cms.vwfs.tools *.volkswagenbank.de *.omtrdc.net *.demdex.net img.youtube.com googleads.g.doubleclick.net static.doubleclick.net *.iadvize.com maps.googleapis.com maps.gstatic.com i.ytimg.com cm.everesttech.net; script-src 'self'  https: 'unsafe-inline' *.volkswagenbank.de *.omtrdc.net assets.adobedtm.com *.iadvize.com *.youtube.com *.vimeo.com s.ytimg.com googleads.g.doubleclick.net static.doubleclick.net maps.googleapis.com storagewebcalcweud.blob.core.windows.net www.volkswagenbank-cloud.de cc.cdn.civiccomputing.com t23.intelliad.de t13.intelliad.de; style-src 'self' https:  'unsafe-inline' *.iadvize.com fonts.googleapis.com; connect-src 'self' https:  calculator.volkswagenbank.de dpm.demdex.net cm.everesttech.net *.iadvize.com wss://*.iadvize.com *.youtube.com cfpoi-search.p-sunhill.com apikeys.civiccomputing.com *.tt.omtrdc.net *.demdex.net *.2o7.net; frame-ancestors 'self' https:  vwfs.experiencecloud.adobe.com vwfs.marketing.adobe.com; frame-src https:  * 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 6
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com;style-src 'self' 'unsafe-inline' https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com;font-src 'self' https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net;report-uri /WebResource.axd?cspReport=true 6
frame-ancestors 'self' http://*.elsevier.es/ 6
frame-ancestors 'self' *.swoogo.com *.swoogo-qa.com 6
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 6
default-src * data: blob: about:;script-src 'self' *.vk.com static.vk.me *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com maps.googleapis.com translate.googleapis.com *.google.com google.com *.vkpartner.ru *.moatads.com *.adlooxtracking.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net *.hit.gemius.pl yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com static.vk.me ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline';report-uri /csp 5
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.ru ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.yandex.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; child-src *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru mail.ru ok.ru vk.com; report-uri https://cspreport.mail.ru/splash?v=24.12.19-1; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired 5
frame-ancestors 'self' https://*.target.com; 5
frame-ancestors *.motor1.com 5
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: *; media-src 'self'; frame-src 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; report-uri /us/report-csp-violation 5
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 5
object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 5
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 5
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 5
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 5
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 5
frame-ancestors 'self' *.ally.com; 5
script-src 'self' 5
frame-ancestors *.adobe.com 5
object-src 'none'; base-uri 'none'; require-sri-for script style 5
frame-ancestors https://*.ionos.com https://ionos.com; 5
'frame-ancestors' http://localhost:8100 https//*.tn.gov 5
default-src 'self' *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.transunion.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 5
default-src 'self'; img-src 'self' https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; form-action 'self' https://agilemail.createsend.com/ https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe https://start.1password.com/;frame-src https://www.youtube-nocookie.com/ https://secure.livechatinc.com/; connect-src 'self' https://start.1password.com/ https://start.1password.ca/ https://start.1password.eu/ https://www.google-analytics.com/ https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://www.googleapis.com/ https://createsend.com/t/getsecuresubscribelink; prefetch-src https://a.1password.com/ https://a.1password.ca/ https://a.1password.eu/; frame-ancestors 'none'; 5
default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 5
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 5
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 5
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com www.kgieworld.sg; 5
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 5
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.homeaffairs.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.nationalsecurity.gov.au https://*.harmony.gov.au 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5
frame-ancestors 'self' app.contentful.com 5
default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com https://*.akstat.io; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 5
frame-ancestors https: 'self' *.typetastic.com; child-src https: 'self'; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 5
default-src http: https: wss://allkeyshop.zendesk.com wss://*.zopim.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 5
base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 5
frame-ancestors 'self' https://*.salesforce.com 5
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self' https://vshow.on24.com; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 5
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 5
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 5
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 5
frame-ancestors 'self' *.hanes.com *.champion.com *.onehanesplace.com *.justmysize.com *.hanesink.com *.hanesbrandscheckout.com *.wonderbra.ca; 5
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 5
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 5
frame-ancestors 'self' goqubit.net ; 5
default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 5
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.miraheze.org *.stripe.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org 5
frame-ancestors self *.facebook.com *.texaselectricityratings.com 5
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.glassdoor.com henkel01.wt-eu02.net ir.tools.investis.com irs.tools.investis.com strategyvisual.henkel.com *.edge-cdn.net *.video-cdn.net www.realvision.com www.youtube.com *.twimg.com *.fbcdn.net *.wcfbc.net *.cdninstagram.com *.sprinklr.com *.henkel-life-global.com *.henkel-life-global.com.henkel.stage.babiel.com *.henkel.com *.henkel.com.henkel.stage.babiel.com cdnjs.cloudflare.com netdna.bootstrapcdn.com *.henkel-life-deutschland.de *.henkel-life-deutschland.de.henkel.stage.babiel.com *.henkel.de *.henkel.de.henkel.stage.babiel.com *.henkel.it.henkel.stage.babiel.com www.henkel.ru www.henkel.cn www.henkel.at www.henkel.ar www.henkel.cl www.henkel.co.jp www.henkel.co.kr www.henkel.co.th www.henkel.co.uk www.henkel.com.ar www.henkel.com.au www.henkel.com.br www.henkel.com.co www.henkel.com.tr www.henkel.cz www.henkel.dk www.henkel.es www.henkel.fi www.henkel.fr www.henkel.gr www.henkel.in www.henkel.hr www.henkel.hu www.henkel.it www.henkel.mx www.henkel.no www.henkel.pl www.henkel.pt www.henkel.ro www.henkel.rs www.henkel.se www.henkel.si www.henkel.sk www.henkel.ua www.henkel.tw www.henkel-forscherwelt.de www.henkel-forscherwelt.com www.henkel-ricercamondo.it www.henkel-kesifdunyasi.com www.henkel-education.ru www.henkel-swiatmlodychbadaczy.pl www.mundodepesquisadores.com.br www.henkel-life-global.com www.henkel.co.id www.henkel.be www.henkel.nl www.henkel-life-iberica.es www.henkel-life-iberica.pt www.henkel-gcc.com www.henkel-renntag.de www.henkelna.com www.henkel-ventures.com www.phenion.de www.phenion.com www.phenion-us.com www.kongresroznorodnosci.pl www.henkel-demo.com.babiel.com www.henkel-ap.com henkel.ru henkel.cn henkel.at henkel.ar henkel.cl henkel.co.jp henkel.co.kr henkel.co.th henkel.co.uk henkel.com.ar henkel.com.au henkel.com.br henkel.com.co henkel.com.tr henkel.cz henkel.dk henkel.es henkel.fi henkel.fr henkel.gr henkel.in henkel.hr henkel.hu henkel.it henkel.mx henkel.no henkel.pl henkel.pt henkel.ro henkel.rs henkel.se henkel.si henkel.sk henkel.ua henkel.tw henkel-forscherwelt.de henkel-forscherwelt.com henkel-ricercamondo.it henkel-kesifdunyasi.com henkel-education.ru henkel-swiatmlodychbadaczy.pl mundodepesquisadores.com.br henkel-life-global.com henkel.co.id henkel.be henkel.nl henkel-life-iberica.es henkel-life-iberica.pt henkel-gcc.com henkel-renntag.de henkelna.com www.henkel-northamerica.com henkel-northamerica.com henkel-ventures.com phenion.de phenion.com phenion-us.com kongresroznorodnosci.pl henkel-demo.com.babiel.com henkel-ap.com henkel-na.com www.henkel-na.com henkel.lu www.henkel.lu henkel.ch charts3.equitystory.com media.licdn.com; 5
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 5
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 5
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 5
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://use.typekit.net;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 5
frame-ancestors 'none' ; 5
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'none' 5
frame-ancestors none; 5
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://bilder.hemnet.se:443; media-src 'self' https://*.qbrick.com:443; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com; font-src 'self' 5
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 5
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 5
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 5
font-src * 5
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 5
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' *; font-src 'self' *; connect-src 'self' *; frame-src 'self' *; 5
Content-Security-Policy-Report-Only 5
default-src 'self' *.cscglobal.com *.google-analytics.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com; script-src 'self' js.hsadspixel.net *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' gateway.zscalertwo.net fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.cscglobal.com  *.googletagmanager.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 5
object-src 'self'; 5
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://www.medscape.com https://business.facebook.com https://www.facebook.com 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 5
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com; img-src * data:; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net; font-src * data:; 5
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 5
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' 5
default-src *   ;report-uri /xp/CSPReport.ashx   ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:   ;style-src * 'unsafe-inline'   ;connect-src * blob:   ;font-src * data:   ;object-src *   ;img-src * data: blob:   ;media-src * blob:   ;frame-src * data: gsa: ajaxhandler:   ;child-src * blob:   ;worker-src * blob:   ;form-action * javascript:   ;frame-ancestors * 5
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 5
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src *; 5
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 5
frame-ancestors 'self' aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' *.authorize.net 5
default-src * data: blob:;script-src *.hibet.cc *.hibet998.com *.hibetstore.com *.hi.bet *.hibettest.com *.hibet.ph *.hibet.com www.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibet.ag *.9mbv.com:6501 https://hm.baidu.com htts://hm.baidu.com *.hibetzx.com *.hibetpc.com *.hibet88.com *.hibet.com.ph 'unsafe-inline' 'unsafe-eval';style-src *.hi.bet *.hibet.cc *.hibet998.com *.hibetstore.com *.hibettest.com *.hibet.ph *.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibetzx.com *.hibetpc.com *.hibet.ag *.hibet.com.ph  *.hibet88.com 'unsafe-inline';img-src *.hi.bet *.hibet.cc *.hibet998.com *.hibetstore.com *.hibet.ph *.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibettest.com *.hibetzx.com *.hibetpc.com *.hibet.ag https://hm.baidu.com *.hibet88.com *.hibet.com.ph 'unsafe-inline';connect-src *.hi.bet *.hibet.cc *.hibet.ph *.hibetstore.com  *.hibet.com *.hibet.cc *.hibet.com.ph  *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibet.ag *.hibet88.com *.hibetzx.com *.hibetpc.com *.9mbv.com:6501 data: blob: 'self'; 5
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com *.livechatinc.com; 5
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com *.effad.ru effad.ru *.me-talk.ru disgusting.ru yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 5
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv https://steamcommunity.com/; 5
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ 5
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 5
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 5
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 5
default-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self';style-src 'unsafe-inline' * data:;form-action 'self' *.twitter.com va.tawk.to https://cp.payguru.com https://www.testgpay.com https://www.gpay.com.tr https://gpay.com.tr https://demo.gpay.com.tr https://www.paytr.com https://www.playanka.com https://test.papara.com https://www.papara.com https://papara.com https://payment.paybrothers.com https://stg.paybrothers.com;frame-ancestors 'self' http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to https://chat.utechsoft.com.tr 5
connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 4
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 4
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 4
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com verify.agego.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com  *.exoclick.com *.exosrv.com *.doubleclick.net *.google.fr *.google.com; 4
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com  4
default-src 'self' https://sb.scorecardresearch.com 'unsafe-inline' 'unsafe-eval' data: https: blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://api.zippopotam.us; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com; img-src * blob: data:; form-action 'self'; 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 4
frame-ancestors http://*.ccf.org https://*.ccf.org https://*.chasepaymentechhostedpay.com https://*.clevelandclinic.org http://*.clevelandclinic.org 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/conde-nast-traveler 4
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com 4
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 4
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://cdn.decibelinsight.net www.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 4
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 4
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net code.org studio.code.org 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 4
default-src * data: blob: about:;script-src 'self' *.vk.com static.vk.me *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com maps.googleapis.com translate.googleapis.com *.google.com google.com *.vkpartner.ru *.moatads.com *.adlooxtracking.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net *.hit.gemius.pl yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com static.vk.me ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline' 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4
frame-ancestors 'self' www.facebook.com www.messenger.com; report-uri /vsctcspreport 4
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 4
frame-ancestors 'self' http://info.barchart.com 4
frame-ancestors https://*.1stdibs.com; 4
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4
connect-src * 'self' 4
frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 4
frame-ancestors 'self' https://library-tutorials.leidenuniv.nl https://brightspace.universiteitleiden.nl; 4
upgrade-insecure-requests; frame-ancestors 'none'; 4
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 4
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net; 4
frame-ancestors *.windstream.net 4
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.bing.com *.passage.ai; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.googleapis.com *.virtualearth.net *.passage.ai; img-src * data: blob: 'unsafe-inline'; connect-src *; frame-src * 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4
child-src * blob: 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
default-src https: js-callback: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://*.m-pathy.com https://*.omtrdc.net https://*.simpletrip.de https://*.demdex.net https://*.realperson.de wss://*.realperson.de https://*.eurowings.com https://*.germanwings.com https://*.usabilla.com https://*.md-nx.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com; 4
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.greenwichcompliance.com; 4
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com kpn-reload.liquix.eu dwin1.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com api.api.ai tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com; object-src 'self' 4
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://translate.googleapis.com https://translate.google.com https://widget-mediator.zopim.com https://ajax.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://deepknow.egoid.me http://static.geetest.com http://dn-staticdown.qbox.me http://api.geetest.com http://nav.cn.ronghub.com https://static.zdassets.com https://cdn.logrocket.io http://qiyukf.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; style-src 'unsafe-inline' 'self' 'unsafe-eval' http://static.geetest.com https://translate.googleapis.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; frame-src 'self' https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com https://*.bitz-service.com https://*.qiyukf.com https://qiyukf.com https://*.bitz.com https://*.bit-z.com https://*.bit-z.pro https://*.bitz.top https://*.bitz.info https://*.bitz.tech https://*.bitzhd.com https://*.bitz.cm https://appad.ahighapp.com; frame-ancestors https://*.bitz-service.com; font-src 'self' data: https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; img-src 'self' data: blob: https://www.gxchaintop.org https://static.gxb.io https://translate.googleapis.com https://translate.google.com https://www.google.com http://bit-z-frontdesk.oss-cn-hongkong.aliyuncs.com https://www.gstatic.com http://static.geetest.com https://v2uploads.zopim.io https://v2assets.zopim.io https://stats.g.doubleclick.net https://www.google-analytics.com https://static.bibidev.com https://sensors.ahighapi.com http://qiyukf.com https://qiyukf.nosdn.127.net https://*.qiyukf.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; media-src 'self' http://static.geetest.com https://static.zdassets.com http://qiyukf.com https://*.bibidev.com; connect-src 'self' wss://ws.ahighapi.com https://translate.googleapis.com https://widget-mediator.zopim.com https://stats.g.doubleclick.net https://www.google-analytics.com http://monitor.geetest.com http://api.geetest.com wss://widget-mediator.zopim.com https://bit-z.zendesk.com https://ekr.zdassets.com http://qiyukf.com https://sensors.ahighapi.com https://ucapi.ahighapi.com https://otcapinew.ahighapi.com https://app.ahighapi.com https://v2.ahighapi.com https://api.ahighapi.com wss://ws.ahighapi.com 4
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 4
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/    ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 4
upgrade-insecure-requests; frame-ancestors 'self' https://explore.avalara.com https://www.compli-beverage.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 4
frame-ancestors 'self' *.optimizely.com 4
img-src 'self' https://static-artifact.heg-cp.com https://paintbrush.heg-cp.com https://img1.wsimg.com https://www.google-analytics.com https://images-static.trustpilot.com https://lpcdn.lpsnmedia.net; font-src https://fonts.gstatic.com; frame-src 'self' https://lpcdn.lpsnmedia.net/ https://www.google.com https://www.youtube.com/ https://server.lon.liveperson.net https://sonata.aklamio.com; frame-ancestors 'self' 4
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.googleapis.com *.cloudflare.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.clearbit.com *.googleapis.com *.cloudflare.com; img-src 'self' data: pixel.advertising.com *.forcepoint.com analyticsssl.forcepoint.com analyticsnossl.forcepoint.com ssl.google-analytics.com *.marinsm.com *.google-analytics.com s.ml-attr.com *.doubleclick.net *.facebook.com *.adroll.com *.yahoo.com *.google.com *.getsmartcontent.com *.pubmatic.com *.adnxs.com t.co attr.ml-api.io pixel.rubiconproject.com trc.taboola.com sync.outbrain.com *.casalemedia.com idsync.rlcdn.com *.bidswitch.net us-u.openx.net bsw.digitru.st ps.eyeota.net match.adsrvr.org sync-tm.everesttech.net dmp.adform.net i.w55c.net d.turn.com tags.w55c.net sync.tidaltv.com sync.mathtag.com in.v12group.com sync.adap.tv eyeota-sync.dotomi.com p.rfihub.com *.demdex.net *.tealiumiq.com *.vidyard.com *.bing.com s3.amazonaws.com *.s3.amazonaws.com *.driftt.com eb2.3lift.com *.gartner.com *.liadm.com *.krxd.net *.pippio.com *.amazon-adsystem.com *.visualwebsiteoptimizer.com *.cloudfront.net *.cdnwidget.com tags.bluekai.com *.adsymptotic.com cm.everesttech.net pippio.com secure.adnxs.com su.addthis.com lrpush.apxlv.com global.ib-ibi.com bcp.crwdcntrl.net analytics.twitter.com api.bizographics.com sync.placelocal.com segments.company-target.com pixel.tapad.com lrp.mxptint.net match.prod.bidr.io p.univide.com rp.gwallet.com ds.reson8.com dmp.truoptik.com aa.agkn.com bs.serving-sys.com *.entitytag.co.uk token.rubiconproject.com liveramp-eicm-global.dsp.io thrtle.com apolloprogram.io live.rzsync.com *.youtube.com insight.adsrvr.org *.crazyegg.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.cloudflare.com; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestor 'self' 4
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 4
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 4
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src self https://*.g.doubleclick.net https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.com https://*.dcos.parkopedia.com https://*.localhost.com;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 4
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src 'self' editor.ne16.com; font-src 'self' *; 4
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 4
default-src  https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 4
default-src * 'unsafe-inline' 'unsafe-eval' data: 4
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4
form-action 'self' https://go.pardot.com; 4
base-uri 'self';img-src https: data:; 4
frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 4
object-src 'self'; base-uri 'none'; require-sri-for script style 4
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-ancestors 'self' online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; 4
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 4
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' cdn-vsh.prague.eu 4
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 4
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 4
frame-src 'self' 7host.at; 4
connect-src 'self' *.saba.com *; 4
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 4
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 4
default-src 'self' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org blob:; style-src 'self' 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; connect-src 'self' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com; img-src * blob: data:; media-src *; frame-src 'self' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit-pro.fontawesome.com http://munchkin.marketo.net http://app-abk.marketo.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://secure.onespan.com http://static.ads-twitter.com https://analytics.twitter.com https://scripts.demandbase.com https://tag.demandbase.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://graph.facebook.com https://autocomplete.demandbase.com https://player.vimeo.com https://boards.greenhouse.io https://cdn.onesignal.com https://onesignal.com https://www.youtube.com https://platform.twitter.com https://s.ytimg.com https://cdn.syndication.twimg.com https://tribl.io https://optimize.google.com gmc.lingotek.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://kit-pro.fontawesome.com http://munchkin.marketo.net http://app-abk.marketo.com https://www.google-analytics.com https://sjs.bizographics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://secure.onespan.com http://static.ads-twitter.com https://analytics.twitter.com https://scripts.demandbase.com https://tag.demandbase.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://graph.facebook.com https://autocomplete.demandbase.com https://player.vimeo.com https://boards.greenhouse.io https://cdn.onesignal.com https://onesignal.com https://www.youtube.com https://platform.twitter.com https://s.ytimg.com https://cdn.syndication.twimg.com https://tribl.io gmc.lingotek.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://scripts.demandbase.com https://tag.demandbase.com http://app-abk.marketo.com https://onesignal.com https://platform.twitter.com https://optimize.google.com https://fonts.googleapis.com fonts.googleapis.com gmc.lingotek.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://scripts.demandbase.com https://tag.demandbase.com http://app-abk.marketo.com https://onesignal.com https://platform.twitter.com fonts.googleapis.com gmc.lingotek.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.onespan.com/report-uri/enforce 4
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 4
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 4
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4
base-uri 'self'; block-all-mixed-content; form-action https: 4
frame-ancestors 'self' https://*.moody.edu 4
default-src 'self' *  'unsafe-inline' 'unsafe-eval' 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 4
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 4
default-src https://addons-amo.cdn.mozilla.net; base-uri 'self'; child-src 'none'; connect-src https://www.google-analytics.com https://addons.mozilla.org https://sentry.prod.mozaws.net; form-action 'self'; frame-src 'none'; img-src 'self' data: https://addons.cdn.mozilla.net https://addons-amo.cdn.mozilla.net; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src https://addons-amo.cdn.mozilla.net https://www.google-analytics.com/analytics.js; style-src https://addons-amo.cdn.mozilla.net; worker-src 'none'; report-uri /__cspreport__; font-src https://addons-amo.cdn.mozilla.net; prefetch-src https://addons-amo.cdn.mozilla.net 4
upgrade-insecure-requests; base-uri 'self'; 4
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/  https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.stripe.com  https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.algolia.net https://*.algolianet.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; report-uri https://headersreporting.mysaleapi.com/Report 4
default-src https:;
    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv;
    connect-src 'self' *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com;
    img-src 'self' data: *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br;
    style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net;
    font-src 'self' data: *.gstatic.com;
    worker-src https: blob: 4
default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 4
frame-ancestors 'self' https://www.bosoy-online.com 4
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com https://*.screenmeet.com wss://*.screenmeet.com 4
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 4
frame-ancestors 'self' weleda.sabio.de 4
frame-ancestors 'self' *.veepee.be  *.veepee.nl *.veepee.lu 4
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 4
default-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 4
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 4
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 4
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 4
manifest-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com; report-uri /walz-webservices/csp-report-collector 4
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 4
default-src * 'unsafe-inline' 'unsafe-eval' 4
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 4
frame-ancestors 'self' homedna.com *.homedna.com 4
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 4
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://s.ytimg.com/ https://www.googletagmanager.com/ https://assets.adobedtm.com/ https://www.googleadservices.com https://www.google-analytics.com https://cdn.schemaapp.com/javascript/highlight.js https://googleads.g.doubleclick.net/ https://cdn.schemaapp.com/javascript/schemaFunctions.min.js https://www.bing.com/ https://dev.virtualearth.net/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://commercial.firestone.com https://connect.facebook.net/ https://static.ads-twitter.com/uwt.js https://connect.facebook.net/en_US/fbevents.js https://secure.quantserve.com/ https://rules.quantcount.com/ https://analytics.twitter.com/ https://cdn.mouseflow.com https://www-bandag-com.vmldev.com https://maps.googleapis.com https://cdn.livechatinc.com/ https://rw.marchex.io/ https://fe.sitedataprocessing.com/ https://secure.livechatinc.com/ https://accounts.livechatinc.com/ https://cdnjs.cloudflare.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://www.linkedin.com https://dev.visualwebsiteoptimizer.com https://*.gctires https://use.typekit.net/lko7jzb.js https://www.thetread.com/ 4
frame-ancestors 'self' analytics.pt-dlr.de 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 4
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-70d72a14-3f2b-4f0c-9e2f-a7817931f774'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi www.fiho.fi www.epressi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-70d72a14-3f2b-4f0c-9e2f-a7817931f774'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi www.fiho.fi www.epressi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi; form-action 'self' 4
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 4
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 4
frame-ancestors 'self'; block-all-mixed-content 4
form-action 'self'; 4
frame-ancestors 'self' *.facebook.com 4
img-src 'self' data: * 4
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com; 4
frame-ancestors 'self' https://preview.citynavigator.nl 4
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 4
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 4
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net 4
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval' 4
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 4
object-src 'none'; form-action 'self' 4
default-src 'self' exelatech.com *.exelatech.com; connect-src 'self' exelatech.com *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net *.vimeo.com *.zdassets.com widget-mediator.zopim.com t.co; font-src 'self' exelatech.com *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.jsdelivr.net *.vimeo.com; frame-src 'self' exelatech.com *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.vimeo.com *.googletagmanager.com bid.g.doubleclick.net t.co; img-src 'self' exelatech.com *.exelatech.com 'unsafe-inline' *.google.com *.google.co.in *.google-analytics.com *.g.doubleclick.net *.bing.com t.co *.vimeo.com *.facebook.com px.ads.linkedin.com *.leadpages.io *.leadpages.net *.lpages.co data:*; media-src 'self' exelatech.com *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.vimeo.com *.vimeocdn.com *.akamaized.net px.ads.linkedin.com; object-src 'self' exelatech.com *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' exelatech.com *.exelatech.com *.jquery.com *.jsdelivr.net *.leadpages.io *.leadpages.net *.lpages.co *.licdn.com www.googleadservices.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.pardot.com *.zopim.com *.zdassets.com t.co addtocalendar.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.exelatech.com *.leadpages.io *.leadpages.net *.lpages.co *.jsdelivr.net www.googleadservices.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.googletagmanager.com *.bizographics.com *.cloudeflare.com *.bing.com *.facebook.net connect.facebook.net *.ads-twitter.com analytics.twitter.com *.ads.linkedin.com *.linkedin.com *.twitter.com *.g.doubleclick.net bid.g.doubleclick.net *.vimeo.com *.pardot.com *.zopim.com *.zdassets.com addtocalendar.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com t.co *.bing.com; form-action 'self' exelatech.com *.exelatech.com vimeo.com; frame-ancestors 'none'; report-uri https://www.exelatech.com/report-uri/reportOnly; 4
default-src 'self'; img-src 'self' *.gstatic.com *.g.doubleclick.net https://bat.bing.com https://cdn.jjkeller.com https://*.livechatinc.com https://www.google.com https://www.google-analytics.com https://app.jjkellerlibrary.com data:; script-src 'self' 'unsafe-inline' tagmanager.google.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googleapis.com https://*.livechatinc.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://s.ytimg.com https://i.ytimg.com https://www.youtube.com https://static.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' tagmanager.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://db.onlinewebfonts.com https://*.googleusercontent.com https://*.livechatinc.com https://fonts.gstatic.com data:; frame-src 'self' https://www.pages04.net https://www.youtube.com https://*.livechatinc.com https://bid.g.doubleclick.net https://www.youtube-nocookie.com; 4
default-src 'self'  https:;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;         style-src 'self' 'unsafe-inline' https:;         img-src * data:;         font-src 'self' data: https:;         form-action *; 4
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; 4
default-src 'self'; script-src 'self' https://ajax.googleapis.com https://adservice.google.co.uk https://adservice.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://survey.g.doubleclick.net https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.mouseflow.com https://sharecdn.social9.com https://share.social9.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://sharecdn.social9.com https://sharec.social9.com; font-src 'self' https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://bid.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://www.google.com https://www.google.co.uk 4
frame-ancestors 'self' teachef.com teacritic.com teamap.com teamuse.com teachat.com adagio.com 4
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 4
script-src 'self' 'unsafe-eval' open.scdn.co open-review.scdn.co www.google-analytics.com www.googletagmanager.com www.google.com cdn.ravenjs.com vt.myvisualiq.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com 'sha256-ULD8swJHlBFLCIbAFovM3Xinb443OobwJ73kvN9NZLY=' https://www.fastly-insights.com s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com;frame-ancestors 'self' 4
default-src https://*.verticalscreen.com 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; style-src 'self' 'unsafe-inline' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; img-src 'self'  data: https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; font-src 'self' https://*.google.com/ https://*.googleapis.com/ https://*.gstatic.com https://*.verticalscreen.com; 4
default-src 'self'; media-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' *; frame-src *; style-src-elem 'unsafe-inline' *; style-src 'unsafe-inline' *; font-src * 4
script-src https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.google.com *.facebook.net  wss://*.tawk.to:* *.tawk.to *.facebook.com *.facebook.net *.dhru.com ; img-src * data:; font-src * data: 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bbb.org use.typekit.net https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ www.shopperapproved.com/ direct.shopperapproved.com/ https://connect.facebook.net/ *.brightcove.net/ *.brightcove.com/ vjs.zencdn.net/vttjs/ blob: *.fomo.com https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ *.opmnstr.com/ *.securedvisit.com;style-src 'self' 'unsafe-inline' *.bbb.org use.typekit.net https://fonts.googleapis.com https://www.googletagmanager.com/ direct.shopperapproved.com/;img-src 'self' 'unsafe-inline' *.bbb.org p.typekit.net https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google.com data: https://secure.gravatar.com www.shopperapproved.com https://www.facebook.com *.brightcove.net/ *.brightcove.com/ *.boltdns.net/ blob: https://process.filestackapi.com *.securedvisit.com *.opmnstr.com/ 4
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; 3
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com  ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru; report-uri https://livejournal.com/csp_reports; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/the-new-yorker 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com; 3
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 3
frame-ancestors "self" 3
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 3
frame-ancestors gofundme.com *.gofundme.com; 3
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 3
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 3
frame-ancestors potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 3
default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 3
frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn 3
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 3
frame-ancestors 'self' https://gitlab.lookbookhq.com https://learn.gitlab.com; 3
default-src 'self' http: https: 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
frame-ancestors 'self' https://tracfone.experiencecloud.adobe.com 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com; 3
frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 3
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; report-uri https://huffintl.report-uri.com/r/d/csp/enforce 3
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net 3
frame-ancestors 'self' *.pier1.com *.demandware.net 3
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https: 3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 3
default-src *; object-src *; script-src 'unsafe-eval' * 'unsafe-inline' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 3
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 3
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l 3
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 3
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics *.curriculumpathways.com 3
default-src 'self' *.adsrvr.org *.vmmpxl.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com fast.fonts.net *.abtasty.com *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.lobbytools.com *.boldchat.com code.jquery.com www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com maps.googleapis.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com i.simpli.fi secure.adnxs.com e.issuu.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish bbox.blackbaudhosting.com *.adroll.com *.optimizely.com widget.surveymonkey.com www.google.com www.gstatic.com *.instagram.com ajax.googleapis.com *.yelp.com *.yelpcdn.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com *.ad.gt tags.srv.stackadapt.com *.abtasty.com c1.rfihub.net www.tintup.com *.twitter.com *.tintup.com *.twimg.com *.ngpvan.com d3js.org *.gstatic.com *.sitomobile.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com *.d3js.org sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co *.luckyorange.com *.luckyorange.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish *.abtasty.com api.ppsne.net *.salesforce.com *.optimizely.com *.everyaction.com *.myngp.com; img-src 'self' 'unsafe-inline' data: *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.paypalobjects.com *.phreesia.com tags.srv.stackadapt.com sync.search.spotxchange.com *.w55c.net *.userzoom.com acuityplatform.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.sitomobile.com *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net gwmtracking.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com *.abtasty.com optimize.google.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; frame-src 'self' *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com surveymonkey.com *.surveymonkey.com *.nomotraplaws.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com ww2.matchinggifts.com optimize.google.com *.everyaction.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com secure.everyaction.com; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com; 3
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://cdn.ravenjs.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 3
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com apollo.brides.com apollo.local.brides.com atlas.brides.com atlas.local.brides.com 3
frame-src https://*.doubleclick.net:* https://*.facebook.com:* https://*.google.com:* https://*.soundcloud.com:* https://*.spotify.com:* https://*.twitter.com:* https://*.vimeo.com:* https://*.youtube.com:* 3
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 3
default-src self https://tpc.googlesyndication.com; connect-src https://*; font-src 'self' data: https://*; frame-src https://*; img-src data: https://*; manifest-src https://*; media-src https://*; object-src https://*; style-src 'unsafe-inline' https://*; worker-src blob: https://*;script-src 'unsafe-inline' 'unsafe-eval' https://*;form-action 'self';base-uri 'self';frame-ancestors 'none'; 3
default-src https:; child-src https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 3
frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.agkn.com www.google-analytics.com www.googletagmanager.com c.betrad.com www.c.betrad.com c.evidon.com optout.betrad.com ajax.googleapis.com code.jquery.com optanon.blob.core.windows.net cdn.cookielaw.org geolocation.onetrust.com 3
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 3
connect-src *.cloudfront.net *.headspace.com api.amplitude.com api.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com a11673470095.cdn.optimizely.com apisandbox.zuora.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self'; img-src *.headspace.com ads.yahoo.com alb.reddit.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com www.facebook.com www.google-analytics.com www.google.a www.google.ac www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.b www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.c www.google.ca www.google.cat www.google.cc www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.a www.google.co.ao www.google.co.b www.google.co.bw www.google.co.c www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.k www.google.co.ke www.google.co.kr www.google.co.l www.google.co.ls www.google.co.m www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.t www.google.co.th www.google.co.tz www.google.co.u www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.v www.google.co.ve www.google.co.vi www.google.co.z www.google.co.za www.google.co.zm www.google.co.zw www.google.com.a www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.b www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.c www.google.com.co www.google.com.cu www.google.com.cy www.google.com.d www.google.com.do www.google.com.e www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.g www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.j www.google.com.jm www.google.com.k www.google.com.kh www.google.com.kw www.google.com.l www.google.com.lb www.google.com.lc www.google.com.ly www.google.com.m www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.n www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.com.np www.google.com.o www.google.com.om www.google.com.p www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.s www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.t www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.u www.google.com.ua www.google.com.uy www.google.com.v www.google.com.vc www.google.com.vn www.google.com www.google.cv www.google.cz www.google.d www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.e www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.g www.google.ga www.google.ge www.google.gf www.google.gg www.google.gl www.google.gm www.google.gp www.google.gr www.google.gy www.google.h www.google.hn www.google.hr www.google.ht www.google.hu www.google.i www.google.ie www.google.im www.google.io www.google.iq www.google.is www.google.it www.google.j www.google.je www.google.jo www.google.k www.google.kg www.google.ki www.google.kz www.google.l www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.m www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.p www.google.pl www.google.pn www.google.ps www.google.pt www.google.r www.google.ro www.google.rs www.google.ru www.google.rw www.google.s www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.t www.google.td www.google.tg www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self'; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production 3
frame-ancestors  oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca  *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 3
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 3
frame-ancestors 'self' https://help.thumbtack.com 3
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; object-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; 3
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://assets.secure.checkout.visa.com https://static.masterpass.com https://www.paypalobjects.com https://thm.visa.com; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://*.checkout.visa.com https://*.visa.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://*.checkout.visa.com https://script.crazyegg.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.masterpass.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://thm.visa.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.masterpass.com https://masterpass.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://*.checkout.visa.com https://thm.visa.com https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://*.masterpass.com https://masterpass.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 3
frame-ancestors 'self' accounts.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts-qa.lidl.com https://beeem.co; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 3
object-src 'none';  3
child-src * 3
frame-ancestors *; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src * 3
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 3
default-src 'self'; connect-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; font-src * data:  filesystem:; frame-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; img-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; media-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; object-src * data:  filesystem:  blob:  'unsafe-inline' 'unsafe-eval'; script-src * blob:  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 3
frame-ancestors 'self' *.brightspace.com; 3
font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org l.sharethis.com; 3
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net 'unsafe-eval';  script-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk 'unsafe-eval'; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self'; media-src lpcdn.lpsnmedia.net; 3
style-src 'self' 'unsafe-inline' 3
frame-ancestors *.2checkout.com *.2co.com *.avangate.com 3
frame-ancestors http://nba4free.com 3
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 3
frame-ancestors www.namesilo.com namesilo.com namesilo.vegas 3
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors https://*.hearstmags.com:* https://*.condenastdigital.com:*  https://staging.readystate.com:*  https://airbnbmag.com:*  https://hgtvcashsweepstakes.com:*  http://hgtvcashsweepstakes.com:*  https://*.believemagmedia.com:*  http://*.believemagmedia.com:*  http://devaws:*  http://devawsconde:* http://*.seventeen.com:* https://*.seventeen.com:* http://*.cosmopolitan.com:* https://*.cosmopolitan.com:* http://*.countryliving.com:* https://*.countryliving.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.goodhousekeeping.com:* https://*.goodhousekeeping.com:* http://*.harpersbazaar.com:* https://*.harpersbazaar.com:* http://*.housebeautiful.com:* https://*.housebeautiful.com:* http://*.marieclaire.com:* https://*.marieclaire.com:* http://*.oprah.com:* https://*.oprah.com:* http://*.popularmechanics.com:* https://*.popularmechanics.com:* http://*.redbookmag.com:* https://*.redbookmag.com:* http://*.townandcountrymag.com:* https://*.townandcountrymag.com:* http://*.veranda.com:* https://*.veranda.com:* http://*.delish.com:* https://*.delish.com:* http://*.foodnetwork.com:* https://*.foodnetwork.com:* http://*.hgtvmagazine.com:* https://*.hgtvmagazine.com:* http://*.elledecor.com:* https://*.elledecor.com:* http://*.caranddriver.com:* https://*.caranddriver.com:* http://*.elle.com:* https://*.elle.com:* http://*.womansday.com:* https://*.womansday.com:* http://*.roadandtrack.com:* https://*.roadandtrack.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.doctorozmag.com:* https://*.doctorozmag.com:* http://*.airbnbmag.com:* https://*.airbnbmag.com:* http://*.thepioneerwomanmagazine.com:* https://*.thepioneerwomanmagazine.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.womenshealthmag.com:* https://*.womenshealthmag.com:* http://*.menshealth.com:* https://*.menshealth.com:* http://*.bicycling.com:* https://*.bicycling.com:* http://*.runnersworld.com:* https://*.runnersworld.com:* http://*.prevention.com:* https://*.prevention.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.rodalebookazines.com:* https://*.rodalebookazines.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* 3
frame-ancestors *.adobe.com  http://adobe.lookbookhq.com https://adobe.lookbookhq.com http://adobeenterprise.lookbookhq.com https://adobeenterprise.lookbookhq.com 3
frame-ancestors 'self' www.haier.com *.haier.com http://mgta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 3
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com 3
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 3
frame-ancestors www.red-gate.com; 3
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com ; frame-ancestors 'self' https://*.belastingdienst.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com data: https://*.belastingdienst.nl ;font-src 'self' https://*.belastingdienst.nl; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://f1-eu.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://*.belastingdienst.nl https://f1-eu.readspeaker.com 'unsafe-inline' 3
default-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com; script-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com; img-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://*.facebook.com https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com data: blob:; frame-src https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://*.facebook.com https://*.twitter.com https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at; font-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 3
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com 3
default-src 'self' https: http: *.akamaihd.net *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.tweddle.com *.chryslerbrochures.com *.fcacert.com *.youtube.com *.ytimg.com externalservices.mopar.com *.2o7.net data: *.gstatic.com *.googleapis.com *.mopar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.akamaihd.net *.gigya.com *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.doubleclick.net *.apcisg.com *.nextgen-technology.net *.netmng.com *.googletagmanager.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.facebook.net *.ads-twitter.com analytics.twitter.com *.bluekai.com and *.bkrtx.com *.fcacert.com *.google-analytics.com *.googleapis.com *.ytimg.com *.youtube.com dpm.demdex.net assets.adobedtm.com tt.mbww.com *.salesforceliveagent.com *.chryslerbrochures.com; connect-src 'self' *.akstat.io *.fcacert.com *.akamaihd.net *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.googletagmanager.com *.pinimg.com *.pinterest.com sp.analytics.yahoo.com *.googleadservices.com *.googleapis.com *.doubleclick.net dpm.demdex.net *.mopartireprogram.com externalservices.mopar.com *.gigya.com; style-src 'self' 'unsafe-inline'; 3
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src civideos.ciapps.org 'self' data: blob:; child-src 'self' https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com apollo.mydomaine.com apollo.local.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 3
script-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline'; img-src 'self' data: *.startpage.com *.ixquick.com; frame-ancestors 'self' 3
frame-ancestors * 'self'; 3
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; img-src 'self' https://www.denic.de https://www.google-analytics.com; frame-src 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 3
form-action https: 3
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://tagmanager.google.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com http://maps.googleapis.com http://fonts.googleapis.com https://bam.nr-data.net https://dfc.inovestor.com https://cdn.syndication.twimg.com https://platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://www.cgi.com/en/report-uri/enforce 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.zoeasher.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com *.zoeasher.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.zoeasher.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src   av.estdosc.com  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 3
default-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com blob: events.bouncex.net api.edq.com wup-xavier.us.v2.customers.biocatch.com wup-bf672d0f.us.v2.we-stats.com; frame-ancestors *.aexp.com *.americanexpress.com *.ebates.com *.memberopinions.com *.rakuten.com *.realbuyer.com *.researchnow.com *.office.com *.winc.com; img-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com data: omn.americanexpress.com amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad2.adfarm1.adition.com ad4.adfarm1.adition.com p.adbrn.com secure.adnxs.com 20743471p.rfihub.com 20795861p.rfihub.com insight.adsrvr.org aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sandbox.dev.clover.com/v2/image/ sslwidget.criteo.com widget.criteo.com www.facebook.com ad.atdmt.com cnt.fout.jp googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net www.googleadservices.com/pagead/conversion media.iceportal.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ pixel.mathtag.com s1933033461.t.eloqua.com prf.hn farm.plista.com *.switchfly.com www.tripadvisor.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com image.resy.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ *.flashtalking.com pt.ispot.tv rs.gwallet.com *.cloudfront.net/receipts/assets/ *.cloudfront.net/assets/sqmarket/ api.tiles.mapbox.com/ s.mzstatic.com/email/images_shared/ t.teads.tv afiliacion.net affleads.latamtracking.com *.finn.ai/images/product-recommender/ events.bouncex.net pixel.newscred.com www.google-analytics.com track.adform.net *.doublemax.net *.microsoft.com; script-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline'; style-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com *.microsoft.com 'unsafe-inline'; frame-src 'self' dstatic.dev.ipc.us.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com *.idfy.io *.idfy.no reportaproblem.apple.com/receipts/ www.squareup.com/receipt/american-express-only/ androidpay.google.com pay.sandbox.google.com www.youtube.com www.google.com/recaptcha/ amex.qumucloud.com *.bounceexchange.com; report-uri https://consumer-travel.americanexpress.com/home/report/security/csp-violation; block-all-mixed-content 3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 3
default-src 'self' data: blob:; connect-src * blob:; font-src 'self' * 'unsafe-inline' data:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; media-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: *.stripe.com fullstory.com; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; child-src 'self' data: blob: *.stripe.com hotjar.com *.hotjar.com *.google.com headway-widget.net trustpilot.com *.trustpilot.com embed.neomam.com fullstory.com resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-ancestors 'self' vwo.com *.vwo.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 3
report-uri https://your-domain.report-uri.com/r/d/csp/reportOnly 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.bootstrapcdn.com *.facebook.net *.tctm.co *.clickdimensions.com *.googleadservices.com *.doubleclick.net *.trustarc.com globalstar.clarip.com *.addthis.com *.addthisedge.com *.bizographics.com *.linkedin.com *.gstatic.com unpkg.com rawgit.com *.avmws.com *.incontact.com jira.globalstar.com 3
frame-ancestors 'self' https://us-sunset-public.prd.invesco.net; 3
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand-ar.com flightbookings.airnewzealand-br.com flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.cn.airnewzealand.com flightbookings.de.airnewzealand.com flightbookings.en.airnewzealand-ar.com flightbookings.en.airnewzealand-br.com flightbookings.en.airnewzealand.cn flightbookings.grabaseat.co.nz flightbookings.jp.airnewzealand.com koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.rnengage.com *.custhelp.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com chat-prod-ap-southeast-2.s3.amazonaws.com www.everestjs.net *.demdex.net www.google-analytics.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com *.custhelp.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net 'self'; media-src 'self' ; frame-src 'self' www.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz hotels.airnewzealand.co.nz; connect-src 'self' api.airnewzealand.co.nz api.airnz.ai auth.airnewzealand.co.nz chat-prod-ap-southeast-2.s3.amazonaws.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com ws://*.hotjar.com wss://*.hotjar.com vc.hotjar.io in.hotjar.com yourir.info ssl.google-analytics.com muscula.herokuapp.com; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com 3
default-src 'self' https://derpicdn.net; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net; block-all-mixed-content 3
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com 3
frame-ancestors 'self' http://*.iframely.com 3
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 3
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.jsuol.com.br *.googleadservices.com *.googletagmanager.com *.ampproject.org *.ytimg.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net *.simg.uol.com.br *.uol.com *.uol.com.br *.pagseguro.com.br *.facebook.net *.xg4ken.com *.dynad.net *.marketo.com *.hotjar.com *.jsdelivr.net *.tailtarget.com *.bing.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://bam.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com 'unsafe-inline'; report-uri https://pagseguro.uol.com.br/csp-report 3
frame-src 'self' https://www.terminland.de *.datev.de *.novomind.com 3
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com https://tbl.tradedoubler.com clients1.google.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net wss://ws9.hotjar.com bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 3
form-action 'self' 3
frame-ancestors http://www.moex.com 3
upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: http://*.affperformance.com http://affperformance.com http://applications.claro.com.co http://gurmelgyo.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://hotjar.com https://1mvl.com https://ajax.aspnetcdn.com https://api.retargetly.com https://aplicaciones.claro.com.co https://applications.claro.com.co https://bid.g.doubleclick.net https://cbks0.googleapis.com https://cdn.embluemail.com https://claroparatiprimero.co https://connect.facebook.net https://fonts.googleapis.com https://geo0.ggpht.com https://googleads.g.doubleclick.net https://lh3.ggpht.com https://maps.google.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://raw.githubusercontent.com https://s.yimg.com https://sp.analytics.yahoo.com https://speedtest.claro.net.co https://static.hotjar.com https://static-or01.inbenta.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tienda.claro.com.co https://tiendavirtual.claro.com.co https://www.claro.com.co https://www.facebook.com https://www.google.com https://www.google.com.co https://www.google.com.mx https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; media-src mediastream:; 3
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 3
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3
object-src 'self'; frame-ancestors 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 3
frame-ancestors 'self' *.dnc.io 3
frame-ancestors *.straumann.com  3
script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';img-src data: https: 'self';connect-src https: 'self' wss://*.hotjar.com; 3
default-src 'self'; frame-src avsecure.dev; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
script-src 'unsafe-inline' 'unsafe-eval' https:; 3
default-src 'unsafe-inline' 'unsafe-eval' https: data: 3
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com data:; 3
default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.jtl-software.de https://stats.jtl-software.de https://www.youtube.com https://maps.googleapis.com https://s.ytimg.com https://www.google.com https://www.jtl-software.de https://jira.jtl-software.de https://*.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://code.jquery.com; img-src 'self' https://bilder.jtl-software.de https://stats.jtl-software.de https://img.youtube.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com data:; frame-src 'self' https://consent.jtl-software.de https://www.youtube.com https://jira.jtl-software.de https://www.google.com https://stats.jtl-software.de; form-action 'self' https://jtl-software.us9.list-manage.com https://www.paypal.com https://oauth2.api.jtl-software.com; base-uri 'self'; connect-src https://consent.jtl-software.de 'self'; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; report-uri https://report.api.jtl-software.com/csp/; 3
default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://js-agent.newrelic.com https://www.google-analytics.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com;        img-src 'self' 'unsafe-inline'  https://www.google-analytics.com http://bytemgdd.com https://stats.g.doubleclick.net https://a.impactradius-go.com https://www.google.com; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 3
frame-ancestors 'self' http://carbonblack.lookbookhq.com https://carbonblack.lookbookhq.com http://content.carbonblack.com https://content.carbonblack.com 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.world4you.com *.world4you.at *.w4y.at *.hostingprovider.at wss://www.world4you.com  *.google-analytics.com *.doubleclick.net *.g.doubleclick.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com track.adform.net c1.adform.net server.seadform.net  *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tm *.google.tn *.google.tt  *.spreadshirt.de *.spreadshirt.at *.spreadshirt.net  https://*.youtube.com s.ytimg.com;report-uri /redx/ext/contentsecuritypolicy/report.php; 3
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 3
script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /cspreport 3
connect-src 'self'; 3
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com;object-src 'none';report-uri //in.csgofast.com/csp; 3
base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;media-src 'self' blob:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;worker-src 'self' blob: 3
default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com 3
frame-ancestors 'self' *.loveknitting.com *.loveknitting.de *.loveknitting.co.uk *.loveknitting.com.au *.lovecrochet.com *.lovecrochet.de *.lovecrochet.co.uk *.lovecrochet.com.au *.lovestitching.com *.lovecrafts.com *.yarnmarket.com *.yarndex.com *.sewandso.co *.sewandso.eu *.sewandso.co.uk *.sewandso.com 3
connect-src 'self' habboo-a.akamaihd.net *.habbo.com *.g.doubleclick.net https://hb.improvedigital.com https://pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com *.googlesyndication.com *.gstatic.com images.habbogroup.com http://images.habbogroup.com http://*.habbo.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net https://hb.improvedigital.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com https://hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com http://*.idcgames.com www.funnygames.fi http://www.funnygames.fi www.funnygames.es http://www.funnygames.es www.funnygames.nl http://www.funnygames.nl www.funnygames.fr http://www.funnygames.fr www.funnygames.it http://www.funnygames.it www.funnygames.us http://www.funnygames.us www.funnygames.eu http://www.funnygames.eu www.funnygames.biz http://www.funnygames.biz www.funnygames.com.br http://www.funnygames.com.br *.gamesxl.com http://*.gamesxl.com keygames.com http://keygames.com www.games.co.za http://www.games.co.za www.bgames.com https://www.bgames.com starbie.co.uk https://starbie.co.uk nyckelspel.se https://nyckelspel.se www.elkspel.nl http://www.elkspel.nl www.spele.nl http://www.spele.nl www.spele.be http://www.spele.be www.spelletjesoverzicht.nl http://www.spelletjesoverzicht.nl *.orangegames.com http://*.orangegames.com hyvesgames.nl https://hyvesgames.nl spele.nl http://spele.nl *.giochixl.it http://*.giochixl.it www.1001giochi.it http://www.1001giochi.it minigioco.it https://minigioco.it *.jeuxdelajungle.fr http://*.jeuxdelajungle.fr www.1001games.fr http://www.1001games.fr jouerjouer.com https://jouerjouer.com spele.be http://spele.be oyun.mynet.com http://oyun.mynet.com gamecell.com https://gamecell.com www.gamecell.com https://www.gamecell.com oyungemisi.com https://oyungemisi.com *.1001pelit.com http://*.1001pelit.com pelaaleikkia.com https://pelaaleikkia.com www.isladejuegos.es http://www.isladejuegos.es clavejuegos.com https://clavejuegos.com *.1001spiele.de http://*.1001spiele.de www.jetztspielen.ws http://www.jetztspielen.ws www.spielaffe.de http://www.spielaffe.de *.spielspiele.de http://*.spielspiele.de spielspiele.de https://spielspiele.de *.1001jogos.pt http://*.1001jogos.pt jogojogar.com https://jogojogar.com https://hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com https://hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 3
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests 3
default-src 'self'; connect-src 'self' *.yandex.ru *.google-analytics.com *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.livetex.ru *.livetex.me *.mail.ru *.google.com.ua; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.wp.com *.google.com *.cloudflare.com; script-src-elem 'self' 'unsafe-inline' opentracking.ru *.cloudflare.com cdn.syndication.twimg.com app.link *.ytimg.com *.branch.io *.twitter.com *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.mail.ru *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.wp.com *.google.com *.gstatic.com www.instagram.com *.jsdelivr.net; img-src 'self' *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.livetex.ru *.livetex.me *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru *.twimg.com *.twitter.com *.gstatic.com data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com; child-src 'self' *.youtube.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.livetex.ru *.livetex.me onesignal.com *.onesignal.com www.instagram.com *.google.com; font-src 'self' 'unsafe-inline' *.gstatic.com *.livetex.ru *.livetex.me data:; media-src 'self' *.livetex.ru *.livetex.me; frame-ancestors 'self' *.google.com webvisor.com *.webvisor.com; 3
font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com http://www.concentrix.com http://concentrix.com data: https://1cfrbv1cz8j13t7nr4n67ss1-wpengine.netdna-ssl.com; frame-ancestors https://cvgdotcomprodprvw.azurewebsites.net/careers https://careers.concentrix.com/ https://careers.concentrix.com/careers? https://cvgdotcomprodprvw.azurewebsites.net; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline'  data: https://wapi.nic.fr https://www.google.com http://www.afnic.fr/  http://s7.addthis.com https://s7.addthis.com http://m.addthisedge.com/ https://m.addthisedge.com/ http://m.addthis.com/ https://m.addthis.com/ platform.twitter.com http://www.google-analytics.com https://ssl.google-analytics.com/ https://www.afnic.fr/  https://cdn.syndication.twimg.com/widgets/ ; object-src 'self' https://s7.addthis.com https://www.google.com/jsapi https://cdn.syndication.twimg.com ; form-action 'self'; child-src https://www.openstreetmap.org/ https://platform.twitter.com https://maps.google.fr/ https://www.dailymotion.com https://www.youtube.com/ https://s7.addthis.com https://www.google.com https://www.facebook.com/ http://www.facebook.com/ http://eyedo.tv/ https://eyedo.tv/ ;frame-ancestors https://www.facebook.com/ http://www.facebook.com/ 3
frame-ancestors 'self' https://www.endesaclientes.com https://www.energiaxxi.com https://tempoconbisbal.com http://www.endesadiagnosticoenergetico.com http://www.endesadiagnosticoenergetico.com https://www.facebook.es https://www.facebook.com https://www.aaff.endesaclientes.com *.endesa.com 3
default-src * blob:; font-src * data:; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; report-uri https://cspreports.azurewebsites.net/api/PostReport 3
frame-ancestors 'self' *.psplugin.com *.aicpa.org *.cgma.org 3
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com;  3
frame-ancestors 'self' ; report-uri /error/csp/ 3
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 3
frame-src *; 3
frame-ancestors *.mama.webvole.com 3
frame-ancestors http://*.realestateabc.com https://*.realestateabc.com https://*.realestateabc2.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 3
frame-ancestors 'self' http://testrewarding.wind.it; 3
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors https://www.att.com.mx/ http://visualivr.att.com.mx/ 3
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 3
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de; 3
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital; base-uri 'self'; img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com; font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital data: use.typekit.net http://static.hotjar.com https://static.hotjar.com; style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital 'unsafe-inline' *.typekit.net; script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-eval' 'unsafe-inline'; child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital www.google.com https://vars.hotjar.com; connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com cms.blf.digital https://vars.hotjar.com; report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 3
connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 3
base-uri ' ' 3
default-src 'self' data: *.webasto.com webasto-comfort.com *.webasto-comfort.com *.aticdn.net *.easyway.site *.usercentrics.eu *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io *.galacticweb.net wss://firebot.galacticweb.net *.bootstrapcdn.com *.randomuser.me randomuser.me *.netrk.net s3-eu-west-1.amazonaws.com; style-src 'unsafe-inline' 'self' *.webasto.com *.aticdn.net *.easyway.site *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io *.galacticweb.net *.bootstrapcdn.com *.randomuser.me *.netrk.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.webasto.com *.aticdn.net *.easyway.site *.usercentrics.eu *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io firebot.io *.galacticweb.net *.bootstrapcdn.com *.randomuser.me randomuser.me *.netrk.net 3
frame-ancestors 'self';upgrade-insecure-requests 3
frame-ancestors https://www.usgacardshop.com http://www.usgacardshop.com http://www.123print.com http://www.brookhollowcards.com http://www.cardsdirect.com https://www.123print.com https://www.brookhollowcards.com https://www.cardsdirect.com http://*.cardsdirect.com https://*.123print.com http://*.123print.com https://*.brookhollowcards.com http://*.brookhollowcards.com; 3
upgrade-insecure-requestsf 3
script-src 'unsafe-inline' 'unsafe-eval' * data: 3
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3
worker-src 'self'; 3
default-src * 'unsafe-eval' 'unsafe-inline' data:; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com; 3
default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 3
default-src 'self' http://www.youtube.com/ wss://www.reasedoper.pw http://reasedoper.pw https://reasedoper.pw https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://nathetsof.com/ http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://www.nathetsof.com/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 3
default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ;  style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:  3
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.addtoany.com s7.addthis.com m.addthis.com m.addthisedge.com js.hubspot.com forms.hsforms.com www.google-analytics.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.addtoany.com; child-src 'self' s7.addthis.com forms.hsforms.com static.addtoany.com; img-src 'self' forms.hubspot.com stags.bluekai.com data: 2.gravatar.com wpml.org toolset.com www.google-analytics.com; connect-src 'self' api.lever.co m.addthis.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: * 3
default-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
frame-ancestors 'self' *.cinradio.org:* *.wvxu.org:* *.wguc.org:*; 3
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 3
frame-ancestors 'self' apply.v12finance.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://www.google.com https://apis.google.com https://fonts.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://www.googleadservices.com https://panel.stopthehacker.com https://v2.magemail.co https://magemail.co https://www.googlecommerce.com https://www.gstatic.com https://*.facebook.net https://crazyegg.com https://script.crazyegg.com https://*.addthis.com https://*.addthisedge.com https://*.bing.com https://*.pinterest.com https://*.powerreviews.com https://*.nr-data.net https://*.doubleclick.net https://*.typekit.net https://*.marinsm.com https://*.googletagmanager.com https://*.tm00.com https://*.cloudfront.net https://*.zendesk.com https://*.newrelic.com https://*.zdassets.com https://*.zopim.com https://*.steelhousemedia.com https://*.newrelic.com https://*.godatafeed.com https://*.steelhousemedia.com https://maps.googleapis.com https://s3.amazonaws.com https://mpsnare.iesnare.com https://www.googleapis.com https://*.nexcesscdn.net https://r2-t.trackedlink.net https://static.trackedweb.net https://h.online-metrix.net https://z.moatads.com; connect-src 'self' 'unsafe-inline' https://v2.magemail.co https://www.google.com https://ssl.google-analytics.com https://www.facebook.com https://magemail.co https://panel.stopthehacker.com https://www.google.com https://insights.hotjar.com https://*.addthis.com https://*.bing.com https://*.powerreviews.com https://*.zdassets.com https://*.zendesk.com https://*.typekit.net/ https://*.zopim.com ws://*.zopim.com ws://*.zendesk.com https://*.wyng.com https://bam.nr-data.net https://api.offerpop.com https://www.google-analytics.com https://*.nexcesscdn.net https://r2.trackedweb.net; style-src 'self' 'unsafe-inline' https://magemail.co https://fonts.googleapis.com https://v2.magemail.co https://*.powerreviews.com https://*.bootstrapcdn.com https://*.nexcesscdn.net https://use.typekit.net https://use.fontawesome.com https://p.typekit.net; img-src 'self' https://www.facebook.com https://ssl.google-analytics.com https://panel.stopthehacker.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.googleadservices.com https://*.outdoorsignsamerica.com https://*.magentocommerce.com https://*.pinterest.com https://*.addthis.com https://*.amazon-adsystem.com https://*.typekit.net https://*.powerreviews.com https://*.cloudinary.com https://*.adsymptotic.com https://*.adsrvr.org https://*.zopim.com https://www.google-analytics.com https://www.googletagmanager.com https://dsum-sec.casalemedia.com https://images.ebsco.com https://*.googleapis.com data: https://*.advertising.com https://dpm.demdex.net https://maps.gstatic.com https://*.adnxs.com https://ads.yahoo.com https://m.addthisedge.com https://*.amazonaws.com https://*.steelhousemedia.com https://pixel.rubiconproject.com https://pixel.tapad.com https://*.bluekai.com https://s.thebrighttag.com https://simage2.pubmatic.com https://adadvisor.net https://beacon.krxd.net https://uipglob.semasio.net https://x.bidswitch.net https://match.sharethrough.com https://ads.scorecardresearch.com https://aa.agkn.com https://*.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://privacy-policy.truste.com https://www.oakmountainoutfitters.com https://*.nexcesscdn.net; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://*.bootstrapcdn.com https://*.zopim.com data: https://*.cloudfront.net https://*.amazonaws.com https://*.nexcesscdn.net https://use.fontawesome.com; frame-src 'self' https://vars.hotjar.com https://www.google.com https://*.googleadservices.com https://*.doubleclick.net https://*.facebook.com https://connect.facebook.net https://www.youtube-nocookie.com https://*.addthis.com https://*.authorize.net https://*.bing.com https://*.pinterest.com https://*.zendesk.com https://*.tm00.com https://*.youtube.com https://*.wyng.com https://*.cybersource.com; object-src 'self' https://mpsnare.iesnare.com; media-src 'self' https://static.zdassets.com 3
frame-ancestors 'self' http://webvisor.com/ 3
default-src 'self' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://www.google-analytics.com *.doubleclick.net https://staticxx.facebook.com https://platform.twitter.com http://i.vimeocdn.com https://player.vimeo.com *.youtube-nocookie.com https://www.youtube.com/iframe_api *.linkedin.com *.mktoresp.com http://stats.sa-as.com https://www.facebook.com https://www.google.com https://tracking.leadlander.com *.siteimproveanalytics.io https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com *.fullstory.com https://api.company-target.com https://static.smartrecruiters.com https://www.smartrecruiters.com https://subscriptions.smartrecruiters.com/ https://cdn.jsdelivr.net https://scripts.demandbase.com https://themes.googleusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://s.ytimg.com http://siteimproveanalytics.com https://www.google-analytics.com https://sjs.bizographics.com *.linkedin.com http://connect.facebook.net https://apis.google.com http://platform.twitter.com http://*.marketo.net https://*.marketo.net http://*.marketo.com https://*.marketo.com http://t.sf14g.com http://stats.sa-as.com https://d6digital.atlassian.net https://player.vimeo.com http://i.vimeocdn.com *.youtube-nocookie.com https://www.youtube.com/iframe_api https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com https://fullstory.com/s/fs.js https://tag.demandbase.com https://scripts.demandbase.com https://static.smartrecruiters.com/job-widget/1.4.2/script/smart_widget.js https://static.smartrecruiters.com/job-widget/1.4.2/script/jquery.min.js https://use.fontawesome.com/releases/v5.8.2/js/all.js https://use.fontawesome.com/releases/v5.8.2/js/v4-shims.js https://www.smartrecruiters.com https://trk.techtarget.com/tracking.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.1.min.js https://subscriptions.smartrecruiters.com/widget/v1/sr-job-alerts.js https://cdn.jsdelivr.net https://themes.googleusercontent.com; style-src 'self' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://static.smartrecruiters.com/job-widget/1.4.2/css/smart_widget.css https://scripts.demandbase.com https://cdn.jsdelivr.net https://themes.googleusercontent.com; img-src 'self' data: * 3
frame-ancestors 'self' http://*.olympus-ims.com http://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 3
form-action https:; upgrade-insecure-requests 3
default-src 'self'; connect-src 'self' https://media.manufactum.de https://*.scene7.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data:  https://*.econda-monitor.de https://manufactum.scene7.com https://media.manufactum.de https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; child-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de; frame-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de; worker-src blob:; media-src blob: 'self' https://media.manufactum.de https://*.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://media.manufactum.de https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/  https://*.econda-monitor.de https://www.googletagmanager.com https://www.google-analytics.com 'sha256-24E9spO23svDkTBI3pZ9OBMtJ9sLH2RiAbSkYdi/38c=' 'sha256-RK5gWrwaWY7/F6AUGQ9ZmFFw6206P+y8yxL2hevtowc='; style-src 'self' 'unsafe-inline' https://media.manufactum.de; report-uri /sell/csp-violation; base-uri 'self' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 3
default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:*  *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:*  *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-ancestors 'self' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade;  3
default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com; child-src 'self' data: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.efix.local; report-uri https://content.webapi-services.net/csp-reports; 3
default-src 'self' data: 'unsafe-inline' *; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net  *.kissmetrics.com *.googlesyndication.com; 
	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.googlesyndication.com *; 
	img-src 'unsafe-inline' 'unsafe-eval' data: *; 
	frame-src 'unsafe-inline' 'unsafe-eval' data:  *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors https://accounts.cft.ru 3
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 3
frame-ancestors *.ia.ca *.inalco.com *.ia.iafg.net 3
frame-ancestors 'self' https://www.ipornogratis.xxx; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 3
default-src https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://*.gstatic.com/ 'self';connect-src wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ 'self'; frame-src https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; img-src https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ 'self'  'unsafe-inline' 'unsafe-eval' data: javascript:; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 3
frame-src https://myota.tradingacademy.com http://myota.tradingacademy.com https://www.google.com/ https://www.youtube.com/; 3
default-src 'self'; connect-src 'self' *; font-src 'self' data: fonts.googleapis.com *.fonts.googleapis.com *.gstatic.com *.tagmanager.google.com tagmanager.google.com; img-src 'self' data: *; object-src jsctool.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; media-src 'self' *.youtube.de *.youtube.com *.youtu.be; frame-src 'self' *.adup-tech.com adup-tech.com *.youtube.de *.youtube.com *.youtu.be *.herma.de *.umfragen-einfach.de *.doubleclick.net *.criteo.com *.webmasterplan.com; manifest-src 'self'; upgrade-insecure-requests 3
script-src: self 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.t-d.se *.samverkanvg.se; 3
report-uri https://sentry.io/api/1206618/security/?sentry_key=4b848061416d44a9bc925db5abadefe2; script-src 'sha256-Ts27q07p85zj6lP0C2RfEBow/9/pzUKPMPCzun4gVsM=' 'self' 'sha256-1YrbG8QwHCBZ/yPHHp3HYjApFDJarm5Vd4yApKmZFF8=' 'sha256-dpe4WCD+kaXoMwpGVbqlnonTY8h9WMlkYkjr6HNigZI=' 'sha256-BFNbySi0B1OrSteurMapAFkLNsrUrmXjTJ7UCeV6Fzw=' 'sha256-Ofm9Bdj8WcPK7QXEcV/jes2E1y9OHm39JAxAqPEceu0=' https://static.smartrecruiters.com https://cdn.materialdesignicons.com https://fonts.googleapis.com https://fonts.gstatic.com https://breadwallet.us14.list-manage.com; default-src 'self'; connect-src 'self' https://sentry.io https://storerocket.io https://api.mapbox.com; style-src 'self' blob: 'unsafe-inline' cdn.materialdesignicons.com fonts.googleapis.com api.tiles.mapbox.com; font-src 'self' cdn.materialdesignicons.com fonts.gstatic.com; worker-src 'self' blob:; child-src 'self' blob:; img-src 'self' data: blob: https://storage.googleapis.com/ https://brd.imgix.net/; frame-src 'self' blob: https://www.youtube.com/ 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com; style-src 'self' 'unsafe-inline' https://cloud.webtype.com https://hello.myfonts.net https://fonts.googleapis.com; font-src 'self' https://cloud.webtype.com https://static.hotjar.com https://fonts.gstatic.com data:; img-src 'self' https://pls.webtype.com https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com data:; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob:; frame-ancestors 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 3
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3
default-src 'self' polska.pl;frame-src 'self' www.youtube.com www.flickr.com; style-src  'unsafe-inline' 'self' ;object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; script-src  www.google-analytics.com  maps-api-ssl.google.com maps.googleapis.com 'self' 'sha256-hSKFpkCaj1fog8/oqTGSt73LiPQHQ6PlNdS1BvIisYI=' 'sha256-3EZfXh3VS4fiZSZk7hoFtQsV0SUGRnA2D8qYVKOVbDk=' 'sha256-8290JQd/ST+MhN5OI6dR/+ppjuu/6B7WqyH60ZoTQvc=' 'unsafe-eval' ;img-src  http://polska.pl/ *.google-analytics.com maps.gstatic.com  'self' 3
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; referrer no-referrer-when-downgrade 3
default-src 'self' http: https: data: blob: 'unsafe-inline' blob: 'unsafe-eval' 3
default-src https: wss: 'unsafe-eval' 'unsafe-inline' data: 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
default-src 'self'; frame-ancestors 'self' https://www.iil.slackandcompany.com/ https://iil.slackandcompany.com/ http://www.iil.slackandcompany.com/ http://iil.slackandcompany.com/ https://www.insideidealabs.com/ https://insideidealabs.com/ http://www.insideidealabs.com/ http://insideidealabs.com/ https://www.insideidealabs.com.ar https://insideidealabs.com.ar http://www.insideidealabs.com.ar http://insideidealabs.com.ar https://www.insideidealabs.de https://insideidealabs.de http://www.insideidealabs.de http://insideidealabs.de https://www.insideidealabs.pe https://insideidealabs.pe http://www.insideidealabs.pe http://insideidealabs.pe https://www.insideidealabs.com.br https://insideidealabs.com.br http://www.insideidealabs.com.br http://insideidealabs.com.br https://www.insideidealabs.jp https://insideidealabs.jp http://www.insideidealabs.jp http://insideidealabs.jp https://www.insideidealabs.eu https://insideidealabs.eu http://www.insideidealabs.eu http://insideidealabs.eu https://www.insideidealabs.co.kr https://insideidealabs.co.kr http://www.insideidealabs.co.kr http://insideidealabs.co.kr https://www.insideidealabs.kr https://insideidealabs.kr http://www.insideidealabs.kr http://insideidealabs.kr https://www.insideidealabs.cn https://insideidealabs.cn http://www.insideidealabs.cn http://insideidealabs.cn https://www.insideidealabs.com.cn https://insideidealabs.com.cn http://www.insideidealabs.com.cn http://insideidealabs.com.cn https://www.insideidealabs.mx https://insideidealabs.mx http://www.insideidealabs.mx http://insideidealabs.mx https://www.insideidealabs.sg https://insideidealabs.sg http://www.insideidealabs.sg http://insideidealabs.sg https://www.insideidealabs.asia https://insideidealabs.asia http://www.insideidealabs.asia http://insideidealabs.asia https://www.insideidealabs.co https://insideidealabs.co http://www.insideidealabs.co http://insideidealabs.co https://www.insideidealabs.co.uk https://insideidealabs.co.uk http://www.insideidealabs.co.uk http://insideidealabs.co.uk https://www.insideidealabs.uk https://insideidealabs.uk http://www.insideidealabs.uk http://insideidealabs.uk ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; media-src 'self' *; connect-src 'self' *; frame-src  'self' *; style-src 'self' 'unsafe-inline' * 3
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 3
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 3
frame-ancestors https://ap.diginsite.net www.togethercu.org 3
frame-src https: 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: 3
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: com-vonq-main.collector.snplow.net *.cloudfront.net *.bootstrapcdn.com *.nuffic.nl *.clickdimensions.com *.maphub.net *.force.com *.thehagueuniversity.com *.dehaagsehogeschool.nl *.dehaagsehogeschool.nl.local *.dehaagsehogeschool.nl.dev *.hhs.local *.thuas.local *.youtube.com *.ytimg.com *.fbcdn.net *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.twitter.com *.linkedin.com *.hotjar.io *.hotjar.com *.doubleclick.net *.googleadservices.com *.google.com *.google.nl *.cookiebot.com *.jsdelivr.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube-nocookie.com *.twimg.com *.azureedge.net *.svc.dynamics.com; object-src 'self'; 3
block-all-mixed-content; report-uri /v1/csplog 3
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; report-uri /report-csp-violation 3
frame-ancestors 'self' *.moneyam.com; 3
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; frame-ancestors 'self' app.optimizely.com;font-src * data: 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://cdn.syndication.twimg.com https://syndication.twitter.com http://www.google-analytics.com https://www.google-analytics.com https://pbs.twimg.com https://platform.twitter.com https://abs.twimg.com https://ton.twimg.com http://i.ytimg.com https://noembed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://s.ytimg.com https://noembed.com; frame-src 'self' https://syndication.twitter.com https://platform.twitter.com http://maps.google.com https://maps.google.com https://www.google.com https://www.youtube.com; 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; report-uri /debug/csp; 3
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
script-src 'self' http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 3
: default-src 'self' 3
frame-ancestors 'self' *.seniorenportal.de; 3
frame-ancestors https://*.tigo.com.bo https://tigo.com.hn https://www.tigo.com.hn https://www.tigo.com.sv https://smart.tigo.com.py  https://tigo.com.py https://www.tigo.com.py; 3
unsafe-inline 3
frame-src 'self' *.jiathis.com *.baidu.com 3
script-src 'unsafe-inline' 'unsafe-eval' *.domaindiscount24.com www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.google.com www.gstatic.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' *.domaindiscount24.com fonts.googleapis.com fonts.gstatic.com www.gstatic.com tagmanager.google.com 3
script-src 'unsafe-inline' 'unsafe-eval' http: https: 3
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 3
frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg https://*.castlery.co 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src 'self' d1ebsyxxbc7tep.cloudfront.net *.sturgiswebservices.com *.google.com *.masterpass.com *.visa.com *.americanexpress.com *.vpsenv.com *.paylocalgov.com *.demovps.com;report-to https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; report-uri https://5aaf96f4519a06998681dfe7412c5c5c.report-uri.com/r/d/csp/reportOnly; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com maxcdn.bootstrapcdn.com www.youtube.com www.googletagmanager.com *.makitamedia.com *.gstatic.com *.ytimg.com ssl.google-analytics.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.facebook.com *.addthis.com *.addthisedge.com *.google.com *.icmsmakita.eu 3
frame-src http: https: ; frame-ancestors http: https: ; 3
default-src 'self' *.arnoldbread.com *.brownberry.com *.oroweat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.econsumeraffairs.com *.consumercare.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com  *.consumercare.net *.econsumeraffairs.com *.google.com cdn.jsdelivr.net *.facebook.net *.likebtn.com *.pinterest.com *.facebook.com *.typekit.com *.trackduck.com *.sharethis.com dnn506yrbagrg.cloudfront.net *.m4dc.com data: ; object-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.trackduck.com  *.googleapis.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.likebtn.com *.typekit.net *.sharethis.com; img-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.gravatar.com *.google-analytics.com *.trackduck.com *.google.com stats.g.doubleclick.net *.facebook.com  *.googleapis.com cdn.jsdelivr.net *.typekit.net  *.sharethis.com *.blob.core.windows.net *.dev-2.development-preview.com  *.gstatic.com gravatar.com gtrk.s3.amazonaws.com *.google.co.in/ads data:; media-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com; frame-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.google.com cdn.jsdelivr.net pages.icpro.co *.trackduck.com *.youtube.com *.facebook.com *.sharethis.mgr.consensu.org *.sharethis.com *.m4dc.com; font-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com fonts.gstatic.com  maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.typekit.com data: *.typekit.net *.trackduck.com; connect-src 'self'  *.arnoldbread.com *.brownberry.com *.oroweat.com *.facebook.com *.trackduck.com *.sharethis.com wss: data: *.gravatar.com *.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report, default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3
frame-ancestors 'self' http://tags2.adshell.net http://clk.sportstream.live 3
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'self'; media-src 'none'; frame-src 'self'; 3
img-src 'unsafe-eval' 'unsafe-inline' blob: http: https: data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https: http:; default-src 'self' data: gap: https: 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://www.google.com/ https://ajax.googleapis.com/ https://s3-us-west-2.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://ajax.googleapis.com/; font-src 'self'; img-src 'self' data: https://cdn.ckeditor.com/ https://code.jquery.com/; frame-src https://www.openstreetmap.org/; frame-ancestors 'none'; connect-src 'self'; object-src 'self' 3
default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 3
default-src 'none'; object-src 'self'; media-src blob: https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://browser-update.org https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com; connect-src 'self'  https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.ch https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 3
frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 3
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 3
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 3
default-src 'self'  *.avizia.com *.avizia.io;connect-src 'self'  *.avizia.com *.avizia.io  www.google-analytics.com;font-src 'self'  *.avizia.com *.avizia.io fonts.gstatic.com data:;frame-src 'self'  *.avizia.com *.avizia.io https://amwell.speedtestcustom.com  evclient.americanwell.com evclient.americanwell.com *.doubleclick.net tracking.amwell.com tlink.io *.go2cloud.org launch1.co *.rfihub.com tracking.pzzaz.com blob: TelehealthVideo11.4.0.0: TelehealthVideo11.3.4.0: *.krxd.net s.thebrighttag.com;img-src 'self'  *.avizia.com *.avizia.io data: *.gstatic.com maps.google.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com adservice.google.com *.facebook.com tracking.amwell.com *.xg4ken.com *.mnixpixel.com anthemlho.apxprogrammatic.com mpp.vindicosuite.com bs.serving-sys.com b.collective-media.net secure.adnxs.com insight.adsrvr.org tags.w55c.net pc3.yumenetworks.com sp.analytics.yahoo.com omni.springserve.com segs.btrll.com insight.adsrvr.org as.chango.com pixel.quantserve.com *.clickmeter.com click.programmatictrader.com *.twitter.com *.t.co traffic.outbrain.com q.quora.com ib.mookie1.com t.visto1.net *.doubleclick.net *.krxd.net www.storygize.net;script-src 'self'  *.avizia.com *.avizia.io 'unsafe-inline' 'unsafe-eval'  maps.googleapis.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.googleadservices.com adservice.google.com connect.facebook.net *.xg4ken.com *.wtp101.com *.rfihub.net *.twitter.com *.krxd.net s.thebrighttag.com s.btstatic.com ;style-src 'self'  *.avizia.com *.avizia.io 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;report-uri /restws/api/cspViolation 3
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 3
default-src 'self' *.iphouse.com data: 'unsafe-inline' 'unsafe-eval'; 3
default-src https: 'unsafe-inline' 3
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' 2
default-src 'self' data: blob:;script-src *.whatsapp.com *.whatsapp.net *.google-analytics.com *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src *.whatsapp.com *.whatsapp.net *.google-analytics.com wss://*.facebook.com:*;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.google-analytics.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;frame-src *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com; 2
frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net *.pingdom.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com/iframe_api h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com authsite.roblox.com 2
frame-ancestors *.mediafire.com 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://broadcast.st.dl.bscstorage.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; 2
frame-ancestors 'self' *.grammarly.com 2
frame-ancestors 'none'; upgrade-insecure-requests 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com static.xx.fbcdn.net data:; 2
frame-ancestors *.newrelic.com 2
report-uri https://sentry.io/api/190356/security/?sentry_key=0fb44384b50e4ee692405615e7837304; upgrade-insecure-requests 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/epicurious 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com apollo.investopedia.com apollo.local.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 2
frame-ancestors 'self' https://cms.qz.com; upgrade-insecure-requests 2
default-src 'none'; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com; img-src 'self' data: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/; font-src 'self' https://cdnjs.cloudflare.com;connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com; 2
frame-ancestors http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 2
frame-ancestors https://*.parallels.com https://*.prls.net; 2
default-src 'self' data: blob:;script-src 'unsafe-eval' 'unsafe-inline' *.facebook.com *.fbcdn.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *;connect-src 'self' https://*.whatsapp.com;font-src data:;img-src *;frame-src whatsapp:; 2
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss: blob:; object-src https:; 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.trustarc.com https://trustarc.secure.force.com connect.facebook.net cdnjs.cloudflare.com www.googletagmanager.com tagmanager.google.com https://remote.captcha.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://code.jquery.com ssl.google-analytics.com https://s3.amazonaws.com/scripts-clickmeter-com/js/go.js https://player.vimeo.com https://www.gstatic.com ajax.googleapis.com www.google-analytics.com munchkin.marketo.net snap.licdn.com https://maxcdn.bootstrapcdn.com eu-icon-qa-sf.truste-svc.net consent.truste.com consent.trustarc.com staticxx.facebook.com www.facebook.com googleads.g.doubleclick.net www.googleadservices.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.linkedin.com https://dc.ads.linkedin.com https://ssl-munchkin.marketo.net https://apis.google.com https://platform.twitter.com https://boards.greenhouse.io https://cdn.walkme.com https://d3sbxpiag177w8.cloudfront.net https://translate.google.com https://translate.googleapis.com https://hire.withgoogle.com https://djtflbt20bdde.cloudfront.net https://vault.pactsafe.io https://d3l1mqnl5xpsuc.cloudfront.net https://c.la2-c2-ord.salesforceliveagent.com https://d.la2-c2-ord.salesforceliveagent.com https://service.force.com https://trustarc.my.salesforce.com; img-src 'self' https://www.trustarc.com https://consent-pref.trustarc.com http://s3-us-west-1.amazonaws.com https://s3-us-west-1.amazonaws.com https://www.truste.com https://info.trustarc.com http://static.truste.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com https://web.facebook.com https://maps.gstatic.com https://privacy-policy.truste.com https://login.truste.com www.facebook.com www.google.com eu-icon-qa-sf.truste-svc.net consent.trustarc.com www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://ssl.google-analytics.com https://static.licdn.com data: https://stats.g.doubleclick.net https://www.linkedin.com https://syndication.twitter.com https://ec.walkme.com https://googleads.g.doubleclick.net https://choices.trustarc.com https://translate.googleapis.com https://translate.google.com https://www.google.ca https://secure.gravatar.com https://d3r8bdci515tjv.cloudfront.net https://px.ads.linkedin.com; frame-src 'self' https://www.trustarc.com https://player.vimeo.com staticxx.facebook.com https://info.trustarc.com eu-icon-qa-sf.truste-svc.net consent-pref.trustarc.com https://www.youtube.com https://youtu.be https://www.google.com https://download.trustarc.com https://platform.twitter.com https://www.facebook.com https://platform.linkedin.com https://apis.google.com https://syndication.twitter.com https://accounts.google.com https://boards.greenhouse.io https://cdn.walkme.com consent-pref.truste.com https://hire.withgoogle.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://service.force.com https://submit-irm.trustarc.com; font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://consent.trustarc.com; style-src 'unsafe-inline' 'self' https://www.trustarc.com fonts.googleapis.com tagmanager.google.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com https://djtflbt20bdde.cloudfront.net https://service.force.com https://trustarc.secure.force.com; connect-src 'self' https://consent-pref.trustarc.com 846-llz-652.mktoresp.com https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://ec.walkme.com https://translate.googleapis.com https://trackerapi.trustarc.com https://hire.withgoogle.com https://my.yoast.com https://pactsafe.io https://trustarc.secure.force.com; frame-ancestors 'self' https://info.trustarc.com https://download.trustarc.com assess.truste.com assess-stage.truste.com gda-dev.truste-svc.net iapp-doc.trustarc.com https://www.nymity.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/gq 2
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  2
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com 2
media-src 'self' https:; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https:; frame-src 'self' https: https://optimize.google.com; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; upgrade-insecure-requests; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com; font-src 'self' data: https: https://fonts.gstatic.com 2
report-uri /v1/csplog; block-all-mixed-content 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 2
frame-ancestors 'self' *.wildberries.ru 2
default-src 'self' ; img-src 'self'  https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com data: https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com  https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com  https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2 https://*.cybersource.com/  https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://*.optimizely.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ; frame-src 'self' https://cdn.lmiutil.com/ https://b.company-target.com https://*.cybersource.com https://*.lastpass.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com  https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com ;worker-src https://*.lastpass.com blob: 2
frame-ancestors *.leboncoin.fr; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org cdn.curator.io   ; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com scontent.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com pbs.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com; media-src 'self' scontent.cdninstagram.com video.twimg.com; frame-src 'self' www.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com staticxx.facebook.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io; report-uri /report-csp-violation 2
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork 2
frame-ancestors 'self' http://cisco.lookbookhq.com https://cisco.lookbookhq.com http://cisco.pathfactory.com https://cisco.pathfactory.com https://transform.cisco.com http://transform.cisco.com; 2
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com  https://servicenow.highspot.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com *.insider.in blob:; frame-src 'self' *.paytm.com *.insider.in *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 2
frame-ancestors 'self' *.coe.int 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/architectural-digest 2
frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com 2
frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self' badoo.com eu1.badoo.com us1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com   *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src * bds: bdp:; prefetch-src 'self' *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 2
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
frame-ancestors 'self' https://*.eluniverso.com http://*.eluniverso.com https://*.ampproject.net http://*.2mdn.net https://*.2mdn.net 2
frame-ancestors https://*.udacity.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://script.crazyegg.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://static.lightning.force.com https://polyfill.io https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://service.force.com https://urbn.my.salesforce.com https://urbanoutfitters.secure.force.com https://*.googleapis.com https://full-urbanoutfitters.cs23.force.com https://*.cs23.my.salesforce.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://datacloud.tealiumiq.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://user-event-tracker.crazyegg.com https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://cdn.dashhudson.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://ct.pinterest.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://*.cs23.force.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://sample-api-v2.crazyegg.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com https://cdn.honey.io https://cdn.contentful.com https://open.spotify.com https://*.myunidays.com https://*.murdoog.com;frame-ancestors 'none';report-uri https://sentry.io/api/97976/security/?sentry_key=a1bb81efb0c1424ab57d256d26d3bc92 2
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.facebook.com *.sociomantic.com *.twitter.com *.google-analytics.com *.youtube.com *.googletagmanager.com *.everestjs.net *.googletagservices.com connect.facebook.net s.ytimg.com *.recreativ.ru userapi.com js-agent.newrelic.com t.trafmag.com code.jquery.com *.olark.com cpa.trafmag.com trafmag.utarget.ru trafmag.com *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com recreativ.ru rozetka.com.ua clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com youtube.com everestjs.net googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com *.bootstrapcdn.com j-mirror.com.ua proschet.branderstudio.com market.darovec.com s.go-mpulse.net paypartslimit.privatbank.ua calc.delta.branderstudio.com ua.tronsmart.com telegram.me ua.ergo-global.com www.film2.com.ua candyhooverbuyandtry.com.ua goo.gl manychat.com gcdn.tranzzo.com krok-ttc.com/zakaz-uslugi.html static.zdassets.com liqpay.ua payparts2.privatbank.ua hyperxstyle.com instagram.com panasonic-batteries.in.ua zakon.rada.gov.ua *.rozetka.com.ua *.rozetka.ua rozetka.ua; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://checkout.stripe.com https://embed.typeform.com https://admin.typeform.com https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://checkout.stripe.com https://cdn.contentful.com https://images.ctfassets.net https://api.unsplash.com; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://sp.analytics.yahoo.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 2
default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss:; font-src https: data: wss:; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com apollo.verywellhealth.com apollo.local.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2
default-src 'self' https://api.mixpanel.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com/ https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net/ https://cdn.mxpnl.com/ data:; connect-src 'self' https://api.mixpanel.com/ https://scholar.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com/ https://pro.fontawesome.com/; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com; frame-src https://www.googletagmanager.com; object-src 'self' 2
child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.zmags.com;           connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* *.coremetrics.com ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.atechmotorsports.com *.zmags.com;           font-src 'self' data: *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com;           frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.atechmotorsports.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com *.zscalerthree.net *.youtube.com *.hotjar.com *.hotjar.io *.zmags.com;           img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.atechmotorsports.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net *.summit.network;           script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.akamaihd.net *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.summit.network *.summitracing.com *.atechmotorsports.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com *.zscalerthree.net *.hotjar.com *.hotjar.io *.zmags.com *.youtube.com *.ytimg.com *.akamaihd.net;           style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net; 2
frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 2
frame-ancestors 'self' btprt.dj snip.ly 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com *.adyen.com *.aexp-static.com *.akamaihd.net *.americanexpress.com *.branch.io *.brightcove.com *.brightcove.net *.burberry.com *.contentsquare.net *.dca0.com *.doubleclick.net *.fitanalytics.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.ipinyou.com *.klarna.com *.linksynergy.com *.liveperson.net *.lpsnmedia.net *.mathtag.com *.online-metrix.net *.openx.net *.richrelevance.com *.riskified.com *.shoprunner.com *.shoprunner.net *.sonobi.com *.turn.com *.zooz.com adservice.google.com analytics.twitter.com app.link b97.yahoo.co.jp bam.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net ct.pinterest.com d.adroll.mgr.consensu.org d1fc8wv8zag5ca.cloudfront.net hm.baidu.com idsync.rlcdn.com intljs.rmtag.com i.simpli.fi js-agent.newrelic.com mc.yandex.ru p.teads.tv platform.twitter.com po.st rp.gwallet.com s.po.st s.btstatic.com s.pinimg.com s.thebrighttag.com s.yimg.com s.yimg.jp sb.scorecardresearch.com script.crazyegg.com service.maxymiser.net sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com t.a3cloud.net vjs.zencdn.net www.facebook.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com www.ist-track.com x.bidswitch.net x.klarnacdn.net; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; upgrade-insecure-requests; base-uri 'self'; report-uri https://brbws.report-uri.com/r/t/csp/enforce 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com bbox.blackbaudhosting.com olx.britishmuseum.org www.britishmuseum.org maps.googleapis.com cdn.rawgit.com services.postcodeanywhere.co.uk www.youtube.com s.ytimg.com payments.blackbaud.com secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com connect.facebook.net secure.quantserve.com edge.quantserve.com www.google-analytics.com rules.quantcount.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com; img-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com ssl.gstatic.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com maps.gstatic.com maps.googleapis.com cdn.rawgit.com olx.britishmuseum.org secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com www.facebook.com pixel.quantserve.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads static.designmynight.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com ttp://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:;; frame-src 'self' player.vimeo.com payments.blackbaud.com bbox.blackbaudhosting.com sketchfab.com w.soundcloud.com www.youtube.com bookings.designmynight.com www.facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-ancestors 'self'; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:;; connect-src 'self' www.google-analytics.com payments.blackbaud.com olx.britishmuseum.org bookings.designmynight.com www.facebook.com facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 2
default-src *.chowhound.com *.cbsinteractive.com cbsinteractive.com blob: *.chowhound.com https: 'unsafe-inline' 'unsafe-eval'; script-src blob: *.chowhound.com https: data: 'unsafe-inline' 'unsafe-eval'; media-src http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com http://canhls.cbs.com cbs-hls.akamaized.net blob: *.chowhound.com data: video https:; font-src *.chowstatic.com *.cbsistatic.com vidtech.cbsinteractive.com rev.cbsi.com fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: ; connect-src http://canhls.cbs.com http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com cbs-hls.akamaized.net https:; img-src https: data: http://thumbnails.cbsig.net; frame-src https:; frame-ancestors *.chowhound.com *.google.com *.ampproject.org; form-action https: http://*.chow.com http://*.chowhound.com; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 2
default-src * 'unsafe-inline'; frame-ancestors 'self'; img-src * data: blob:; media-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw 2
connect-src 'self' https://my.yoast.com https://app.sgwidget.com https://sgwidget.leaderapps.co;default-src 'none';font-src 'self' https://brave.com https://fonts.gstatic.com data:;frame-ancestors 'self' chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd https://blog.batcommunity.org;frame-src 'self' https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://public.tableau.com https://www.slideshare.net https://docs.google.com https://www.youtube-nocookie.com;img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://secure.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://brave.com https://djtflbt20bdde.cloudfront.net https://maps.googleapis.com https://analytics.brave.com https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com https://app.sgwidget.com https://sgwidget.leaderapps.co;style-src 'self' 'unsafe-inline' https://brave.com https://fonts.googleapis.com; object-src 'self'; upgrade-insecure-requests 2
object-src 'none' ; base-uri 'self' ;img-src https: http: blob: data: ; frame-src https://* https://www.google.com/recaptcha/ ; font-src 'self' https://marketing-cdn.hightail.com https://* http://* data: ; script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://cdn.heapanalytics.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/ data https://marketing-cdn.hightail.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com api.consumerfinance.gov; default-src 'self'; font-src 'self' data: fast.fonts.net fonts.google.com fonts.gstatic.com files.consumerfinance.gov; style-src 'self' 'unsafe-inline' fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; img-src 'self' www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net files.consumerfinance.gov img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com; frame-src 'self' *.googletagmanager.com *.google-analytics.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com; connect-src 'self' *.google-analytics.com *.tiles.mapbox.com bam.nr-data.net files.consumerfinance.gov s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com 2
frame-ancestors 'self' www.googletagmanager.com *.doubleclick.net *.fls.doubleclick.net pixel-a.basis.net secure.img-cdn.mediaplex.com pixel.dsp.townsquaremedia.com insight.adsrvr.org pixel-a.basis.net www.oesv.at www.mlp-academics-heidelberg.de www.skiweltcup-dresden.de apps.de.etix.com; 2
frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 2
frame-ancestors 'self' https://*.sproutsocial.com; 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.gstatic.com  *.icontact.com icontact.com  *.addthisedge.com  cdn.syndication.twimg.com *.addthis.com platform.twitter.com  geolocation.onetrust.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu  *.nationalacademies.org *.amazon-adsystem.com *.jquery.com *.adnx.com; object-src 'self' 'unsafe-eval' *.gstatic.com *.icontact.com icontact.com  cdn.syndication.twimg.com *.addthisedge.com *.addthis.com platform.twitter.com *.googleaps.com geolocation.onetrust.com *.googletagmanager.com *.google.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu  *.nationalacademies.org *.amazon-adsystem.com *.jquery.com *.adnx.com 2
default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com snap.licdn.com px.ads.linkedin.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' https://snap.licdn.com assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src   data: 'self' fonts.gstatic.com;     img-src 'self' data: asset.piraeusbank.gr 'unsafe-inline'  assets.piraeusbank.gr   px.ads.linkedin.com https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js 2
default-src 'self' https://www.youtube.com https://analytics.gpo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' https://www.youtube.com; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.gpo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self' https://www.youtube.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 2
frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=cmscache 2
referrer unsafe-url; source-src none 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 2
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com; 2
default-src 'self'; script-src 'self' c.mql5.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com https://c.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com test-api.sumsub.com api.sumsub.com www.paypalobjects.com js.braintreegateway.com www.paypal.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru trade.mql5.com blob: *.tile.openstreetmap.org connect.facebook.net www.facebook.com https://c.paypal.com https://b.stats.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com t.paypal.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com connect.facebook.net www.facebook.com https://www.google-analytics.com www.paypal.com payments.sandbox.braintree-api.com api.sandbox.braintreegateway.com origin-analytics-sand.sandbox.braintree-api.com; frame-src 'self' c.mql5.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com https://c.paypal.com https://bid.g.doubleclick.net test-api.sumsub.com api.sumsub.com www.sandbox.paypal.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; child-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 2
object-src 'self' blob: 2
style-src 'self' 'unsafe-inline'; 2
frame-ancestors https://*.wm.com 2
frame-ancestors 'self' *.jetstar.com/; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com apollo.verywellfit.com apollo.local.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 2
upgrade-insecure-requests; default-src * data: blob: *.medallia.eu https://hello.myfonts.net/count/39cfed; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.medallia.eu https://cdn.tt.omtrdc.net https://stmicroelectronics.tt.omtrdc.net *.nrich.ai *.speedcurve.com *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://hello.myfonts.net/count/39cfed https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn browser-update.org *.blob.core.windows.net *.adobedtm.com *.demandbase.com *.s3.amazonaws.com *.ads.linkedin.com *.onetrust.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://connect.facebook.net; style-src * data: blob: *.medallia.eu 'unsafe-inline' https://hello.myfonts.net/count/39cfed; connect-src 'self' *.medallia.eu *.nrich.ai *.speedcurve.com https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://hello.myfonts.net/count/39cfed https://privacyportal-de.onetrust.com/request/v1/consentreceipts* *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn *.demandbase.com *.company-target.com *.s3.amazonaws.com https://api.ipify.org https://stmicroelectronics.tt.omtrdc.net https://dpm.demdex.net 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st px.ads.linkedin.com po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net www.netapp.com dpm.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com googletagservices.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.cdnwidget.com *.rlcdn.com *.flixsyndication.net *.adobe.com *.hotjar.io *.eloqua.com *.swogo.net *.swogo.com *.gstatic.com dzcse0jfd3c6i.cloudfront.net *.ensighten.com p11.techlab-cdn.com dzcse0jfd3c6i.cloudfront.net app.leadsrx.com *.turnto.com; style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com cdw.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com blob: *.typekit.net *.adobe.com dzcse0jfd3c6i.cloudfront.net dzcse0jfd3c6i.cloudfront.net *.turnto.com; img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com cdw.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com dpm.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com www.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com loadm.exelator.com insight.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net df7xs8p1yjitw.cloudfront.net *.core.windows.net dzcse0jfd3c6i.cloudfront.net p11.techlab-cdn.com dzcse0jfd3c6i.cloudfront.net wac.edgecastcdn.net; frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.liveclicker.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com cl.s4.exct.net; font-src 'self' 'unsafe-inline' *.cdw.com cdw.needle.com *.googleapis.com *.cnetcontent.com *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com data: *.flixsyndication.net *.typekit.net *.adobe.com dzcse0jfd3c6i.cloudfront.net dzcse0jfd3c6i.cloudfront.net; connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com dpm.demdex.net *.d41.co vault.pactsafe.io pactsafe.io t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.swogo.net *.swogo.com dzcse0jfd3c6i.cloudfront.net p11.techlab-cdn.com dzcse0jfd3c6i.cloudfront.net app.leadsrx.com *.turnto.com; object-src 'self' a.sellpoint.net; worker-src 'self' blob: dzcse0jfd3c6i.cloudfront.net; media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com www.youtube.com blob: *.flixsyndication.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.hotjar.com https://*.ravelrycache.com https://*.chatlio.com https://*.hotjar.com https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com https://ban.nr-data.net bam.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com  https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.gstatic.com; frame-src 'self' https://*.facebook.com https://*.hotjar.com  https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 2
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: https: blob: https://d.la2-c2-ord.salesforceliveagent.com https://logs1125.xiti.com https://www.google-analytics.com https://cdn.optimizely.com https://api.demandbase.com https://app-ab02.marketo.com https://www.googletagmanager.com https://magpie-static.ugc.bazaarvoice.com https://apc.ugc.bazaarvoice.com https://code.jquery.com ; 2
default-src *.mcmaster.com blob:; connect-src *.mcmaster.com *.brightcove.com *.brightcovecdn.com *.boltdns.net csi.gstatic.com translate.googleapis.com wss:; font-src *.mcmaster.com hello.myfonts.net fonts.gstatic.com data:; frame-src *.mcmaster.com www.youtube.com data:; img-src *.mcmaster.com *.brightcove.com *.boltdns.net android-webview-video-poster data:; media-src *.mcmaster.com *.boltdns.net blob:; object-src *.mcmaster.com blob:; script-src *.mcmaster.com *.zencdn.net *.brightcove.net *.brightcove.com 'unsafe-inline' hello.myfonts.net translate.google.com translate.googleapis.com; style-src *.mcmaster.com 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; worker-src *.mcmaster.com blob:; report-uri /ContentSecurityPolicy.aspx; 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu; frame-src *.youtube.com *.twitter.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu ; connect-src https://cercador.upc.edu 'self' 2
default-src 'self' ws://localhost:* data: 'unsafe-eval' 'unsafe-inline' https://app.youneedabudget.com localhost:* *.youneedabudget.com marketing-youneedabudgetco.netdna-ssl.com sslcdn-youneedabudgetco.netdna-ssl.com youneedabudget.helpscoutdocs.com hello.myfonts.net  https://static.airtable.com/js/embed/ https://zapier.com/apps/embed/widget.js *.amplitude.com *.mparticle.com https://api.rollbar.com sdk.iad-03.appboy.com *.adroll.com d.adroll.mgr.consensu.org https://*.cdnbasket.net/ https://ids.cdnwidget.com/c https://pixel.cdnwidget.com/cdn/c.min.js https://cdn.pdst.fm/ping.min.js https://us-central1-adaptive-growth.cloudfunctions.net/sink s.ytimg.com *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.helpscout.net *.pinterest.com *.pusher.com *.quora.com *.soundcloud.com *.sumologic.com *.twitter.com *.youtube.com accounts.google.com apis.google.com d3hb14vkzrxvla.cloudfront.net djtflbt20bdde.cloudfront.net https://ajax.cloudflare.com https://api.cloudinary.com https://api.getgo.com https://api.ipify.org https://cdnjs.cloudflare.com https://docs.google.com https://giphy.com/ https://s.pinimg.com https://youneedabudget.us11.list-manage.com optimize.google.com player.vimeo.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io *.intercomcdn.com *.intercomusercontent.com www.google.au www.google.be www.google.ca www.google.ch www.google.co.in www.google.co.nz www.google.co.uk www.google.com.br www.google.com.mx www.google.com.ph www.google.com.sg www.google.com www.google.de www.google.es www.google.fr www.google.ie www.google.nl www.google.no www.google.pl www.google.ru;frame-ancestors http://localhost:* *.youneedabudget.com;frame-src 'self' accounts.google.com airtable.com doubleclick.net staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com optimize.google.com;img-src data: *;font-src 'self' data: fonts.gstatic.com *.intercomcdn.com sslcdn-youneedabudgetco.netdna-ssl.com *.youneedabudget.com 2
frame-ancestors https://eu1-ifwe.3dexperience.3ds.com https://eu1-215dsi0708-ifwe.3dexperience.3ds.com http://sw.local:81 http://sw2.local:81 https://sw2.local:4444 https://solidworks.com https://www-dev.itvpc.solidworks.com https://www-qal.itvpc.solidworks.com https://www-ppd.itvpc.solidworks.com https://www-contrib.itvpc.solidworks.com https://www.solidworks.com 2
frame-ancestors self googletagmanager.com 2
script-src *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net consent.truste.com api.demandbase.com assets.adobedtm.com stats.g.doubleclick.net www.googleadservices.com cm.g.doubleclick.net dpm.demdex.net snap.licdn.com global.cognizant.com px.ads.linkedin.com trackcmp.net amplify.outbrain.com 2899686.fls.doubleclick.net api.company-target.com d.company-target.com segments.company-target.com pixel.advertising.com s.ytimg.com www.linkedin.com *.doubleclick.net match.adsrvr.org  fonts.gstatic.com msdn.microsoft.com ajax.googleapis.com api.soundcloud.com cdnjs.cloudflare.com *.AKAMAIHD.NET *.akamai.edgekey.net public.inpwrd.com consent.trustarc.com *.cognizant.co.jp cognizant.co.jp www.gstatic.com www.google.com in.taskanalytics.com v2.listenloop.com web-analytics.engagio.com api.company-target.com dn1f1hmdujj40.cloudfront.net digitally.cognizant.com t.contentsquare.net code.jquery.com app.hubspot.com js.hsleadflows.net js.usemessages.com js.hs-analytics.net bat.bing.com go.pardot.com t.contentsquare.net c.contentsquare.net l.contentsquare.net *.contentsquare.net 'unsafe-inline' 'unsafe-eval' data: 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu *.pusherapp.com *.pusher.com; media-src 'self' https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net; object-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 2
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 2
default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net www.appannie.com ;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 2
allow 'self'; options inline-script 2
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 2
frame-ancestors 'self' libertystreeteconomics.newyorkfed.org; 2
default-src 'self'; frame-ancestors 'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com  https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' ; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com/ https://tajs.qq.com https://www.zblogcn.com https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js; style-src 'self' 'unsafe-inline' https://*.zblogcn.com; img-src 'self' https://* data: 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src data: *.3lift.com about *.addthis.com *.adnxs.com *.adroll.com *.adroll.mgr.consensu.org *.advertising.com *.amazon-adsystem.com beacon.krxd.net *.bidswitch.net *.casalemedia.com chat.is.cc *.cj.com code.jquery.com connect.facebook.net countmake.cool d.adroll.com d.adroll.mgr.consensu.org *.dca0.com device.maxmind.com *.doubleclick.net dpm.demdex.net *.emjcd.com *.facebook.com facebook.com *.facebook.net fcmatch.youtube.com gjtrack.ucweb.com *.googleadservices.com *.google-analytics.com google-analytics.com *.googleapis.com *.google.bs *.google.ca *.google.cl *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.com *.google.com.au *.google.com.eg *.google.com.hk *.google.com.jm *.google.com.mx *.google.com.ng *.google.com.np *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn *.google.co.uk *.google.de *.google.dk *.google.dz *.google.fi *.google.ie *.google.iq *.google.it *.google.kz *.google.lk *.google.lv *.google.nl *.google.pl *.google.rs *.google.ru *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io http://*.googleapis.com innertell.com *.interserver.net interserver.net *.is.cc loadm.exelator.com match.adsrvr.org match.rundsp.com *.maxmind.com mixappdev.com *.mmapiws.com mozbar.moz.com *.msn.com object.center *.openx.net *.outbrain.com p.adsymptotic.com pippio.com pixel.quantserve.com plugin.ucads.ucweb.com pm.w55c.net *.pubmatic.com rasenalong.com recaptcha.net *.rlcdn.com *.rubiconproject.com s.adroll.com sb.scorecardresearch.com s.dca0.com sealserver.trustwave.com secure.insightexpressai.com server.iad.liveperson.net *.softaculous.com ssl.google-analytics.com sync.mathtag.com sync-tm.everesttech.net *.taboola.com tags.bluekai.com tags.rd.linksynergy.com tag.yieldoptimizer.com usermatch.krxd.net www.facebook.com www.google-analytics.com www.gravatar.com www.innertell.com www.interserver.net *.yahoo.com 'unsafe-inline' 'unsafe-eval'; img-src *; media-src *; font-src *; report-uri https://mynew.interserver.net/csp.php 2
default-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov *.w.internal.r1s-prod.com 'self' blob: ; script-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.ravenjs.com https://sentry.io https://www.google.com/recaptcha/ https://connect.facebook.net https://*.sharethis.com https://www.ssa.gov 'unsafe-eval' 'unsafe-inline' ; style-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://use.fontawesome.com https://*.mapbox.com https://mapbox.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline' ; img-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://stats.g.doubleclick.net https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://ridb.recreation.gov https://fs.usda.gov https://www.fs.usda.gov https://*.staticflickr.com https://*.googleusercontent.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.siteintercept.qualtrics.com https://co1.qualtrics.com https://siteintercept.qualtrics.com https://*.sharethis.com https://s3.amazonaws.com/sharethis-socialab-prod/ 'self' data: blob: ; media-src https://www.nps.gov https://www.youtube.com https://youtu.be 'self' ; font-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://fonts.gstatic.com https://use.fontawesome.com; connect-src https://recreation.gov https://*.recreation.gov https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.recreation.gov https://*.mapbox.com https://mapbox.com https://freegeoip.net https://*.launchdarkly.com https://sentry.io https://siteintercept.qualtrics.com https://*.sharethis.com 'self' ; object-src 'self' blob: ; worker-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com 'self' blob: ; frame-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com https://tagmanager.google.com https://www.googletagmanager.com https://*.consensu.org 'self' blob: ; 2
frame-ancestors vanderbilt.edu/AEA 'self' 2
default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' v2.zopim.com data:; script-src 'self' www.google-analytics.com www.googletagmanager.com v2.zopim.com widget-mediator.zopim.com static.zdassets.com www.google.com www.gstatic.com ssl.gstatic.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net www.bing.com bat.bing.com www.redditstatic.com; img-src 'self' www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net v2.zopim.com v2.zopim.io v2assets.zopim.io data: www.google.com www.gstatic.com ssl.gstatic.com www.bing.com bat.bing.com www.reddit.com alb.reddit.com; connect-src 'self' wss://v2.zopim.com wss://widget-mediator.zopim.com https://v2.zopim.com https://widget-mediator.zopim.com https://www.google-analytics.com https://ekr.zdassets.com wss://ekr.zdassets.com; frame-src v2.zopim.com www.google.com; media-src v2.zopim.com; frame-ancestors 'none' 2
frame-ancestors https://pam.mcafee.com 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com  https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2
frame-ancestors 'self' *.svd.se; default-src https: data: blob: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com performance.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com; img-src 'self' data: about: 1.tl813.com *.leadlander.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' assets-cdn.github.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.soundcloud.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.com e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com; frame-ancestors 'self' www.logees.com *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' cors-anywhere.herokuapp.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
default-src 'self'; media-src 'self' https://storage.googleapis.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.snapchat.com/ https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/; connect-src 'self' https://www.snapchat.com/; script-src 'self' https://www.google-analytics.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://images.bitmoji.com; report-uri https://csp-central.appspot.com/report_csp; 2
object-src 'none'; default-src * 'unsafe-eval' 'unsafe-inline' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.gstatic.com data: 2
connect-src 'self' https://*.google-analytics.com https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; report-uri https://www.index-education.com/violationReportCSP.php;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr data:; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src * 2
child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 2
img-src https: data:; object-src 'none'; default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: ; img-src data: https: ; font-src data: https: ; worker-src https: blob: 2
frame-ancestors https://*.ionos.fr https://ionos.fr; 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar alpha.viapais.com.ar *.alpha.viapais.com.ar beta.viapais.com.ar *.beta.viapais.com.ar prepro.viapais.com.ar *.prepro.viapais.com.ar cdn.ampproject.org *.cdn.ampproject.org google.com *.google.com google.com.ar *.google.com.ar; 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex;img-src * data:;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru cdn7.rocks hgbn.rocks hgbn.rocks cdn7.rocks 2f9ffee6ab81a74.com https://mc.yandex.ru http://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com yastatic.net;child-src 'self' blob: 2
frame-ancestors http://crackstreams.com http://nbastreams.xyz http://crackstreams.ga 2
default-src 'self' * 'unsafe-eval' 'unsafe-inline' data: filesystem: blob:; object-src *.cloudfront.net; 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 2
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 2
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com; script-src *.scryfall.com checkout.stripe.com www.google-analytics.com 'unsafe-eval'; img-src *.scryfall.com *.stripe.com www.google-analytics.com data:; font-src *.scryfall.com; manifest-src *.scryfall.com; connect-src api.scryfall.com scryfall.com www.google-analytics.com checkout.stripe.com; block-all-mixed-content; 2
img-src data: https:;script-src  'unsafe-inline' 'unsafe-eval' https:;style-src  'unsafe-inline' 'unsafe-eval' https: 2
frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appdynamics.com https://*.cloudfront.net https://api.usabilla.com https://googleads.g.doubleclick.net https://googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://nconnect.facebook.net https://www.youtube.com https://w.usabilla.com https://scripts.nwebsec.com https://www.google.com https://static.doubleclick.net https://api.wunderground.com https://pym.nprapps.org https://cdnssl.clicktale.net https://connect.facebook.net https://maps.googleapis.com https://*.iperceptions.com https://az452423.vo.msecnd.net https://ips-invite.iperceptions.com https://syndication.twitter.com https://s.ytimg.com https://iperceptions01.azureedge.net https://dnn506yrbagrg.cloudfront.net https://www.gstatic.com https://bat.bing.com https://static.cmptch.com https://s.adroll.com https://d.adroll.com https://media.zoomprospector.com https://*.appdynamics.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://ve-cec-na1.app.clicktale.com blob: https://*.aspnetcdn.com https://*.clicktale.net https://*.clicktale.com;object-src 'self' https://www.applianceserviceplan.com;style-src 'self' 'unsafe-inline' https://www.youtube.com https://www.fonts.googleapis.com https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com/debug/css.css;img-src 'self' https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://www.facebook.com https://*.cloudfront.net https://bat.bing.com https://conductor.clicktale.net https://gtrk.s3.amazonaws.com https://hit.uptrendsdata.com https://i.vimeocdn.com https://ips-img.iperceptions.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://stats.g.doubleclick.net https://w.usabilla.com https://www.googletagmanager.com https://www.google.ca https://www.google.co.in https: data:;media-src 'self' https:;frame-src https://*.iperceptions.com https://connect.facebook.net https://ipn2.paymentus.com https://na-sj06.marketo.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://tagmanager.google.com https:;font-src 'self' https://fonts.gstatic.com https://cdn.joinhoney.com https: data:;connect-src 'self' https://conductor.clicktale.net https://ing-district.clicktale.net https://api.iperceptions.com https://col.eum-appdynamics.com https://hit.uptrendsdata.com https://stats.g.doubleclick.net https://www.google-analytics.com https:;child-src 'self' https://www.googletagmanager.com https://ipn2.paymentus.com https://connect.facebook.net https://www.google.com https://*.iperceptions.com https://tagmanager.google.com https://www.youtube.com https: blob:;frame-ancestors 'self' https:;worker-src https://cdnssl.clicktale.net https: data: blob:;report-uri /webapi/reporting/csp 2
frame-ancestors 'self' dev.edugouv.adyax-dev.com stage.edugouv.adyax-dev.com test.back.tandem.education.gouv.fr isoprod.back.tandem.education.gouv.fr back.tandem.education.gouv.fr 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com; script-src 'self' https://gab.com 2
connect-src consumer.krxd.net https://connect.facebook.net cgchat.callguide.telia.com 'self' pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com stats.g.doubleclick.net www.google.se; default-src localhost:41680 'self'; font-src https://fonts.gstatic.com 'self' data:; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com www.youtube.com go.pardot.com youtube.com; img-src img.youtube.com https://optimize.google.com 'self' https://www.facebook.com stats.g.doubleclick.net www.google.se beacon.krxd.net d6tizftlrpuof.cloudfront.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com gentle-tor-21016.herokuapp.com data: media.krxd.net www.google-analytics.com; report-uri /.api/csp-report/v1/report?teamId=c7285fd5-e64175ae-358eb00b; script-src consumer.krxd.net https://connect.facebook.net https://tagmanager.google.com 'unsafe-inline' https://optimize.google.com 'self' cdn.krxd.net https://www.facebook.com beacon.krxd.net cdn.pardot.com d6tizftlrpuof.cloudfront.net www.googletagmanager.com core.dch.got.telia.se *.usabilla.com gentle-tor-21016.herokuapp.com 'unsafe-eval' pi.pardot.com media.krxd.net www.google-analytics.com; style-src https://tagmanager.google.com 'unsafe-inline' d6tizftlrpuof.cloudfront.net https://optimize.google.com 'self' core.dch.got.telia.se gentle-tor-21016.herokuapp.com media.krxd.net https://fonts.googleapis.com 2
script-src 'self' https://*.nfb.ca https://*.onf.ca https://cdnjs.cloudflare.com https://player.vimeo.com https://maps.googleapis.com https://graph.facebook.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com connect.facebook.net *.google-analytics.com sb.scorecardresearch.com widget.surveymonkey.com apis.google.com cdnapisec.kaltura.com cdnapi.kaltura.com widget.surveymonkey.com www.gstatic.com js.adsrvr.org survey.g.doubleclick.net https://www.google.com https://adservice.google.ca https://survey.g.doubleclick.net; style-src 'self' https://*.nfb.ca https://*.onf.ca https://cdnjs.cloudflare.com 'unsafe-inline' hello.myfonts.net fonts.googleapis.com tagmanager.google.com https://www.google.com; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca; default-src 'none'; frame-src 'self' https://*.google.com https://www.gstatic.com https://www.facebook.com https://insight.adsrvr.org https://esqa.moneris.com https://www3.moneris.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://*.nfb.ca https://*.onf.ca https://player.twitch.tv; worker-src 'self' *.onf.ca *.nfb.ca https://*.kaltura.com blob:; img-src 'self' sb.scorecardresearch.com b.scorecardresearch.com *.google-analytics.com cfvod.kaltura.com www.facebook.com http://*.onf.ca http://*.nfb.ca https://*.onf.ca https://*.nfb.ca https://*.kaltura.com stats.g.doubleclick.net *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://interactive-cms-dev.s3.amazonaws.com http://*.gravatar.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net; media-src 'self' https://*.onf.ca https://*.nfb.ca https://*.kaltura.com https://dkyhanv6paotz.cloudfront.net blob:; object-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com https://www.facebook.com https://s3.amazonaws.com *.google-analytics.com; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com cdnapi.kaltura.com cdnapisec.kaltura.com data: 2
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 2
frame-ancestors *.waves.com 2
frame-ancestors 'self' *.eur.nl 2
default-src 'none'; img-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com  https://images.ctfassets.net https://downloads.ctfassets.net https://www.gstatic.com https://ssl.gstatic.com https://platform.twitter.com https://obs.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.cookielaw.org; media-src 'self' https://videos.ctfassets.net https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://cookies.onetrust.mgr.consensu.org https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://cdn.contentful.com https://preview.contentful.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://sentry.io https://cdn.cookielaw.org https://api.twitter.com; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com data: https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://github.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com/ https://platform.twitter.com https://ton.twimg.com; manifest-src 'self'; worker-src 'self'; child-src 'self'; upgrade-insecure-requests 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com apollo.byrdie.com apollo.local.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 2
default-src 'self' 'https://platform.twitter.com/widgets.js' assets.paystack.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vfloS5Wsk/www-widgetapi.js *.newrelic.com  https://www.youtube.com/player_api *.amplitude.com/ 'unsafe-inline'; frame-src https://www.youtube.com; upgrade-insecure-requests 2
default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com; font-src 'self' data: kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net; 2
default-src 'self'  data: blob:;                                                                     img-src 'self' 'unsafe-inline' data: blob:                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.youtube.com/                          https://youtube.com/                      https://t.ssl.ak.dynamic.tiles.virtualearth.net/                                                                             https://syndication.twitter.com/                                                                             https://platform.twitter.com/css/                                                                             https://abs.twimg.com/emoji/                                                                             https://pbs.twimg.com/profile_images/                                                                             https://pbs.twimg.com/media/                    https://*.audioeye.com/                                                                             ;                                                                      script-src 'self' 'unsafe-inline' 'unsafe-eval'                                                                              https://www.google.com/recaptcha/                                                                              https://www.gstatic.com/recaptcha/                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                           https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://platform.twitter.com/widgets.js                                                                             https://platform.twitter.com/js/                                                                             https://cdn.syndication.twimg.com/timeline/                    https://*.audioeye.com/                  ;                                                                     child-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                     ;                                                                     frame-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                       https://*.audioeye.com/                  ;                                                                     style-src 'self' 'unsafe-inline'                                                                              https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://platform.twitter.com/css/                    https://*.audioeye.com/                           ;                                                                     connect-src 'self'                                                                             https://www.bing.com/maps/                                                                             https://www.bing.com/fd/ls/                    https://*.audioeye.com/                                                                             ;                                                                     font-src 'self' data: blob:                                                                            https://*.audioeye.com/                                   ;                                                                     media-src 'self'                                                                           https://*.audioeye.com/ 2
frame-ancestors https://*.crashplan.com https://*.crashplan.com:4285 https://*.crashplanpro.com https://*.crashplanpro.com:4285 https://*.code42.com https://*.code42.com:4285; 2
'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.utsouthwestern.edu *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-26088679-2&cid=63721755.1556120185&jid=1696534874&gjid=798484853&_gid=1792316821.1557158687&_u=QCCAgAABAAAAAE~&z=1682155712 https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu *.hotjar.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 2
frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 2
connect-src *; frame-src *; media-src blob: https:; style-src * 'unsafe-inline'; 2
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
frame-ancestors 'self' intertops.eu www.intertops.eu sblp.intertops.eu sports.intertops.eu poker.intertops.eu casino.intertops.eu classic.intertops.eu lobby.intertops.eu:2072 account.intertops.eu 2
frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www.zyxel.ch https://www.zyxel.fr https://www12.zyxel.com 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com *.whiteboard.is marketo.net *.marketo.net marketo.com *.marketo.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com unpkg.com rtb123.com *.rtb123.com *.cybba.solutions *.cybba.us storage.googleapis.com rmtag.com *.rmtag.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com *.mktoresp.com *.facebook.com; 2
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src https: wss: 2
default-src 'self'  'unsafe-inline'  'unsafe-eval' i.4see.mobi ; script-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com http://tags.srv.stackadapt.com https://tags.srv.stackadapt.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com/ https://code.jquery.com/ http://assets.adobedtm.com https://assets.adobedtm.com http://cdn.optimizely.com https://cdn.optimizely.com http://use.typekit.net https://use.typekit.net http://fast.fonts.net/ https://fast.fonts.net/ http://gateway.answerscloud.com/ https://gateway.answerscloud.com/ http://*.foresee.com https://*.foresee.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://js.clickequations.net https://js.clickequations.net http://connect.facebook.net https://connect.facebook.net http://az416426.vo.msecnd.net/ https://az416426.vo.msecnd.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://localhost https://localhost http://localhost:* https://localhost:* http://*.googleapis.com https://*.googleapis.com http://*.inspectlet.com https://*.inspectlet.com http://*.openweathermap.org https://*.openweathermap.org http://*.sharethis.com https://*.sharethis.com http://*.sharethis.com https://*.sharethis.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://*.xg4ken.com https://*.xg4ken.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://*.bing.com https://*.bing.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.instagram.com  http://banfield-assets.azureedge.net https://banfield-assets.azureedge.net  http://banfield-images.azureedge.net https://banfield-images.azureedge.net  http://banfield-scripts.azureedge.net https://banfield-scripts.azureedge.net  https://remote.vroptimal-3dx-assets.com/ https://gateway.foresee.com/ i.4see.mobi https://cdn.schemaapp.com/ https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js ; connect-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com blob: 'self' 'unsafe-inline' 'unsafe-eval' http://logx.optimizely.com/log/event https://logx.optimizely.com/log/event http://*.visualstudio.com https://*.visualstudio.com http://localhost https://localhost http://*.inspectlet.com https://*.inspectlet.com http://*.typekit.net https://*.typekit.net http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com http://*.sharethis.com https://*.sharethis.com http://*.optimizely.com https://*.optimizely.com https://analytics.foresee.com https://brain.foresee.com https://4seeresults.com https://foreseeresults.com https://www.google-analytics.com https://ssl.google-analytics.com/ i.4see.mobi https://device.4seeresults.com https://srv.stackadapt.com/ https://tags.srv.stackadapt.com https://ssl.google-analytics.com/ https://www.google.com/ https://data.schemaapp.com/ https://c.sharethis.mgr.consensu.org/ http://*.foresee.com https://*.foresee.com https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js ; frame-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://prd01.launch.banfield.com/ https://checkout.globalgatewaye4.firstdata.com/payment 'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://www.google.com/ https://www.google.com/ http://www.youtube.com https://www.youtube.com http://gateway.answerscloud.com https://gateway.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.facebook.com https://*.facebook.com http://*.adobedtm.com https://*.adobedtm.com http://*.doubleclick.net https://*.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net http://*.sharethis.com https://*.sharethis.com http://*.rallybound.org https://*.rallybound.org http://*.cdn.optimizely.com https://*.cdn.optimizely.com http://sketchfab.com/ https://sketchfab.com/ http://*.cloudfront.net/ https://*.cloudfront.net/ https://demo.globalgatewaye4.firstdata.com/ https://www.vroptimal-3dx-assets.com/ https://static.vroptimal-3dx-assets.com/ https://connect.facebook.net/ i.4see.mobi https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com ; img-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval' http://*.cloudflare.com https://*.cloudflare.com blob: http://*.iatspayments.com https://*.iatspayments.com http://*.bidswitch.net https://*.bidswitch.net http://*.adnxs.com https://*.adnxs.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://centro.pixel.ad https://centro.pixel.ad http://beacon.clickequations.net/ https://beacon.clickequations.net/ http://www.google.com https://www.google.com http://*.banfield.com https://*.banfield.com http://www.facebook.com https://www.facebook.com http://maps.googleapis.com https://maps.googleapis.com http://*.gstatic.com https://*.gstatic.com http://pixel.sitescout.com/ https://pixel.sitescout.com/ http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://media.banfield.com https://media.banfield.com http://*.doubleclick.net https://*.doubleclick.net http://*.typekit.net https://*.typekit.net http://*.4seeresults.com https://*.4seeresults.com http://*.foreseeresults.com https://*.foreseeresults.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.truste.com https://*.truste.com http://*.googleadservices.com https://*.googleadservices.com http://*.xg4ken.com https://*.xg4ken.com http://*.sharethis.com https://*.sharethis.com http://*.bing.com https://*.bing.com http://*.azureedge.net https://*.azureedge.net http://sb.scorecardresearch.com/ https://sb.scorecardresearch.com/ https://foresee.mobi https://static.foresee.com/ https://gateway.foresee.com/ i.4see.mobi https://i.liadm.com/ https://pixel.rubiconproject.com/ https://pixel.advertising.com/ https://simage2.pubmatic.com/ https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js ; style-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com http://*.fonts.net/ https://*.fonts.net/ 'self' http://*.iatspayments.com https://*.iatspayments.com 'unsafe-inline' 'unsafe-eval' http://*.fonts.net https://*.fonts.net http://fast.fonts.net https://fast.fonts.net http://*.banfield.com https://*.banfield.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.sharethis.com https://*.sharethis.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net http://*.azureedge.net https://*.azureedge.net https://gateway.foresee.com i.4see.mobi https://cdn.jsdelivr.net https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js ; font-src https://scontent.cdninstagram.com https://p.typekit.net https://*.juicer.io https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com  https://use.typekit.net  https://data.schemaapp.com 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.net https://fast.fonts.net http://*.gstatic.com https://*.gstatic.com http://use.typekit.net https://use.typekit.net http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://*.azureedge.net https://*.azureedge.net http://*.optimizely.com https://*.optimizely.com i.4see.mobi https://cdnjs.cloudflare.com http://*.foresee.com https://*.foresee.com https://banfield-scripts.azureedge.net/ https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js ;   2
default-src https: 'unsafe-eval' 'unsafe-inline' data:; 2
frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 2
report-uri /report-csp; connect-src 'self' *; font-src data: 'self'; child-src https://*.n26.com https://n26.com https://www.youtube.com https://boards.greenhouse.io https://pixel.mathtag.com/ https://tr.snapchat.com; img-src 'self' images.ctfassets.net images.contentful.com https://cdn.number26.de https://api.tech26.de https://api.tech26.us https://*.greenhouse.io data: *; media-src videos.ctfassets.net videos.contentful.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://n26-trusted.n26.com https://polyfill.io https://www.youtube.com https://s.ytimg.com https://boards.greenhouse.io *; style-src 'unsafe-inline' tagmanager.google.com; default-src * 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; 2
frame-ancestors https://metropcs.mobi https://www.metropcs.mobi https://*.metrobyt-mobile.com https://metropcs.mobileposse.com/; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
frame-ancestors 'self' http://*.vodafone.com http://*.vodafone.it https://*.vodafone.com https://*.vodafone.it 2
frame-ancestors https://*.uwhealth.org https://*.uwhealthkids.org https://*.med.wisc.edu https://*.uwhealth.wisc.edu 2
frame-ancestors kink.com 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
font-src 'self' offerswidget.visa.com *.gstatic.com data:; img-src 'self' google-analytics.com offerswidget.visa.com chatbot.bankofindia.co.in www.visa.com *.gstatic.com *.googleapis.com *.rupay.co.in data:;default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.gstatic.com  'unsafe-inline' 'unsafe-eval'  style-src 'self' offerswidget.visa.com chatbot.bankofindia.co.in script-src 'self' offerswidget.visa.com chatbot.bankofindia.co.in 2
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 2
default-src * blob:; child-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
frame-ancestors www.newwavecom.com 2
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com checkout.stripe.com cdn.plaid.com maps.googleapis.com cdn.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-zHMpQJiR6TH7azasrorKkYptGQpPYMAnG6JSoBRbZtw=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc='; style-src track.easypost.com 'unsafe-inline' assets.easypost.com www.gstatic.com; img-src track.easypost.com assets.easypost.com assets.track.easypost.com ec.walkme.com cdn.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net www.google-analytics.com www.gstatic.com q.stripe.com brand.easypostpartnercontent.com www.googletagmanager.com ssl.google-analytics.com data: easypost.zendesk.com easypost-fulfillment.zendesk.com; font-src assets.easypost.com track.easypost.com fonts.gstatic.com data:; connect-src https://www.google.com track.easypost.com www.easypost.com assets.easypost.com www-canary.easypost.com usps.easypost.com checkout.stripe.com www.google-analytics.com boards-api.greenhouse.io ec.walkme.com rapi.walkme.com papi.walkme.com sentry.io; worker-src assets.easypost.com blob: www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com cdn.walkme.com checkout.stripe.com track.easypost.com www.googletagmanager.com www.google.com www.youtube.com; report-uri https://sentry.io/api/1431584/security/?sentry_key=c94f0945b0d34659b3df102773f484d9 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 2
default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com florenceva.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.epic.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' www.epic.com www-dev.epic.com data: www.google-analytics.com; frame-src 'self' https://www.youtube.com 2
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 2
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=frontier; 2
default-src 'self'  'unsafe-inline'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://www.loginpostnl.net https://*.cldsvc.net https://*.salesforce.com https://*.googleapis.com https://*.google.com https://*.abtasty.com https://*.apsis1.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://*.postnl.sogeticloudservices.com https://*.usabilla.com https://www.googletagmanager.com https://www.googleadservices.com https://*.cloudfront.net https://*.innomdc.com https://connect.facebook.net https://platform.twitter.com https://*.linkedin.com https://*.pushcall.com https://*.pusher.com https://www.gstatic.com https://s3.amazonaws.com https://*.ads-twitter.com https://*.doubleclick.net https://*.twitter.com https://cdn.segment.com https://cdn.mxpnl.com https://pi.pardot.com https://*.salesforceliveagent.com https://postnl-frontend-locker.herokuapp.com https://*.hotjar.com https://postnlwebintelligence.s3-eu-west-1.amazonaws.com/analytics_global_new; connect-src 'self'  https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.adreskenmerken.eu https://*.cldsvc.net https://*.abtasty.com https://dc.services.visualstudio.com https://*.cloudfront.net https://*.abtasty.com https://*.pushcall.com wss://*.pusherapp.com https://*.pusher.com https://postnl.cubonacci.com https://twmmxtqwx0.execute-api.eu-central-1.amazonaws.com https://api.segment.io https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.usabilla.com; img-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.innomdc.com https://*.cloudfront.net https://*.usabilla.com https://*.facebook.com https://*.atdmt.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.twitter.com https://*.pinterest.com https://t.co https://*.abtasty.com https://apccdn.apsis1.com https://conv.indeed.com https://*.tradetracker.net; frame-src 'self' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://quadia.webtvframework.com https://*.cloudfront.net https://*.salesforce.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.twitter.com https://*.googletagmanager.com https://*.doubleclick.net https://ir.q4europe.com https://w.soundcloud.com https://projects.ivorystudio.net https://*.salesforceliveagent.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://*.salesforce.com https://*.apsis1.com https://*.abtasty.com https://*.googleapis.com https://*.cloudfront.net; font-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://api.mixpanel.com https://fonts.gstatic.com https://teddytor.abtasty.com https://*.cloudfront.net 2
frame-ancestors *.qzwb.com 2
style-src 'unsafe-inline' 'self' *.yximgs.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 2
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob: 2
default-src 'self' *.ing.pl ping-prod.ext.e-point.pl *.e-point.pl *.adocean.pl https://optimize.google.com *.ingbank.pl; font-src 'self' *.googleapis.com *.ingbank.pl data: themes.googleusercontent.com *.gstatic.com tagmanager.google.com content.ingbank.pl *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com https://optimize.google.com *.e-point.pl; style-src 'self' 'unsafe-inline' code.jquery.com https://fonts.googleapis.com *.googleapis.com *.ingbank.pl https://optimize.google.com *.e-point.pl https://www.gstatic.com s.ytimg.com https://www.ytimg.com https://ton.twimg.com *.ing.pl www.google.com ping-prod.ext.e-point.pl https://platform.twitter.com www.googletagmanager.com *.gstatic.com tagmanager.google.com content.ingbank.pl https://syndication.twitter.com; img-src 'self' data: https://d-gr.ppstatic.pl https://ton.twimg.com *.ggpht.com *.adocean.pl *.e-point.pl traffic.tgdaudience.com www.google.pl https://optimize.google.com https://syndication.twitter.com d-gr.ppstatic.pl clients1.google.com tagmanager.google.com content.ingbank.pl *.gstatic.com https://img1.staticmorizon.com.pl *.domy.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com www.google.com *.glosdlafirm.pl ping-prod.ext.e-point.pl *.ing.pl apollo-ireland.akamaized.net *.googleusercontent.com https://img.youtube.com http://www.ing.pl https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.twimg.com *.ingbank.pl img01-olxpl.akamaized.net *.hit.gemius.pl *.googleapis.com *.google-analytics.com https://www.i1.ytimg.com *.doubleclick.net ingbankslaski.d2.sc.omtrdc.net; frame-src 'self' *.tradedoubler.com content.ingbank.pl https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl *.ing.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com https://www.youtube.com https://optimize.google.com traffic.tgdaudience.com *.e-point.pl *.hit.gemius.pl ferryt-u.pl.ing-ad *.ingbank.pl *.doubleclick.net https://tbl.tradedoubler.com https://ing.webnotarius.pl www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl *.googleapis.com https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com ingbankslaski.d3.sc.omtrdc.net https://www.oauth.googleusercontent.com cdn.tgdaudience.com www.youtube.com https://cdn.syndication.twimg.com *.gstatic.com tagmanager.google.com content.ingbank.pl https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl https://www.apis.google.com *.ing.pl *.demdex.net www.googletagmanager.com https://platform.twitter.com s.ytimg.com https://ton.twimg.com https://www.youtube.com https://optimize.google.com www.googleadservices.com *.e-point.pl https://www.gstatic.com *.adocean.pl *.id.opendns.com ingbankslaski.d2.sc.omtrdc.net; object-src 'self' *.ingbank.pl content.ingbank.pl *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com *.e-point.pl; connect-src 'self' traffic.tgdaudience.com *.e-point.pl *.adocean.pl *.demdex.net www.googletagmanager.com *.ing.pl ping-prod.ext.e-point.pl wss://*.twilio.com https://syndication.twitter.com content.ingbank.pl ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com https://*.twilio.com *.doubleclick.net *.ingbank.pl *.hit.gemius.pl ingbankslaski.d2.sc.omtrdc.net; frame-ancestors 'self' *.ingbank.pl ping-prod.ext.e-point.pl *.ing.pl *.demdex.net www.googletagmanager.com content.ingbank.pl *.e-point.pl; 2
script-src www.google.co.uk *.dwin1.com www.google.com *.puzzel.com *.bing.com static.addtoany.com *.adnxs.com *.adroll.com *.steelhousemedia.com m.addthisedge.com *.addthis.com *.hotjar.com *.pingdom.net *.qualtrics.com *.cloudfront.net widget.trustpilot.com fp.gdmdigital.com *.linkedin.com *.facebook.com *.typekit.net ajax.googleapis.com analytics.google.com v2.visualwebsiteoptimizer.com useruploads.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com livechat.uk2group.com www.googleadservices.com tagmanager.google.com www.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net *.uk2.net 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com connect.facebook.net platform.twitter.com apis.google.com tracking.websitealive.com www.gstatic.com www.google-analytics.com secure.leadforensics.com; default-src 'self' data: *.puzzel.com *.uk2.net; img-src 'self' canarytokens.com *.uk2.net data: *.typekit.net *.gstatic.com *.bing.com secure.gravatar.com *.pingdom.net v2.visualwebsiteoptimizer.com placehold.it useruploads.visualwebsiteoptimizer.com widget.trustpilot.com syndication.twitter.com *.hotjar.com dev.visualwebsiteoptimizer.com livechat.uk2group.com googleads.g.doubleclick.net www.googleadservices.com *.steelhousemedia.com chart.googleapis.com widget.trustpilot.com notify.bugsnag.com stats.g.doubleclick.net www.google.com www.google-analytics.com 55b558c7-resources.bk-partnersasia.com csi.gstatic.com www.facebook.com syndication.twitter.com images.websitealive.com tracking.websitealive.com; style-src 'self' *.uk2.net www.google.co.uk *.puzzel.com *.pingdom.net https://use.fontawesome.com maxcdn.bootstrapcdn.com *.steelhousemedia.com fonts.googleapis.com www.google.com tagmanager.google.com dev.visualwebsiteoptimizer.com livechat.uk2group.com 'unsafe-inline' tracking.websitealive.com widget.trustpilot.com; frame-src 'self' *.uk2.net static.addtoany.com *.hotjar.com *.twitter.com *.addthis.com www.google.co.uk www.google.com *.steelhousemedia.com player.vimeo.com a5.websitealive.com www.youtube.com widget.trustpilot.com tracking.websitealive.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com dev.visualwebsiteoptimizer.com livechat.uk2group.com; object-src 'self' *.uk2.net; font-src 'self' *.uk2.net data: fonts.gstatic.com use.typekit.net *.puzzel.com https://use.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com; connect-src 'self' static.addtoany.com *.puzzel.com *.pingdom.net widget.trustpilot.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com graylog.hotjar.com:12443 *.twitter.com *.uk2.net *.hotjar.com *.addthis.com dev.visualwebsiteoptimizer.com livechat.uk2group.com; 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; img-src 'self' https://anycast.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self'  *.jwpsrv.com *.jwplatform.com; font-src 'self' *.googleapis.com *.gstatic.com data:; connect-src 'self' *; report-uri /report-csp-violation 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
default-src 'self'; block-all-mixed-content; child-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net analytics-eu.clickdimensions.com www.google.com; connect-src 'self' *.schiphol.nl wss://ws-eu.pusher.com api.usabilla.com app.getsentry.com bam.nr-data.net d6tizftlrpuof.cloudfront.net doubleclickadexchange.net www.google-analytics.com pagead2.googlesyndication.com jy11djjhoa.execute-api.eu-west-1.amazonaws.com *.g.doubleclick.net *.tiles.mapbox.com api.mapbox.com obipubvideo.s3.eu-central-1.amazonaws.com ws-eu.pusher.com stats.pusher.com events.mapbox.com api-cdn.embed.ly chat-schipholccc.cs83.force.com schipholccc.secure.force.com *.facebook.com; font-src 'self' data: fonts.gstatic.com tagmanager.google.com themes.googleusercontent.com cdn.schiphol.nl cdn.digitalredesign.nl; frame-ancestors 'self' *.my.salesforce.com; frame-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net analytics-eu.clickdimensions.com www.google.com html5-player.libsyn.com cdn.embedly.com service.force.com schipholccc.secure.force.com *.my.salesforce.com; img-src 'self' data: blob: *.ctfassets.net bam.nr-data.net bat.bing.com bat.r.msn.com cdncash.org d6tizftlrpuof.cloudfront.net doubleclick.net ge0ip.com ge0ip.net ge0ip.org *.g.doubleclick.net lancheck.net maps.googleapis.com *.schiphol.nl schiphol.mobi tagmanager.google.com takethatad.com tm.tradetracker.net ts.tradetracker.net tl.tradetracker.net w.usabilla.com www.google-analytics.com www.google.com www.google.nl www.googleadservices.com www.gstatic.com www.seebuyflyhappyhour.nl connect.facebook.net www.facebook.com s.ytimg.com lh3.googleusercontent.com cdn.digitalredesign.nl ad.doubleclick.net adservice.google.com adservice.google.nl assets.libsyn.com ssl-static.libsyn.com *.content.force.com schipholccc.secure.force.com; manifest-src 'self' cdn.schiphol.nl cdn.digitalredesign.nl; script-src 'self' data: asset: blob: 'unsafe-inline' 'unsafe-eval' *.schiphol.nl ajax.googleapis.com api.usabilla.com apps-analytics.net bam.nr-data.net bat.bing.com cdn.optimizely.com cdncash.org d1fc8wv8zag5ca.cloudfront.net d6tizftlrpuof.cloudfront.net d19tqk5t6qcjac.cloudfront.net ge0ip.com ge0ip.net ge0ip.org js-agent.newrelic.com tagmanager.google.com tm.tradetracker.net w.usabilla.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com connect.facebook.net www.facebook.com *.tiles.mapbox.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net www.google.com analytics-eu.clickdimensions.com cdn.digitalredesign.nl js.pusher.com stats.pusher.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net *.salesforceliveagent.com *.my.salesforce.com service.force.com ajax.cloudflare.com cdn.embedly.com chat-schipholccc.cs83.force.com static.lightning.force.com schipholccc.secure.force.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com d6tizftlrpuof.cloudfront.net www.gstatic.com api.tiles.mapbox.com cdn.schiphol.nl cdn.digitalredesign.nl cdn.embedly.com static.libsyn.com service.force.com *.my.salesforce.com chat-schipholccc.cs83.force.com schipholccc.secure.force.com; worker-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com *.facebook.com analytics-eu.clickdimensions.com www.google.com 2
script-src https: http: 'unsafe-eval' 'unsafe-inline'; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 2
frame-ancestors 'self' store-locator.papersource.com; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://widgets.kimbia.com https://api.kimbia.com https://krpc.kimbia.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com/player_api https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://www.google.com https://www.gstatic.com; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://widgets.kimbia.com https://api.kimbia.com https://krpc.kimbia.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com/player_api https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://www.google.com https://www.gstatic.com 2
frame-ancestors 'self' *.antena3.com *.lasexta.com *.atresmedia.com *.ondacero.es *.europafm.com *.melodia-fm.com 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' zooniverse.org *.zooniverse.org webservices.crick.ac.uk CLVD0-WS-U-T-29.thecrick.org 2
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals 2
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz; report-uri /cspreport; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pinterest.com *.addtoany.com *.paypal.com *.ytimg.com *.youtube.com www.googleadservices.com *.googletagmanager.com www.snta0034.com *.rnib.org.uk *.paypalobjects.com collector-1065.tvsquared.com app.vwo.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com *.google-analytics.com ajax.googleapis.com *.hotjar.com *.hotjar.io *.bing.com; style-src 'self' 'unsafe-inline' *.rnib.org.uk app.vwo.com fonts.googleapis.com; img-src 'self' data: *.pinterest.com *.rnib.org.uk *.paypalobjects.com *.paypal.com collector-1065.tvsquared.com maps.googleapis.com maps.gstatic.com csi.gstatic.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net dev.visualwebsiteoptimizer.com *.hotjar.com *.hotjar.io *.bing.com; font-src 'self' data: app.vwo.com *.rnib.org.uk *.rnib.panlogic.co.uk fonts.gstatic.com *.hotjar.com *.hotjar.io; frame-src 'self' *.pinterest.com *.addtoany.com *.paypal.com app.vwo.com youtube.com *.youtube.com *.hotjar.com *.hotjar.io; upgrade-insecure-requests; report-uri https://report-uri.io/report/37d691f11ddee70a60a651059fdfc1dc; connect-src 'self' *.paypal.com dev.visualwebsiteoptimizer.com bam.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://miloo.nl wss://miloo.nl *.abtasty.com; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://miloo.nl wss://miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://miloo.nl wss://miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io; frame-ancestors 'self' https://*.kvk.nl; base-uri 'self' *.kvk.nl; 2
connect-src 'self' https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net *.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/ 2
frame-ancestors 'self' admin.truelocal.com.au 2
frame-ancestors 'self' http://jobspreader.com 2
frame-ancestors http://ignite-author-qa.bhhs.com https://ignite-author-qa.bhhs.com http://ignite-author-staging.bhhs.com https://ignite-author-staging.bhhs.com 2
default-src http://*.amerimark.com https://*.amerimark.com http://*.anthonyrichards.com https://*.anthonyrichards.com http://*.anthonyrichardsplus.com https://*.anthonyrichardsplus.com 'unsafe-inline' 'unsafe-eval' data: blob: *.2mdn.net *.bizrate.com *.bizrateinsights.com *.brightcove.com *.brightcove.net *.coremetrics.com *.doubleclick.net *.facebook.com *.facebook.net *.fonts.net *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hawksearch.com *.hawksearch.info *.hawksearch.net *.mcafeesecure.com *.monetate.net *.moovweb.net *.offeredby.net *.powerreviews.com *.ywxi.net *.2mdn.net *.newbenefits.com *.anthonyrichards.com *.passtohealth.com *.cloudfront.net *.zencdn.net *.cloudinary.com *.iesnare.com *.cmcore.com *.paymentech.com *.kaptcha.com chat.amerimark.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.linksynergy.com *.rakuten.com *.bing.com *.akstat.io *.googletagservices.com *.monetate.org *.paypalobjects.com *.braintreegateway.com *.paypal.com *.braintree-api.com *.trustedsite.com s3-us-west-2.amazonaws.com/mfesecure-public/ *.go-mpulse.net *trial-eum-clientnsv4-s.akamaihd.net/ *.beautyboutiqueperks.com *.harrietcarterperks.com *.amerimarkperks.com *.feelgoodstoreperks.com *.timeformeperks.com *.attn.tv 2
frame-ancestors https://*.ionos.es https://ionos.es; 2
default-src  https://*.kucoin.com  https://*.kcs.top  https://*.kumex.com  https://*.kumex.top  https://*.pool-x.io  https://*.googleapis.com  https://*.kcsfile.com  https://*.recaptcha.net  https://*.alicdn.com  https://*.google-analytics.com  https://*.gstatic.cn  https://*.gstatic.com  https://*.doubleclick.net  https://*.kcs.top:4443  https://*.growingio.com  https://*.giocdn.com  data:  ws:  wss:  eval:  inline:  'unsafe-eval'  'unsafe-inline'  https://hm.baidu.com  https://*.leancloud.cn  https://*.lncld.net  https://*.geetest.com  https://*.youtube.com  https://*.tradingview.com  https://*.zopim.com  https://*.google.com;  font-src  http:  https:  data:;  img-src  http:  https:  data:  blob:;  frame-ancestors  'self'  https://www.growingio.com  https://*.zopim.com  https://*.google.com;  report-uri  https://sentry.kucoin.com/api/4/security/?sentry_key=24025117382843a3adbbd8a8cb5dc2fc 2
default-src 'self' data: *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.scorecardresearch.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.wirecard.com *.googleapis.com *.googleadservices.com *.vimeo.com xing-se.jobbase.io *.xingassets.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.scorecardresearch.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.wirecard.com *.googleapis.com *.googleadservices.com *.vimeo.com *.vimeocdn.com xing-se.jobbase.io *.xingassets.com; style-src 'self' data: 'unsafe-inline' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.scorecardresearch.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.wirecard.com *.googleapis.com *.googleadservices.com xing-se.jobbase.io *.xingassets.com; frame-src *; img-src data: https: 2
frame-ancestors 'self' translate.google.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru yastatic.net *.yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com *.livetex.ru ostrovokru003.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com tag.crsspxl.com; img-src * data:; report-uri /hc/csp 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 2
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; 2
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://connect.facebook.net/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://log.pinterest.com/ https://use.typekit.net/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://maps.googleapis.com/ https://www.wufoo.com/scripts/embed/form.js https://secure.wufoo.com/scripts/embed/form.js https://www.googleadservices.com/pagead/conversion.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://b-code.liadm.com/a-00v3.min.js https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://internalgogdemo.terracycle.com https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/; img-src 'self' https://www.google-analytics.com/r/ https://www.google.com/pagead/ https://www.google.com/ads/ https://stats.g.doubleclick.net/r/ https://www.facebook.com/tr/ https://c.liadm.com/ https://assets.pinterest.com/images/pidgets/ https://p.typekit.net/ https://syndication.twitter.com/i/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/vt https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white*; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information; plugin-types application/pdf application/xml 2
frame-ancestors 'self' *.samash.com *.ecofabric.com 2
frame-ancestors 'self' *.autodesk.com *.bluesnap.com; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: https://app.acquire.io wss://s.acquire.io data:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com https://app.acquire.io https://s.acquire.io; worker-src https: blob: 2
child-src 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/;frame-ancestors 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/;frame-src 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ 2
default-src https:; script-src 'unsafe-inline' https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
frame-ancestors 'self' https://lcc30.lifecare.com; 2
reflected-xss block; object-src 'self'; report-uri https://roche.report-uri.com/r/t/csp/enforce; 2
frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 2
frame-ancestors https://*.simplemobile.com 2
frame-ancestors https://*.aok.de https://*.dev.queo-group.com https://*.dev.queo.org localhost; 2
default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.acquia.com *.marchex.io *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com *.jsdelivr.net unpkg.com *.kampyle.com sunlightmetrics.b-cdn.net; style-src 'self' 'unsafe-inline' *.acquia.com *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com *.jsdelivr.net unpkg.com *.kampyle.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.marchex.io *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net *.kampyle.com *.turn.com; frame-src 'self' *.acquia.com *.marchex.io *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud *.kampyle.com blob:; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com *.jsdelivr.net *.kampyle.com; connect-src 'self' *.acquia.com *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live *.kampyle.com wss://*.visitors.live *.bugsnag.com; report-uri /report-csp-violation 2
default-src 'none'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: http://www.pap.pl https://www.google.com https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://adservice.google.com https://adservice.google.pl https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hit.gemius.pl; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://securepubads.g.doubleclick.net https://csi.gstatic.com; object-src 'self'; frame-src 'self' https://igrafika.pap.pl https://www.youtube.com https://*.dcs.redcdn.pl https://www.google.com https://infostrefa.tv https://*.hit.gemius.pl https://multimedia.europarl.europa.eu https://maps.google.com; prefetch-src 'self' https://tpc.googlesyndication.com; base-uri 'self'; 2
frame-ancestors 'self' https://*.yandex.ru https://yastatic.net http://*.webvisor.com http://webvisor.com; 2
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; style-src 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tutanota.com https://api.github.com https://www.reddit.com https://mail.tutanota.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net *.eloqua.com *.en25.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com bat.bing.com cdn-akamai.mookie1.com cdn.ampproject.org cdn.fontawesome.com connect.facebook.net ds-aksb-a.akamaihd.net googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com maps.googleapis.com marketing.adobe.com munchkin.marketo.net nebula-cdn.kampyle.com optimize.google.com platform.linkedin.com platform.twitter.com s.ytimg.com script.hotjar.com static.ads-twitter.com static.hotjar.com tagmanager.google.com tags.tiqcdn.com www.cdic.ca www.google.com www.googletagmanager.com www.sadc.ca www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net *.eloqua.com *.en25.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com bat.bing.com cdn-akamai.mookie1.com cdn.ampproject.org cdn.fontawesome.com connect.facebook.net ds-aksb-a.akamaihd.net googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com maps.googleapis.com marketing.adobe.com munchkin.marketo.net nebula-cdn.kampyle.com optimize.google.com platform.linkedin.com platform.twitter.com s.ytimg.com script.hotjar.com static.ads-twitter.com static.hotjar.com tagmanager.google.com tags.tiqcdn.com www.cdic.ca www.google.com www.googletagmanager.com www.sadc.ca www.youtube.com; font-src 'self' *.pinterest.com data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com optimize.google.com tagmanager.google.com www.googletagmanager.com; img-src 'self' *.demdex.net *.eloqua.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com bat.bing.com blob: cm.everesttech.net cx.atdmt.com data: https://*.dec.sitefinity.com https://dec.azureedge.net https://delicious.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://syndication.twitter.com img.youtube.com optimize.google.com pbs.twimg.com pcfinancial.sc.omtrdc.net platform.tumblr.com platform.twitter.com/css/ stats.g.doubleclick.net t.co t.com tagmanager.google.com track.hubspot.com udc-neb.kampyle.com web.facebook.com www.facebook.com www.google.ca www.google.com www.googletagmanager.com www.linkedin.com www.redditstatic.com nebula-cdn.kampyle.com ds-aksb-a.akamaihd.net www.cdic.ca; media-src 'self' *.pinterest.com blob: data: optimize.google.com tagmanager.google.com www.googletagmanager.com; frame-src 'self' *.demdex.net *.doubleclick.net *.pinterest.com cdn-akamai.mookie1.com optimize.google.com platform.twitter.com tagmanager.google.com tags.tiqcdn.com vars.hotjar.com www.googletagmanager.com www.youtube.com nebula-cdn.kampyle.com; child-src 'self' *.demdex.net *.pinterest.com accounts.google.com apis.google.com badge.stumbleupon.com https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ optimize.google.com staticxx.facebook.com tagmanager.google.com vars.hotjar.com web.facebook.com www.facebook.com www.googletagmanager.com; connect-src 'self' *.demdex.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.mktoresp.com *.pinterest.com accounts.google.com https://*.dec.sitefinity.com https://dec.azureedge.net https://delicious.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://syndication.twitter.com optimize.google.com pcfinancial.sc.omtrdc.net tagmanager.google.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.linkedin.com www.redditstatic.com www.cdic.ca; 2
default-src 'self' *.binomo.com *.binomo-id.com; child-src *; connect-src 'self' ekr.zdassets.com api.snrbox.com fcm.googleapis.com proxy.snrbox.com tck.snrbox.com wss://messenger.snrbox.com dc.snrbox.com www.googleapis.com www.google-analytics.com wss://*.zopim.com wss://*.cackle.me binomo.zendesk.com mc.yandex.ru *.intercom.io wss://*.intercom.io app.getsentry.com *.kameleoon.com *.binomo.com wss://as.binomo.com:* wss://ws.binomo.com:*; font-src data: 'self' *.zopim.com js.intercomcdn.com fonts.gstatic.com mc.yandex.ru *.livechatinc.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.binomo.com; img-src * data:; media-src 'self' www.snrcdn.net *.binomo.com; script-src 'self' *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io www.snrcdn.net *.intercomcdn.com binomo.co *.kameleoon.com *.cackle.me cackle.me cdn.rutarget.ru *.adroll.com gscst-84a.kxcdn.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com mc.yandex.ru *.mail.ru echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.ytimg.com www.gstatic.com *.livechatinc.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn yastatic.net 'unsafe-eval' 'unsafe-inline' *.binomo.com; style-src 'self' *.google.com static.kameleoon.com *.cackle.me fonts.googleapis.com www.snrcdn.net 'unsafe-inline' *.binomo.com 2
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-ancestors 'self' forums.gunsandammo.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2
nosniff 2
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data: 2
frame-ancestors https://app.c-spanbus.org 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com  *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:; 2
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 2
default-src  * blob: 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; 2
frame-ancestors https://*.propellerads.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' webanalyticsssl.websense.com https://www.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tiqcdn.com https://*.googleadservices.com/ https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net; font-src 'self' https://fast.fonts.net/; object-src 'none'; frame-ancestors https://*.forcepoint.com http://*.forcepoint.com https://*.websense.com http://*.websense.com https://*.tiqcdn.com https://fast.fonts.net 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; img-src 'self' http: https: data:; 2
frame-ancestors 'self' https://portal-interactiv.com *.iberostar.com *.olehotels.com icrs.visitus-inc.com *.iberostarpro.com  *.iberostartheclub.com *.grandiberostar.com kayak.com webvisor.com *.wannabot.io 2
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src 'none'; font-src 'self'; img-src 'self' *.amazonaws.com  *.iamplus.com *.googletagmanager.com *.google.com *.google-analytics.com *.klaviyo.com *.facebook.net *.facebook.com *.youtube.com *.mixpanel.com *.googleapis.com *.cloudfront.net *.curalate.com *.cloudflare.com *.googleadservices.com *.doubleclick.net; script-src 'self' *.doubleclick.net *.cloudflare.com *.klaviyo.com *.google-analytics.com *.facebook.net *.facebook.com 'nonce-bmV0c3BhcmtlciBydWxlcyA7KQ==' 'unsafe-eval'; frame-src *.youtube.com *.doubleclick.net; style-src 'self' *.klaviyo.com 'unsafe-inline'; object-src 'self'; media-src 'self' *.iamplus.com; connect-src 'self' *.kmail-lists.com *.mixpanel.com 2
frame-ancestors self fasttech.com *.fasttech.com 2
default-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about:; base-uri 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about:; child-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: itunes.apple.com www.facebook.com staticxx.facebook.com accounts.google.com apis.google.com googletagmanager.com www.googletagmanager.com js.stripe.com syndication.twitter.com widget.uservoice.com www.youtube.com www.youtube-nocookie.com player.vimeo.com 9806488.fls.doubleclick.net; connect-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: api.airbrake.io www.facebook.com ajax.googleapis.com translate.googleapis.com www.google-analytics.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io uploads.intercomcdn.com code.jquery.com www.kidsafeseal.com api.mixpanel.com api-js.mixpanel.com api.stripe.com ct.pinterest.com; font-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: maxcdn.bootstrapcdn.com use.fontawesome.com translate.googleapis.com fonts.gstatic.com use.typekit.net fonts.typekit.net fonts.googleapis.com; frame-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: itunes.apple.com www.facebook.com staticxx.facebook.com accounts.google.com apis.google.com googletagmanager.com www.googletagmanager.com js.stripe.com syndication.twitter.com widget.uservoice.com www.youtube.com www.youtube-nocookie.com player.vimeo.com 9806488.fls.doubleclick.net; img-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: bat.bing.com www.facebook.com www.google-analytics.com google-analytics.com ssl.google-analytics.com accounts.google.com www.google.ae www.google.com.au www.google.ca www.google.ch www.google.es www.google.co.in www.google.co.kr www.google.com.qa www.google.com.sa www.google.co.th www.google.co.uk www.google.com.vn www.google.com.ph www.google.com.za translate.google.com translate.googleapis.com www.gstatic.com csi.gstatic.com ssl.gstatic.com googletagmanager.com www.googletagmanager.com static.intercomassets.com downloads.intercomcdn.com cdn-mxpnl.com q.stripe.com syndication.twitter.com p.typekit.net i.vimeocdn.com googleads.g.doubleclick.net www.kidsafeseal.com cdn.mxpnl.com ct.pinterest.com; script-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: bat.bing.com google-analytics.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com googletagmanager.com www.googletagmanager.com translate.googleapis.com cdn-mxpnl.com api.stripe.com by2.uservoice.com s.yimg.com s7.addthis.com cdnjs.cloudflare.com cdn.ampproject.org dnn506yrbagrg.cloudfront.net html5shim.googlecode.com www.google-analytics.com apis.google.com widget.intercom.io code.jquery.com cdn.mxpnl.com cdn.optimizely.com js.stripe.com use.typekit.net widget.uservoice.com s.pinimg.com ct.pinterest.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.splashmath.com *.splashlearn.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com www.google.com blob: data: about: maxcdn.bootstrapcdn.com use.fontawesome.com translate.googleapis.com fonts.gstatic.com use.typekit.net fonts.typekit.net fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri /csp-report 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.investis.com *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly http://player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com; connect-src 'self' data: ws: blob: *.googleadservices.com adservice.google.com; 2
default-src 'none'; connect-src 'self' http: https: wss:; font-src 'self' http: https:; form-action 'self' http: https:; frame-src 'self' http: https:; frame-ancestors 'self' http: https:; img-src 'self' 'unsafe-inline' http: https: data:; media-src 'self' http: https:; object-src 'self' http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; worker-src 'self' http: https:; child-src 'self' http: https 2
default-src 'self' https://*;script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'        *.googletagmanager.com        *.cdnwidget.com        *.googleapis.com        *.pinimg.com	*.trustpilot.com	sitesearch360.com        *.sitesearch360.com	*.liveperson.net	*.marinsm.com	*.krxd.net	*.facebook.net	*.doubleclick.net	*.yahoo.com	*.bing.com	*.yimg.com	*.hotjar.com	*.adnxs.com	*.jquery.com	pixel-geo.prfct.co	lpcdn.lpsnmedia.net	cdnjs.cloudflare.com	www.googleadservices.com	*.google-analytics.com	*.google.com	tag.perfectaudience.com	cdn.pcdi.edu	dev.cdn.pcdi.edu	www.rtb123.com	*.lpsnmedia.net	*.adroll.com	*.ashworthcollege.edu;frame-src 'self'        *.liveperson.net	*.facebook.net	*.trustpilot.com	*.reactionads.com	*.doubleclick.net	*.krxd.net	*.hotjar.com	*.lpsnmedia.net	*.fls.doubleclick.net	pixel-geo.prfct.co	*.ashworthcollege.edu	*.pcdi.edu	*.jmhs.com	*.youtube.com	*.vimeo.com	*.facebook.com	*.google.com;style-src 'unsafe-inline'  *;font-src * data:;connect-src 'self'        *.hotjar.io        *.facebook.com	*.cdnwidget.com	*.cdn-basket.net        *.pinterest.com	*.doubleclick.net	*.hotjar.com        wss://*.hotjar.com	*.sitesearch360.com	*.trustpilot.com        *.google.com        *.visualwebsiteoptimizer.com;img-src * data:;media-src 'self'       *.lpsnmedia.net; 2
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: ; 2
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.omniture.com *.omtrdc.net *.adobedtm.com epoq-systems.de *.epoq.de *.worldshop.eu *.miles-and-more.com *.milesandmore.com *.lufthansa.com *.points.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.swiss-shop.com *.mamtools.com *.demdex.net data:; 2
default-src 'none'; base-uri 'none'; connect-src 'self' wss://charts.tickmill.com:8080 https://charts.tickmill.com:8080 charts.tickmill.com:8080 quotes.tickmill.com secure.tickmill.com secure.tickmill.co.uk secure.tickmill.eu secure.tickmill.jp secure.tickmill.ae cdn.livechatinc.com secure.livechatinc.com youtube.com google.com fonts.google.com www.google-analytics.com mc.yandex.ru api.hubspot.com api.hubapi.com s.union.360.cn; font-src 'self' data: d1fyjtrsl71uh.cloudfront.net cdn.livechatinc.com secure.livechatinc.com fonts.google.com; form-action 'self' secure.tickmill.com secure.tickmill.co.uk secure.tickmill.eu secure.tickmill.jp secure.tickmill.ae; frame-ancestors 'none'; frame-src www.google.com www.youtube.com widget.trustpilot.com 360fenxi.mediav.com s.union.360.cn secure.livechatinc.com widgets.myfxbook.com tpc.googlesyndication.com; img-src 'self' 'unsafe-inline' data: http: https:; manifest-src 'self'; media-src data: d1fyjtrsl71uh.cloudfront.net d2ikij6pcyb4st.cloudfront.net cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' cdn.livechatinc.com snap.licdn.com secure.livechatinc.com www.gstatic.com www.googletagmanager.com widget.trustpilot.com sjs.bizographics.com static.ads-twitter.com www.google-analytics.com mc.yandex.ru www.googleadservices.com js.hs-scripts.com s.union.360.cn e.so.com *.adroll.com d.adroll.mgr.consensu.org js.hs-analytics.net js.hsadspixel.net js.usemessages.com *.twitter.com *.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com ajax.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' 'report-sample' www.gstatic.com widget.trustpilot.com; worker-src 'none' 2
font-src *;img-src * data:;  2
script-src 'self' blob 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.adobedtm.com track.psprint.com *.optimizely.com www.googletagmanager.com *.quantummetric.com *.cdn.optimizely.com *.psprint.com psprint.com www.google.com *.wistia.com *.wistia.net *.psprint-uat.com psprint-uat.com ajax.googleapis.com *.braintreegateway.com www.googleadservices.com sstats.deluxe.com www.google-analytics.com *.hotjar.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net www.shopperapproved.com www.sc.pages04.net shopperapproved.com *.shopperapproved.com static.addtoany.com lptag.liveperson.net www.googleadservices.com www.sc.pages04.net *.dfsfullcolor-uat.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p-uat.com cdn.widerfunnel.com *.braintreegateway.com assets.pinterest.com cdn.widerfunnel.com assets.pinterest.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; img-src 'self' *.psprint.com psprint.com stats.deluxe.com data: *.wistia.com *.wistia.net www.googletagmanager.com ad.doubleclick.net sstats.deluxe.com embedwistia-a.akamaihd.net bat.bing.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net *.google.com www.google.com.ua googleads.g.doubleclick.net shareasale.com www.pages04.net www.shopperapproved.com shopperapproved.com *.shopperapproved.com 52.45.162.79 *.dfsfullcolor.com *.safeguardw2p.com cdn.widerfunnel.com log.pinterest.com *.dfsfullcolor-uat.com api.safeguardw2p-uat.com safeguardw2p-uat.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.lpsnmedia.net *.qualtrics.com *.tt.omtrdc.net *.demdex.net; style-src 'self' 'unsafe-inline' *.psprint.com psprint.com stats.g.doubleclick.net fonts.googleapis.com *.dfsfullcolor.com *.safeguardw2p.com safeguardw2p-uat.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.demdex.net; font-src 'self' data: *.psprint.com psprint.com fonts.gstatic.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com stackpath.bootstrapcdn.com www.googletagmanager.com *.demdex.net; frame-src 'self' www.google.com *.cdn.optimizely.com *.optimizely.com *.wistia.com *.wistia.net bid.g.doubleclick.net *.hotjar.com www.facebook.com *.braintreegateway.com www.emjcd.com cj.dotomi.com static.addtoany.com www.youtube.com www.emjcd.com *.dfsfullcolor.com www.brainshark.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p.com cdn.widerfunnel.com assets.pinterest.com *.psprint.com psprint.com listmodulev3.usadata.com sales.liveperson.net va-e.c.liveperson.net lptag.liveperson.net *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; connect-src 'self' apis.google.com *.quantummetric.com *.optimizely.com track.psprint.com *.psprint.com psprint.com api.ipify.org *.wistia.com *.wistia.net *.cdn.optimizely.com fg8vvsvnieiv3ej16jby.litix.io ws://files.psprint.com wss://files.psprint.com sstats.deluxe.com stats.g.doubleclick.net www.facebook.com in.hotjar.com api.sandbox.braintreegateway.com origin-analytics-sand.sandbox.braintree-api.com embedwistia-a.akamaihd.net *.dfsfullcolor.com *.safeguardw2p.com *.braintreegateway.com stats.addtoany.com www.google-analytics.com safeguardw2p.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.litix.io *.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com siteintercept.qualtrics.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; object-src 'none' 2
default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com; img-src 'self' blob: data: 'unsafe-inline' *.iscte-iul.pt iscte-iul.pt *.googleapis.com *.gstatic.com *.google-analytics.com www.google.com www.google.pt www.linkedin.com stats.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.google-analytics.com www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com; object-src 'self'; connect-src 'self' *.google-analytics.com; frame-src 'self' *.google.com *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com; 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz 2
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src * ; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: https://tr.rdrtr.com https://stags.bluekai.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr; style-src * 'unsafe-inline'; 2
frame-ancestors self *.moneyweb.co.za http://preview.moneyweb-2.instantmagazine.com http://moneyweb-2.instantmagazine.com *.instantmagazine.com 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 2
default-src https: 'unsafe-inline'; frame-ancestors https:; object-src 'none'; script-src https: 'unsafe-inline' 2
frame-ancestors 'self' http://*.gobdigital.gba.gob.ar  https://*.gobdigital.gba.gob.ar; 2
frame-ancestors *.dowjones.net *.fnlondon.com *.efinancialnews.com *.onservo.com 2
default-src 'self'  http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io ; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com 'unsafe-inline'; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ;  connect-src 'self' http://samta.samt.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; img-src * data: 2
frame-ancestors https://*.ionos.mx https://ionos.mx; 2
default-src 'self' fokstatic.nl *.fok.nl *.fokzine.net *.gstatic.com *.angularjs.org  *.google-analytics.com 'unsafe-inline' 2
default-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com p.typekit.net use.typekit.net csawdfunctions01.azurewebsites.net csawtfunctions01.azurewebsites.net csawpfunctions01.azurewebsites.net csautfunctions01.azurewebsites.net csaupfunctions01.azurewebsites.net www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat mc.yandex.ru localhost csaupweb01.azurewebsites.net cmsprodus.csa.cz csa.cz www.csa.cz 'unsafe-inline' csaupcdnep01.azureedge.net csaupsaweb01.blob.core.windows.net csawpcdnep01.azureedge.net csawpsaweb01.blob.core.windows.net dc.services.visualstudio.com fonts.googleapis.com csi.gstatic.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com sstats.csa.cz googleads.g.doubleclick.net www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com www.google.cz www.pages05.net data: static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz www.youtube.com youtube.com www.vimeo.com vimeo.com; script-src 'self' mc.yandex.ru www.dwin1.com googleads.g.doubleclick.net www.google.cz localhost cmsprodus.csa.cz csa.cz www.csa.cz 'unsafe-eval' 'unsafe-inline' az416426.vo.msecnd.net www.google.com www.gstatic.com maps.googleapis.com assets.adobedtm.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com connect.facebook.net static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz; frame-src www.pages05.net authorize.omniture.com sitecatalyst.omniture.com www.facebook.com www.google.com bid.g.doubleclick.net static.zanox.com api.zanox.com eu-sonar.sociomantic.com c.imedia.cz api.zanox.ws www.youtube.com youtube.com www.vimeo.com vimeo.com; 2
frame-ancestors 'self' *.freenas.org *.ixsystems.com; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 2
frame-ancestors 'self' *.svenskakyrkan.se https://*.risevision.com https://www.risevision.com/ http://*.kyrkanstrygghetsrad.se/ http://www.kyrkanstrygghetsrad.se/; 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
img-src * data:; 2
report-uri /csp-report.php; default-src 'none'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net; connect-src 'self' https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors https://*.x-cart.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' *.adbutler-kaon.com *.adbutler.com *.amazonaws.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.googlwe.com *.gravatar.com *.issuu.com *.isu.pub *.knack.com *.knackhq.com *.quantserve.com *.quantcount.com *.sharethis.com *.thekennelclub.org.uk *.twitter.com *.vimeocdn.com *.visualstudio.com *.wufoo.com *.youtube.com *.zmags.com adbutler-fermion.com our.umbraco.org packages.umbraco.org player.vimeo.com servedbyadbutler.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adbutler-kaon.com *.adbutler.com *.amazonaws.com *.cloud-database.co *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.googletagmanager.com *.issuu.com *.isu.pub *.knack.com *.knackhq.com *.msecnd.net *.quantserve.com *.quantcount.com *.sharethis.com *.thekennelclub.org.uk *.twitter.com *.wufoo.com *.zmags.com *.gstatic.com adbutler-fermion.com servedbyadbutler.com;style-src 'self' 'unsafe-inline' *.cloud-database.co *.google.co.uk *.google.com *.googleapis.com *.issuu.com *.isu.pub *.sharethis.com *.thekennelclub.org.uk;img-src 'self' data: *.adbutler-kaon.com *.cloud-database.co *.doubleclick.net *.facebook.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.gravatar.com *.issuu.com *.isu.pub *.quantserve.com *.quantcount.com *.thekennelclub.org.uk *.twitter.com *.zmags.com adbutler-fermion.com dashboard.umbraco.org servedbyadbutler.com umbraco.tv;font-src 'self' data: *.gstatic.com *.cloud-database.co 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' https: data:;frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.bootstrapcdn.com kiwiirc.com money.yandex.ru connect.facebook.net *.facebook.com *.twitter.com *.twimg.com *.youtube.com; img-src * data:; frame-ancestors reactos.org 2
frame-ancestors 'self' https://*.discover.com https://*.discoverfinancial.com https://*.adobe.com https://*.optimizely.com https://*.discoverihs.com https://www.discoverstudentloans.com 2
frame-ancestors 'self' www.skylinewebcams.com; 2
default-src 'self' fl.ru *.fl.ru *.facebook.com client.getinchat.com *.jivosite.com *.mail.ru *.yandex.ru *.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.fl.ru cityadstrack.com www.cityadstrack.com artfut.com www.artfut.com cdn.userecho.com connect.facebook.net *.adriver.ru counter.rambler.ru *.newrelic.com *.nr-data.net mc.yandex.ru *.doubleclick.net *.criteo.com *.criteo.net *.mail.ru *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com adservice.google.com adservice.google.ru adservice.google.com.ua *.tns-counter.ru x.cnt.my d31j93rd8oukbv.cloudfront.net *.jivosite.com; img-src data: blob: *; media-src *.fl.ru *.jivosite.com; style-src 'unsafe-inline' 'unsafe-eval' blob: 'self' *.fl.ru fonts.googleapis.com *.jivosite.com; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru *.criteo.com *.criteo.net *.facebook.com *.adriver.ru *.doubleclick.net *.google.com *.google.ru *.indeed.com onesignal.com rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru; connect-src 'self' *.doubleclick.net *.facebook.com *.google-analytics.com *.mail.ru client.getinchat.com *.jivosite.com *.yandex.ru *.nr-data.net *.jivosite.com; report-uri https://flru.report-uri.com/r/d/csp/reportOnly; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
default-src 'self'; style-src 'self' *.typekit.net *.myfonts.net 'unsafe-inline'; font-src 'self' *.typekit.net data: *.myfonts.net; script-src 'self' www.googletagmanager.com www.google-analytics.com *.addthis.com *.addthisedge.com 'unsafe-eval'; img-src 'self' www.google-analytics.com data: *.addthis.com; frame-src 'self' *.youtube.com *.addthis.com 2
frame-ancestors 'self' *.wildberries.by 2
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; frame-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'none'; base-uri 'self'; manifest-src *.anidb.net; 2
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 2
style-src 'self' 'unsafe-inline' hello.myfonts.net https://fonts.googleapis.com https://theappreciationengine.com https://tagmanager.google.com https://cdn.jotfor.ms; img-src 'self' data: 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com http://www.movienewsletters.net https://as.showcasecinemas.com https://www.facebook.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://files.jotform.com http://events.jotform.com https://cdn.jotfor.ms https://www.jotform.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://us4.siteimprove.com https://www.google.com https://www.google.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://theappreciationengine.com/framework/js/1890 https://apis.google.com https://maps.googleapis.com https://www.googletagmanager.com/gtm.js https://as.showcasecinemas.com https://am.showcasecinemas.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://www.google-analytics.com https://connect.facebook.net https://tagmanager.google.com https://www.googleadservices.com https://form.jotform.com https://cdn.ravenjs.com https://cdn.jotfor.ms https://js.jotform.com https://www.jotform.com https://siteimproveanalytics.com https://cdn-cinema-ui-assets-prod.movio.co https://api-us.movio.co https://api.tripleseat.com; 2
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://web-analytics.engagio.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com/ https://*.xpressreg.net/ https://*.xpressleadpro.com/ https://*.xpressleadpro.net/ https://*.xpresspaymentservice.com/ https://xpresspaymentservice.com/ https://*.exhibitoremails.com/ https://*.cdsdatasense.Com/ *.digicert.com/ https://*.twimg.com/ https://*.adroll.com/ https://*.ingo.me/ https://ingo.me/ https://*.facebook.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.ads-twitter.com/ https://*.olark.com/ https://*.google.com/ https://*.twitter.com/ https://*.googleadservices.com/ https://*.googletagmanager.com/ https://*.feathr.co/ https://ads.yahoo.com/ https://*.adsrvr.org/ https://*.cloudfront.net/ https://*.lytics.io/ https://hotel-widget-files.s3.amazonaws.com/ https://abm-assets.s3.amazonaws.com/ https://s3.amazonaws.com/ https://settings.luckyorange.net/ https://*.onpeak.com/ https://assets.adobedtm.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.melissadata.net/ https://*.acs.org/ https://js.hs-scripts.com/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://forms.hubspot.com/ https://*.xpressreg.local/ https://*.hscollectedforms.net/ https://*.marketo.net/ https://*.gstatic.com/ https://*.addthis.com/ https://app.webreg.me/ https://dpm.demdex.net/ https://acswso.tt.omtrdc.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.linkedin.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://pixel-a.basis.net/ https://pixel.sitescout.com/ https://*.bing.com/ https://*.simplymeasured.com/ https://*.walkme.com/ https://*.dpmsrv.com/ https://*.marinsm.com/ https://*.prfct.co/ https://*.adnxs.com/ https://*.rlcdn.com/ https://*.youtube.com/ https://tags.tiqcdn.com/ https://*.informz.net/ https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.hubapi.com https://*.olark.com https://invt.io https://*.hotjar.com https://*.appcues.com wss://*.appcues.net https://*.aimtell.com/ https://hotelmap.com/  https://*.hotelmap.com/; img-src * data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.olark.com js.stripe.com *.visualwebsiteoptimizer.com *.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
frame-ancestors 'self' *.civilwar.org http://virtual-tour.civilwar.org *.battlefields.org http://virtual-tour.battlefields.org 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com; style-src 'self' 'unsafe-inline' *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com; img-src * data:; font-src 'self' *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com;  media-src * 'unsafe-inline'; frame-src 'self' *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org  go.ceridian.com 2
script-src 'self' smetrics1.experian.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com tagmanager.google.com *.doubleclick.net *.youtube.com *.analytics.yahoo.com *.appdynamics.com cdn.appdynamics.com *.facebook.net *.discover.com *.btstatic.com *.thebrighttag.com *.visualwebsiteoptimizer.com *.cloudflare.com *.clicktale.net *.siteimproveanalytics.com siteimproveanalytics.com *.pendo.io *.heapanalytics.com *.websecurity.norton.com nexus.ensighten.com *.aexp-static.com service.maxymiser.net omns.americanexpress.com lptag.liveperson.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 2
frame-ancestors 'self' http://*.mocospace.com https://*.mocospace.com; base-uri 'none' 2
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2
default-src 'self' data:               https://*.salesforceliveagent.com                  https://assets.adobedtm.com                  https://*.walmartmoneycard.com                   https://*.walmart.com                    https://*.typekit.net                     https://ds.reson8.com                      https://*.typekit.com                   https://*.gdottrk.com                  https://*.msn.com                  https://*.bing.com                 https://*.iesnare.com                   https://*.yimg.com                      https://*.facebook.com                       https://*.omtrdc.net                                       https://*.gstatic.com                      https://*.greendot.com                      https://*.xg4ken.com                    https://*.doubleclick.net                    http://*.adobedtm.com                          https://*.vimeo.com                     https://*.google.com                     https://*.advertising.com                     https://*.google-analytics.com                   https://*.chango.com                     http://*.facebook.net                      https://*.fastclick.net                     https://*.googleadservices.com                     https://*.googleapis.com                      http://*.bbb.org                      https://*.iovation.com;                                  img-src 'self' data:                 https://*.force.com                  https://*.google-analytics.com                    https://*.walmart.com                     https://*.typekit.net                     https://*.walmartmoneycard.com                     https://*.greendot.com                     https://stats.g.doubleclick.net                     https://seal.thawte.com                    https://*.upsellit.com                   https://*.adobe.com                    https://www.facebook.com                     https://www.google.com                   https://googleads.g.doubleclick.net                  https://*.bing.com;                                   child-src 'self'                  https://ds.reson8.com                     https://*.google.com                    https://*.doubleclick.net                    https://*.cdn-gdc.com                    https://*.youtube.com                  https://*.pegacloud.net                 https://*.adsrvr.org;                                  style-src 'self' 'unsafe-inline' 'unsafe-eval'                       https://*.googleapis.com                  https://*.typekit.com                    https://*.typekit.net;                                  script-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://*.salesforceliveagent.com                 https://assets.adobedtm.com                  https://*.google-analytics.com                     https://*.doubleclick.net                    https://*.yahoo.com                     https://*.google.com                    https://*.adobedtm.com                         https://*.yimg.com                       https://*.googleapis.com                  https://*.facebook.com                    https://*.googleadservices.com                     https://*.iesnare.com                     https://*.bing.com                     https://*.typekit.com                    https://*.typekit.net                     https://*.facebook.net                  https://*.tt.omtrdc.net                  http://*.tt.omtrdc.net                  https://widgets.twimg.com                   https://seal.thawte.com                     https://*.youtube.com                    https://s.ytimg.com                    https://configusa.veinteractive.com                    https://ots.optimize.webtrends.com                   https://*.greendot.com                    https://*.iovation.com                   https://*.gstatic.com                  https://www.googletagmanager.com                 https://*.xg4ken.com                 https://*.adsrvr.org;                                font-src 'self' data:                    https://*.typekit.com                     https://*.typekit.net                      https://*.gstatic.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com  www.bpost2.be bpaid.unfyd.com mediahuisassets.akamaized.net cdn.cxense.com scomcluster.cxense.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net privacyportal-de.onetrust.com cdn.cookielaw.org; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com track.bpost.cloud track.bpost.be; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com comcluster.cxense.com track.bpost.cloud track.bpost.be optanon.blob.core.windows.net cdn.cookielaw.org; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com bpaid.bpost.be track.bpost.cloud track.bpost.be; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be  cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com track.bpost.cloud track.bpost.be; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2 track.bpost.cloud track.bpost.be; report-uri /nl/report-csp-violation 2
default-src 'self' https://www.koodomobile.com https://koodomobile.com https://b.koodomobile.com https://du4n2wiaamtmk.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com https://nexus.ensighten.com https://assets.adobedtm.com telus.tt.omtrdc.net https://www.google.com https://www.youtube.com https://*.demdex.net https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.qualtrics.com https://dev.visualwebsiteoptimizer.com https://*.newrelic.com https://bam.nr-data.net https://static.ada.support https://koodo.ca.ada.support https://koodo-development.ca.ada.support https://cm.everesttech.net https://*.adgear.com https://mobility.telus.com https://koodo.sds.modeaondemand.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://www.koodomobile.com https://koodomobile.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https://www.koodomobile.com https://koodomobile.com https://maps.gstatic.com https://maps.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.facebook.com https://b.koodomobile.com https://*.ensighten.com https://*.google-analytics.com https://*.youtube.com https://i.imgur.com https://static.ada.support; 2
frame-ancestors 'self' http://intacct.lookbookhq.com https://intacct.lookbookhq.com http://go.intacct.com https://go.intacct.com http://go.sageintacct.com https://go.sageintacct.com; 2
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; object-src *.youtube.com *.bell.ca *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com 'self'; frame-ancestors *.bell.ca *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com 2
default-src blob: data: https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2
default-src 'self' data: *.coop.co.uk *.optimizely.com s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.optimizely.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk; style-src * 'unsafe-inline'; img-src 'self' data: *.google.co.uk *.google.ie *.ensighten.com *.optimizely.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com; font-src 'self' *.optimizely.com s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://forms.office.com https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.optimizely.com *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src *.algolia.net *.algolianet.com *.optimizely.com; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
frame-ancestors 'self' api.sheetmusicdirect.com 2
default-src 'self' 'unsafe-eval' *.tgdd.vn *.thegioididong.com *.dienmayxanh.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https: data:; font-src data: 'self' https:; frame-src 'self' https://*.hotjar.com https://thegioididong.typeform.com https://*.sociaplus.com https://googleads.g.doubleclick.net https://*.youtube.com https://youtube.com https://*.doubleclick.net *.facebook.com *.google.com *.tgdd.vn *.thegioididong.com; media-src 'self' *.youtube.com youtube.com *.tgdd.vn *.thegioididong.com *.dienmayxanh.com; connect-src 'self' https://track.accesstrade.vn https://*.ecotrackings.com https://*.delighted.com https://*.useinsider.com https://*.sociaplus.com *.thegioididong.com *.tgdd.vn wss://rtm.thegioididong.com *.facebook.com *.googleapis.com *.google-analytics.com https://*.crazyegg.com https://*.hotjar.com; manifest-src 'self' https:; object-src 'self' 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://usagym.hqam6nre-liquidwebsites.com; 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.crazyegg.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com 2
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 2
frame-ancestors 'self' *.promoplace.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://d2oh4tlt9mrke9.cloudfront.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://p.typekit.net https://service.maxymiser.net https://ssl.google-analytics.com https://tagmanager.google.com https://ws.sessioncam.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com;object-src https://*.avalonbay.com https://*.avaloncommunities.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://tagmanager.google.com https://use.typekit.net;img-src 'self' data: *.avaloncommunities.com *.avalonbay.com *.azureedge.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com;media-src 'none';frame-src 'self' *.avaloncommunities.com *.avalonbay.com https://bid.g.doubleclick.net https://*.merchante-solutions.com https://service.maxymiser.net https://www.youtube.com;font-src data: *.avaloncommunities.com https://fonts.gstatic.com https://use.typekit.net;connect-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.merchante-solutions.com https://ws.sessioncam.com https://www.google-analytics.com;base-uri 'self';child-src 'self' https://*.avalonbay.com;form-action 'self';frame-ancestors 'none';plugin-types application/pdf;report-uri https://api.avalonbay.com/report/csp 2
'self'; 2
frame-ancestors 'self' mediate.com *.mediate.com ; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; frame-ancestors * 'self' 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri http://main.acsevents.org/site/XFrameViolation 2
default-src 'self' data: http://127.0.0.1:50005 http://127.0.0.1:51505 http://127.0.0.1:53005 http://127.0.0.1:54505 http://127.0.0.1:56005 https://127.0.0.1:50005 https://127.0.0.1:51505 https://127.0.0.1:53005 https://127.0.0.1:54505 https://127.0.0.1:56005 ws://127.0.0.1:50005 ws://127.0.0.1:51505 ws://127.0.0.1:53005 ws://127.0.0.1:54505 ws://127.0.0.1:56005 wss://127.0.0.1:50005 wss://127.0.0.1:51505 wss://127.0.0.1:53005 wss://127.0.0.1:54505 wss://127.0.0.1:56005 https://local.get-scatter.com:50006 https://local.get-scatter.com:51506 https://local.get-scatter.com:53006 https://local.get-scatter.com:54506 https://local.get-scatter.com:56006 wss://local.get-scatter.com:50006 wss://local.get-scatter.com:51506 wss://local.get-scatter.com:53006 wss://local.get-scatter.com:54506 wss://local.get-scatter.com:56006 ws://*.bigone.com ws://*.big.one ws://*.b1.run wss://beta.big.zone wss://*.bigone.com wss://*.big.one wss://bigone.com wss://big.one wss://*.b1.run wss://b1.run wss://*.b1.cab wss://*.b1.land stats.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.zdassets.com https://static.zdassets.com https://ekr.zdassets.com https://bigone.zendesk.com wss://bigone.zendesk.com wss://*.zopim.com *.big.zone *.bigone.com *.big.one *.b1.run *.pxn.one *.peatio.com *.geetest.com www.google-analytics.com *.newrelic.com bam.nr-data.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.zendesk.com api.eossweden.org node2.eosphere.io relay.get-scatter.com wss://widget-mediator.zopim.com https://v2assets.zopim.io 'unsafe-inline' 'unsafe-eval' 2
default-src *; frame-ancestors https://*.qmee.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://bam.nr-data.net https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://tpc.googlesyndication.com https://d3t2iypqerjd0u.cloudfront.net http: https:; style-src * 'unsafe-inline' 2
default-src 'none'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net; connect-src https: wss: 'self' www.gov.uk yoast.com *.hotjar.com; img-src https: 'self' data: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com; style-src https: 'self' 'unsafe-inline' djtflbt20bdde.cloudfront.net fonts.googleapis.com; frame-src https: 'self' www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com; font-src https: 'self' data: fonts.gstatic.com; media-src https: 'self' media.nominet.uk; frame-ancestors 'self'; base-uri 'self' *.helpscout.net; form-action 'self' *.theukdomain.uk forms.hsforms.com; object-src 'self' *.cloudfront.net; manifest-src 'self'; 2
default-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com; child-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com; frame-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com; img-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com; script-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com; connect-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com ws: wss:; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 2
script-src 'self'; 2
frame-src https://riksbanken.solidtango.com https://web103.reachmee.com https://www.riksbank.se https://www.google.com https://www.riksdagen.se https://vars.hotjar.com bankid: 2
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 2
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; img-src https:; style-src https: 'unsafe-inline'; 2
frame-ancestors 'self' *.wildberries.kz 2
child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 2
default-src *.antarctica.gov.au *.aad.gov.au ausantarctic.createsend.com data: *.jwpcdn.com jwpltx.com 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 2
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io; frame-ancestors 'self' *.gaoding.com god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com www.huodongxing.com www.365editor.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://pnew.365editor.com http://pwww.365editor.com http://new.365editor.com https://new.365editor.com https://ex.365editor.com http://ex.365editor.com http://www.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: 2
frame-ancestors 'self' https://*.breuninger.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
upgrade-insecure-requests; frame-ancestors 'none' 2
frame-ancestors https://www.niagahoster.co.id/ https://panel.niagahoster.co.id/ 2
frame-ancestors 'self' *.amazonaws.com *.expo2020dubai.com assetscdn.stackla.com *.thinglink.com 2
frame-ancestors 'self' *.onlinepersonalmessages.com *.safe-cashier.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com 888casino.com 888poker.com 888casino.dk 888poker.dk 888casino.ro 888poker.ro 888casino.se 888poker.se 888casino.es 888poker.es 888casino.it 888poker.it 888casino.us 888poker.us cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://admin.df.eu/ https://analytics.aklamio.com https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aklamio.com https://*.doubleclick.net https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 2
default-src * 'self' data: 'unsafe-inline'; 2
base-uri 'self';connect-src 'self';default-src 'none';font-src 'self';frame-ancestors 'none';img-src data: 'self';manifest-src 'self';media-src 'self';object-src 'none';script-src https://cdn.ampproject.org 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://hypothes.is https://cdn.hypothes.is https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://ajax.googleapis.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://js.hscollectedforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.hypothes.is https://platform.twitter.com https://ton.twimg.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.hypothes.is; 2
frame-ancestors https://*.news.at http://*.news.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; frame-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com youtube.com *.youtube.com; font-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; img-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google-analytics.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; connect-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google.com; report-uri https://sentry.io/api/1438092/security/?sentry_key=c4f9287549384b1ebab3ca38ac17a0d3 2
default-src 'self'; child-src 'self' blob: https://content.googleapis.com https://www.googletagmanager.com/ns.html; connect-src 'self' https://siteintercept.qualtrics.com https://atlas.microsoft.com https://www.google-analytics.com https://events.glasgowlife.org.uk https://plus.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://babm.texthelp.com https://dc.services.visualstudio.com; font-src 'self' 'unsafe-inline' data: https://atlas.microsoft.com https://fonts.gstatic.com https://fonts.googleapis.com https://fast.fonts.net; frame-src 'self' https://player.vimeo.com https://www.youtube.com; img-src 'self' blob: data: https://atlas.microsoft.com https://gl-events.s3.amazonaws.com https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://gl-wip-portal-cache.azureedge.net https://gl-test-portal-cache.azureedge.net https://gl-prod-portal-cache.azureedge.net https://glwipportal.blob.core.windows.net https://gltestportal.blob.core.windows.net https://glwipportal.blob.core.windows.net https://glprodportal.blob.core.windows.net https://glportalprodblob.blob.core.windows.net https://glportalv2qablobfront.blob.core.windows.net https://glportalv2prodblob.blob.core.windows.net https://events.glasgowlife.org.uk https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.gravatar.com https://plus.browsealoud.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://*.speechstream.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://apis.google.com https://atlas.microsoft.com https://www.browsealoud.com https://plus.browsealoud.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://fast.fonts.net https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://atlas.microsoft.com https://fonts.googleapis.com https://fast.fonts.net https://plus.browsealoud.com https://tagmanager.google.com; report-uri https://stormid.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 2
default-src https: data: 'unsafe-inline' 2
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src static.ycx.santander.pl https://static3.santander.pl https://stats.g.doubleclick.net https://www.facebook.com https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://www.googletagmanager.com www.google.com www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://cloud.webankieta.pl https://formularze.santander.pl https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://static.ycx.santander.pl https://datacloud.tealiumiq.com https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.static.ycx.santander.pl https://www.script.crazyegg.com static.ycx.santander.pl https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://maps.googleapis.com http://static.ycx.santander.pl http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://user-event-tracker.crazyegg.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://static.ycx.santander.pl https://www.googletagmanager.com https://www.google-analytics.com http://script.crazyegg.com http://www.static.ycx.santander.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://www.google-analytics.com https://collect.tealiumiq.com https://my.tealiumiq.com 'self' 2
script-src 'self' https://flat.io https://*.flat.io https://*.flat-cdn.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://*.youtube.com https://*.ytimg.com https://w.soundcloud.com https://player.vimeo.com https://*.stripe.com https://*.algolianet.com https://*.algolia.net 'unsafe-inline' 'unsafe-eval' data: blob:;connect-src * wss://* data:;font-src 'self' https://*.flat-cdn.com https://fonts.gstatic.com;frame-src blob: *;base-uri https://flat.io https://*.flat.io;report-uri https://peoc.flat.io/api/25/csp-report/?sentry_version=5&sentry_key=24549ed8ab89447988b5ffba60385de7 2
frame-ancestors https://*.shapeamerica.org 2
default-src 'self' 'unsafe-inline' blob: *.disquscdn.com disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.freeagent.com *.fre.ag *.googleapis.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.getdrip.com *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.disqus.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.disquscdn.com disqus.com *.wistia.com *.wistia.net www.gstatic.com www.google.com www.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org uk.bookingbug.com www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net optimize.google.com js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/; img-src data: blob: *; frame-src 'self' *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com disqus.com *.addthis.com embedwistia-a.akamaihd.net uk.bookingbug.com www.youtube.com www.google.com *.disquscdn.com widget.trustpilot.com *.googletagmanager.com optimize.google.com widget-prime.rafflecopter.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com *.disquscdn.com *.twitter.com *.twimg.com tagmanager.google.com hello.myfonts.net optimize.google.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' data: *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com uk.bookingbug.com *.addthis.com *.freeagent.com *.fre.ag *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com; object-src 'self' embedwistia-a.akamaihd.net; report-uri https://freeagent.report-uri.com/r/d/csp/enforce 2
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' embedsocial.com www.google-analytics.com ajax.googleapis.com www.publicalbum.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com 2
img-src 'self' https://*.stripe.com https://analytics.freedom.press https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://freedom.press; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com; default-src 'self'; frame-src 'self' https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; connect-src 'self' https://checkout.stripe.com; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; style-src 'self' 'unsafe-inline' https: ; frame-ancestors 'self' https://masterhost.ru https://*.masterhost.ru http://webvisor.com http://*.mtproxy.yandex.net https://mc.yandex.ru; frame-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; font-src 'self' https: ; img-src data: 'self' https: ; connect-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; 2
frame-ancestors www.johnmuirhealth.com shareeverywhere.epic.com shareeverywhere-np.et0084.epichosted.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 2
img-src 'self' https://*.museum.wales *.museum.wales https://museum.wales museum.wales https://amgueddfa.cymru amgueddfa.cymru https://www.google-analytics.com www.google-analytics.com https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com https://p.travelsmarter.net p.travelsmarter.net https://www.tripadvisor.co.uk www.tripadvisor.co.uk blob: data:; script-src 'self' https://museum.wales museum.wales https://*.museum.wales *.museum.wales https://amgueddfa.cymru amgueddfa.cymru https://unpkg.com unpkg.com https://www.youtube.com www.youtube.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://*.googleapis.com *.googleapis.com https://platform.twitter.com platform.twitter.com https://s.ytimg.com s.ytimg.com https://static.tacdn.com static.tacdn.com https://www.tripadvisor.com www.tripadvisor.com 'unsafe-inline'; 2
script-src https://file3.noormags.ir https://www.google-analytics.com https://www.googletagmanager.com https://z.moatads.com https://m.addthis.com https://api-public.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://www.linkedin.com https://certificate.iwmf.ir https://c.iwmf.ir 'unsafe-inline' 'unsafe-eval'; 2
base-uri 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; default-src https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.linkedin.com https://maps.googleapis.com https://player.vimeo.com fonts.googleapis.com maps.gstatic.com fonts.gstatic.com 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.servicebot.io https://js.stripe.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com; report-uri https://sentry.io/api/1802316/security/?sentry_key=76e8c0749e7e4d3cabda7b50753c398c 2
default-src 'self'; img-src 'self' medstatix.co stats.g.doubleclick.net www.google-analytics.com maps.gstatic.com data:; script-src 'self' 'unsafe-inline'  *.googleapis.com www.google-analytics.com; frame-src www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; frame-ancestors 'none'; base-uri 'none'; form-action 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu; 2
frame-ancestors 'self'; script-src 'unsafe-inline' 'self' blob: 2
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; object-src https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; form-action https:; connect-src https: wss: blob:; base-uri 'self';font-src data: https:; img-src data: https: blob:; block-all-mixed-content; 2
default-src https: 'unsafe-inline' data: 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' *.uhasselt.be enquete.agconsult.com https://cdn.jsdelivr.net/npm/ https://stream.livemedia.net/obfs www.google-analytics.com *.twitter.com *.twimg.com * fast.fonts.net *.delijn.be img.youtube.com *.gstatic.com *.getflowbox.com *.google.com;script-src 'self'  'unsafe-eval' 'unsafe-inline' enquete.agconsult.com https://cdn.jsdelivr.net/npm/ https://stream.livemedia.net/obfs www.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com  cdn.syndication.twimg.com *.getflowbox.com *.delijn.be fast.fonts.net https://siteimproveanalytics.com *.addthis.com  *.addthisedge.com *.facebook.com *.linkedin.com *.issuu.com *.google.com *.googletagmanager.com *.folders.eu connect.facebook.net *.amcharts.com;img-src * data:;connect-src *;media-src *;frame-src *.uhasselt.be *.google.be https://cdn.jsdelivr.net/npm/ *.addthis.com https://stream.livemedia.net/obfs *.clickdimensions.com https://uhasselt-uf.be/ https://www.surveygizmo.com *.twitter.com *.twimg.com  *.issuu.com *.delijn.be *.youtube.com https://siteimproveanalytics.com *.google.com *.folders.eu https://script.google.com/macros/s/AKfycbwDa0K00fdLIaHvDQ9i6OFF6RBjz0kBQv4vc9eXHzpxLuVSBs9Z/exec https://hetmeestmemorabele100dagenfeest.be https://demeestmemorabelechrysostomos.be http://xmos.preflight.space/ *.amcharts.com;frame-ancestors *.uhasselt.be https://cdn.jsdelivr.net/npm/ *.google.com https://stream.livemedia.net/obfs https://uhasselt-uf.be/ https://www.surveygizmo.com https://siteimproveanalytics.com *.twitter.com  *.twimg.com *.delijn.be http://*.abmtrans.eu http://abmtrans.eu http://*.mobitwist.be http://mobitwist.be; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 2
default-src 'self';frame-ancestors gtai.de *.gtai.de *.init-ag.de 'self';frame-src  gtai.de *.gtai.de *.init-ag.de app.datawrapper.de datawrapper.dwcdn.net https://www.youtube.com/ https://www.surveymonkey.de/ 'self';style-src  gtai.de *.gtai.de *.init-ag.de 'unsafe-inline';img-src    *.contentstream.de gtai.de *.gtai.de *.init-ag.de jwpltx.com *.webtrekk.net *.crazyegg.com i.ytimg.com api.mapbox.com data: 'unsafe-inline';script-src gtai.de *.gtai.de *.init-ag.de *.webtrekk.de *.webtrekk.com *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ ajax.googleapis.com/ajax/libs/jquery/1.8.2/ vjs.zencdn.net/5.9.2/ https://ssl.p.jwpcdn.com/ cdn.rawgit.com api.mapbox.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';font-src   gtai.de *.gtai.de *.init-ag.de data: 'self';media-src  *.contentstream.de gtai.de *.gtai.de *.init-ag.de blob: 'self';connect-src *.crazyegg.com 'self';report-uri /blueprint/servlet/service/csp-report 2
default-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com; img-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com data:; connect-src 'self'; script-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline'; style-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline' 2
default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src https://*.youtube.com/ https://*.oxy.com  https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 2
default-src 'none'; report-uri https://pfeprod.report-uri.com/r/t/csp/enforce; connect-src 'self' https://1vrf04rusa.execute-api.eu-west-1.amazonaws.com/ https://223i44638a.execute-api.eu-west-1.amazonaws.com/ https://6q7zxrfi35.execute-api.eu-west-1.amazonaws.com/ https://appsapi.veinteractive.com/api/ https://backend-dar.poc.digitalpfizer.com/ https://brightcove.hs.llnwd.net/ https://code.jquery.com/ https://cookiee1.veinteractive.com/api/ https://drs2.veinteractive.com/ https://edge.api.brightcove.com/playback/ https://f1.media.brightcove.com/ https://geoip-js.maxmind.com/geoip/v2.1/country/ https://hcp-grv-staging.digitalpfizer.com/ https://in.hotjar.com/api/v2/client/sites/ https://loremflickr.com/ https://metrics.articulate.com/ https://metrics.brightcove.com/ https://newton-api.eu.cloudhub.io https://pfe-dse-dar-poc.auth.us-east-1.amazoncognito.com/ https://pfizer.sc.omtrdc.net/ https://pkg-cdn.digitalpfizer.com/ https://secure.brightcove.com/services/mobile/streaming/ https://sessionapi.veinteractive.com/ https://storybook.js.org/ https://vlswbkfag3.execute-api.eu-west-1.amazonaws.com/ https://vc.hotjar.io/views/ https://www.google-analytics.com/ https://www.facebook.com/; font-src 'self' data: https://cdnjs.cloudflare.com/ https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net/ https://fast.fonts.net/dv2/1 https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://pfcopayoffers-stage.pfizersite.io/ https://pkg-cdn.digitalpfizer.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com/releases/ https://vjs.zencdn.net/ https://use.typekit.net/; frame-src 'self' https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/ https://config1.veinteractive.com/ https://l3.evidon.com/ https://platform.twitter.com/ https://players.brightcove.net/ https://player.vimeo.com/ https://player.vimeo.com/video https://staticxx.facebook.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://v5.organimi.com/ https://where-to-buy.co/ https://www.facebook.com/ https://www.google.com/maps/ https://www.youtube.com/; img-src 'self' data: https://a.volvelle.tech https://ad.yieldlab.net/ https://ads.converge-digital.com/ https://assets.edison.sh/ https://brightcove.hs.llnwd.net https://c.evidon.com/sitenotice/images/ https://cm.adform.net/ https://cookiee1.veinteractive.com/ https://cookieu2.veinteractive.com/ https://drs2.veinteractive.com/ https://f1.media.brightcove.com/ https://googleads.g.doubleclick.net/pagead/ https://ib.adnxs.com/ https://img.shields.io/ https://l.betrad.com/ https://match.taboola.com/ https://metrics.brightcove.com/ https://pfcopayoffers-stage.pfizersite.io/ https://pfizer.122.2o7.net/ https://pfizer.sc.omtrdc.net/ https://picsum.photos/ https://pkg-cdn.digitalpfizer.com/ https://secure.adnxs.com/ https://ssl.google-analytics.com/ https://stats.g.doubleclick.net/ https://sync.1rx.io/ https://sync.outbrain.com/ https://sync.search.spotxchange.com/ https://t.co/ https://t.visx.net/ https://x.bidswitch.net/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.ac/ https://www.google.ad/ https://www.google.ae/ https://www.google.com.af/ https://www.google.com.ag/ https://www.google.com.ai/ https://www.google.al/ https://www.google.am/ https://www.google.co.ao/ https://www.google.com.ar/ https://www.google.as/ https://www.google.at/ https://www.google.com.au/ https://www.google.az/ https://www.google.ba/ https://www.google.com.bd/ https://www.google.be/ https://www.google.bf/ https://www.google.bg/ https://www.google.com.bh/ https://www.google.bi/ https://www.google.bj/ https://www.google.com.bn/ https://www.google.com.bo/ https://www.google.com.br/ https://www.google.bs/ https://www.google.bt/ https://www.google.co.bw/ https://www.google.by/ https://www.google.com.bz/ https://www.google.ca/ https://www.google.com.kh/ https://www.google.cc/ https://www.google.cd/ https://www.google.cf/ https://www.google.cat/ https://www.google.cg/ https://www.google.ch/ https://www.google.ci/ https://www.google.co.ck/ https://www.google.cl/ https://www.google.cm/ https://www.google.cn/ https://www.g.cn/ https://www.google.com.co/ https://www.google.co.cr/ https://www.google.com.cu/ https://www.google.cv/ https://www.google.com.cy/ https://www.google.cz/ https://www.google.de/ https://www.google.dj/ https://www.google.dk/ https://www.google.dm/ https://www.google.com.do/ https://www.google.dz/ https://www.google.com.ec/ https://www.google.ee/ https://www.google.com.eg/ https://www.google.es/ https://www.google.com.et/ https://www.google.fi/ https://www.google.com.fj/ https://www.google.fm/ https://www.google.fr/ https://www.google.ga/ https://www.google.ge/ https://www.google.gf/ https://www.google.gg/ https://www.google.com.gh/ https://www.google.com.gi/ https://www.google.gl/ https://www.google.gm/ https://www.google.gp/ https://www.google.gr/ https://www.google.com.gt/ https://www.google.gy/ https://www.google.com.hk/ https://www.google.hn/ https://www.google.hr/ https://www.google.ht/ https://www.google.hu/ https://www.google.co.id/ https://www.google.iq/ https://www.google.ie/ https://www.google.co.il/ https://www.google.im/ https://www.google.co.in/ https://www.google.io/ https://www.google.is/ https://www.google.it/ https://www.google.je/ https://www.google.com.jm/ https://www.google.jo/ https://www.google.co.jp/ https://www.google.co.ke/ https://www.google.ki/ https://www.google.kg/ https://www.google.co.kr/ https://www.google.com.kw/ https://www.google.kz/ https://www.google.la/ https://www.google.com.lb/ https://www.google.com.lc/ https://www.google.li/ https://www.google.lk/ https://www.google.co.ls/ https://www.google.lt/ https://www.google.lu/ https://www.google.lv/ https://www.google.com.ly/ https://www.google.co.ma/ https://www.google.md/ https://www.google.me/ https://www.google.mg/ https://www.google.mk/ https://www.google.ml/ https://www.google.com.mm/ https://www.google.mn/ https://www.google.ms/ https://www.google.com.mt/ https://www.google.mu/ https://www.google.mv/ https://www.google.mw/ https://www.google.com.mx/ https://www.google.com.my/ https://www.google.co.mz/ https://www.google.com.na/ https://www.google.ne/ https://www.google.com.nf/ https://www.google.com.ng/ https://www.google.com.ni/ https://www.google.nl/ https://www.google.no/ https://www.google.com.np/ https://www.google.nr/ https://www.google.nu/ https://www.google.co.nz/ https://www.google.com.om/ https://www.google.com.pk/ https://www.google.com.pa/ https://www.google.com.pe/ https://www.google.com.ph/ https://www.google.pl/ https://www.google.com.pg/ https://www.google.pn/ https://www.google.co.pn/ https://www.google.com.pr/ https://www.google.ps/ https://www.google.pt/ https://www.google.com.py/ https://www.google.com.qa/ https://www.google.ro/ https://www.google.rs/ https://www.google.ru/ https://www.google.rw/ https://www.google.com.sa/ https://www.google.com.sb/ https://www.google.sc/ https://www.google.se/ https://www.google.com.sg/ https://www.google.sh/ https://www.google.si/ https://www.google.sk/ https://www.google.com.sl/ https://www.google.sn/ https://www.google.sm/ https://www.google.so/ https://www.google.st/ https://www.google.sr/ https://www.google.com.sv/ https://www.google.td/ https://www.google.tg/ https://www.google.co.th/ https://www.google.com.tj/ https://www.google.tk/ https://www.google.tl/ https://www.google.tm/ https://www.google.to/ https://www.google.tn/ https://www.google.com.tr/ https://www.google.tt/ https://www.google.com.tw/ https://www.google.co.tz/ https://www.google.com.ua/ https://www.google.co.ug/ https://www.google.co.uk/ https://www.google.com.uy/ https://www.google.co.uz/ https://www.google.com.vc/ https://www.google.co.ve/ https://www.google.vg/ https://www.google.co.vi/ https://www.google.com.vn/ https://www.google.vu/ https://www.google.ws/ https://www.google.co.za/ https://www.google.co.zm/ https://www.google.co.zw/ https://www.gstatic.com/ https://ad.360yield.com/ https://bh.contextweb.com/ https://cm.g.doubleclick.net/ https://i.liadm.com/ https://pixel.advertising.com/ https://rtb-csync.smartadserver.com/ https://sync.teads.tv/ https://sync-eu.connectad.io/ https://trc.taboola.com/; manifest-src 'self'; media-src 'self' blob: data: https://f1.media.brightcove.com/ https://secure.brightcove.com/services/mobile/streaming/; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://a.volvelle.tech/ https://ajax.googleapis.com/ajax/ https://analytics.twitter.com/ https://assets.adobedtm.com/ https://assets.edison.sh/ https://cdnjs.cloudflare.com/ https://c.betrad.com/ https://c.evidon.com/ https://code.jquery.com/ https://connect.facebook.net/ https://cookies.pfizer.com/ https://config1.veinteractive.com/ https://fast.fonts.net/jsapi/ https://googleads.g.doubleclick.net/ https://js.maxmind.com/js/apis/geoip2/v2.1/ https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maxcdn.bootstrapcdn.com/ https://pfcopayoffers-stage.pfizersite.io/ https://pkg-cdn.digitalpfizer.com/ https://platform.twitter.com/ https://players.brightcove.net/ https://player.vimeo.com/ https://player.vimeo.com/api/ https://px.veinteractive.com/ https://s3.amazonaws.com/docs.gcs.digitalpfizer.com/ https://s3.amazonaws.com/pfe_im/ https://s.ytimg.com/yts/jsbin/ https://sadmin.brightcove.com/js/ https://script.hotjar.com/ https://ssl.google-analytics.com/ https://static.ads-twitter.com/ https://static.hotjar.com/c/ https://tpc.googlesyndication.com/sodar/ https://vjs.zencdn.net/vttjs/ https://www.geoplugin.net/ https://www.googleadservices.com/pagead/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.gstatic.com/charts/ https://www.youtube.com/player_api; style-src 'self' 'unsafe-inline' https://assets.edison.sh/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://cookies.pfizer.com/ https://fast.fonts.net/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://p.typekit.net/ https://pfcopayoffers-stage.pfizersite.io/ https://pfredirect.pfizersite.io/files/fonts/ https://pkg-cdn.digitalpfizer.com/ https://px.veinteractive.com/ https://s3.amazonaws.com/docs.gcs.digitalpfizer.com/ https://stackpath.bootstrapcdn.com/ https://use.typekit.net/ https://www.gstatic.com/charts/; worker-src 'self' blob: 2
default-src 'self' 'unsafe-inline' * data: http: https: wss:; img-src * data: mediastream: blob: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; frame-ancestors 'self'; 2
default-src 'self' disqus.com *.disquscdn.com accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.ytimg.com vimeo.com *.statcounter.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com disqus.com *.disqus.com *.disquscdn.com *.twitter.com *.statcounter.com *.doubleclick.net connect.facebook.net *.twimg.com *.linkedin.com *.bizographics.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.disqus.com disqus.com *.disquscdn.com *.twitter.com; img-src 'self' data: images.ctfassets.net downloads.ctfassets.net *.google-analytics.com *.sidn.nl *.sidnlabs.nl *.googleapis.com *.gstatic.com vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com *.disqus.com *.disquscdn.com *.viglink.com *.statcounter.com *.twimg.com *.twitter.com *.doubleclick.net www.facebook.com *.linkedin.com; frame-src 'self' *.google.com *.vimeo.com www.youtube.com disqus.com www.facebook.com; font-src 'self' *.gstatic.com data: vimeo.com; connect-src 'self' vimeo.com *.sidn.nl *.usmedia.nl *.recruitee.com *.disqus.com 2
default-src 'self'; img-src * blob:; frame-src 'self' www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' dmaps.daum.net t1.daumcdn.net s1.daumcdn.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' s1.daumcdn.net fonts.googleapis.com t1.daumcdn.net; font-src 'self' fonts.gstatic.com; 2
default-src 'self' https://cdn.zp.ru https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.zarplata.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru googleads.g.doubleclick.net *.gstatic.com https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru  data: https://i.giphy.com https://media.giphy.com  https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com  https://gum.criteo.com  https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://supportzarplata.zendesk.com  avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net https://static.zdassets.com ; child-src 'self' *.zarplata.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://yastatic.net https://www.youtube.com https://reklama.ngs.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://www.google.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.ngs.ru; script-src 'self' https://www.googleadservices.com https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.ngs.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net  https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com *.segmentstream.com https://cdn.onesignal.com https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.facebook.net https://*.facebook.com https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com https://*.maps.yandex.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data: https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src  'self' https://*.zp.ru https://*.zarplata.ru https://sentry.zp.ru https://api.content.zp.ru https://*.zarplata.ru https://top-fwz1.mail.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://ngsrabota.kz ws://kek.zp.ru https://vk.com/rtrg  *.segmentstream.com https://stats.g.doubleclick.net https://*.facebook.com https://onesignal.com https://supportzarplata.zendesk.com  https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com an.yandex.ru mc.yandex.ru yandex.st yastatic.net ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; report-uri https://publiczpru.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 2
default-src 'self' ; connect-src 'self' https://*.cornelsen.de ; font-src 'self' https://*.cornelsen.de ; frame-src https://www.googletagmanager.com/ns.html 'self' https://*.cornelsen.de https://www.google.com/recaptcha/ https://www.youtube.com https://w.soundcloud.com https://docs.google.com/gview ; img-src https://www.econda-monitor.de https://monitor.econda-monitor.de https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 'self' https://*.cornelsen.de data: ; object-src 'none' ; script-src https://monitor.econda-monitor.de https://www.googletagmanager.com https://tagmanager.google.com 'self' https://*.cornelsen.de 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' https://*.cornelsen.de 'unsafe-inline' ; base-uri 'self' ; form-action 'self' ; frame-ancestors 'self' ; report-uri /__csp-report ; 2
frame-ancestors https://www.particulares.santandertotta.pt 'self'; 2
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ *.optimizely.com www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; frame-src 'self' *.adform.net *.optimizely.com *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com *.trbo.com toom18int42.cdn.pslsrv.com; object-src 'self'; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src https: blob:; report-uri https://wunderio.report-uri.com/r/d/csp/enforce 2
default-src 'none'; child-src 'self' https://navigate.portofrotterdam.com blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://bam.nr-data.net https://hbr-hm-portmaps-service-prod.eu-gb.mybluemix.net https://api.mapbox.com https://theemswegtraceheadless.s3.amazonaws.com https://*.siteimprove.com https://api.eu.apiconnect.ibmcloud.com https://*.hotjar.com wss://*.hotjar.com https://gis.portofrotterdam.com https://*.arcgis.com https://services.arcgisonline.nl https://*.arcgisonline.com; media-src 'self' data:; object-src 'self' http://www.youku.com https://players.youku.com; img-src 'self' * data: blob:; style-src * 'unsafe-inline'; frame-src 'self' https://360vr-video.nl https://*.hotjar.com https://www.youtube.com https://www.google.com https://player.vimeo.com https://*.akamaihd.net https://shipinfo.dirkzwager.com http://vaarsnelheden.mx-systems.nl https://clients.skycap.com https://inlandlinks.cofano.nl https://portofrotterdam.maps.arcgis.com https://my2.siteimprove.com/overlay/cms/cmssite* https://fotopaulmartens.netcam.nl; font-src * data:; plugin-types application/pdf application/x-shockwave-flash; report-uri https://portofrotterdam.report-uri.io/r/default/csp/enforce; 2
upgrade-insecure-requests; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2
default-src *.whatuseek.com 'unsafe-inline'; frame-ancestors 'none'; 2
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 2
default-src 'self'  https://*.firebaseio.com https://play.vidyard.com https://forms.hsforms.com https://www.facebook.com https://js.driftt.com https://www.youtube.com; script-src 'self' 'unsafe-inline'  https://*.firebaseio.com https://play.vidyard.com https://js.intercomcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.googletagmanager.com https://www.google.com  https://www.facebook.com https://*.facebook.net https://sjs.bizographics.com https://www.google-analytics.com https://js.hs-scripts.com https://js.driftt.com https://js.intercomcdn.com snap.licdn.com js.hs-analytics.net  https://*.intercom.io cdn.statuspage.io https://*.googletagmanager.com cdn.segment.com forms.hsforms.com js.hsforms.net https://cdnjs.cloudflare.com; connect-src 'self'  https://www.googleapis.com/  https://boards-api.greenhouse.io/v1/boards/mural/jobs  wss://*.firebaseio.com/.ws?v=5&s=DjozSjaVM0uWVTTGhuGilyGK0LXw7ivU&ns=mural-scan-counter  wss://mural-scan-counter.firebaseio.com https://internal-mural.now.sh https://www.facebook.com https://*.intercom.io wss://*.intercom.io *.statuspage.io  https://api.segment.io https://cdn.segment.com https://*.cdn.prismic.io https://ajax.cloudflare.com https://www.google-analytics.com; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' https: data:; object-src 'none'; 2
frame-ancestors 'self' https://twitter.com; 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://www.google-analytics.com https://americannational.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
frame-ancestors 'self' https://shop.santacruzbicycles.com 2
upgrade-insecure-requests; default-src https:; font-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: blob: data:; style-src https: 'unsafe-inline'; report-uri https://xiaomi.eu/csp/ 2
default-src 'none'; script-src 'self' *.deutsche-digitale-bibliothek.de *.google.com *.twitter.com *.facebook.com *.jwpcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.fiz-karlsruhe.de cms.deutsche-digitale-bibliothek.de *.twimg.com; object-src 'self'; style-src *.googleapis.com 'self' 'unsafe-inline' *.jsdelivr.net *.fiz-karlsruhe.de *.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com cms.deutsche-digitale-bibliothek.de; img-src * data:; media-src *; font-src *.gstatic.com *.googleapis.com *.jsdelivr.net 'self' cms.deutsche-digitale-bibliothek.de; connect-src *.akamaihd.net *.vimeo.com 'self' cms.deutsche-digitale-bibliothek.de *.twimg.com *.twitter.com *.fiz-karlsruhe.de; child-src 'self' *.deutsche-digitale-bibliothek.de *.fiz-karlsruhe.de *.google.com *.twitter.com *.facebook.com *.youtube.com cms.deutsche-digitale-bibliothek.de; frame-ancestors 'self' *.deutsche-digitale-bibliothek.de; 2
connect-src 'self' mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.webvisor.com mc.webvisor.org; default-src 'none'; img-src 'self' data: avatars.mds.yandex.net avatars.yandex.net mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.webvisor.com mc.webvisor.org *.captcha.yandex.net yastatic.net; script-src 'unsafe-eval' 'unsafe-inline' mail.yandex.ru mc.yandex.ru pass.yandex.ru social.yandex.ru player.video.yandex.net yastatic.net; style-src 'unsafe-inline' yastatic.net; font-src 'self' data: yastatic.net; child-src mc.yandex.ru; frame-src mc.yandex.ru video.yandex.ru player.video.yandex.net yastatic.net; frame-ancestors webvisor.com http://webvisor.com; report-uri https://csp.yandex.net/csp?from=promo-media-2017&yandex_login=undefined&yandexuid=undefined; 2
img-src 'self' https://ssl.google-analytics.com https://www.tqlkg.com https://www.googletagmanager.com https://www.google.com https://youtube.com/ http://www.google-analytics.com; object-src 'self' 2
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com; 2
frame-ancestors 'self' helioshi.medixmob.com medix-portal.com 2
frame-ancestors 'self' *.facebook.com *.workplace.com *.messenger.com; 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; report-uri https://scotthelme.report-uri.com/r/default/csp/enforce 2
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ 2
frame-ancestors 'self' http://*.staatsbibliothek-berlin.de https://*.staatsbibliothek-berlin.de; 2
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.klm.com https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.accorhotels.com https://*.accor.com https://*.usabilla.com https://*.hotjar.com https://*.decibelinsight.net https://*.google.com https://*.google-analytics.com https://*.iadvize.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' http://dds-simplicit-prod.s3-website-ap-southeast-2.amazonaws.com http://dds-simplicit-v2-prod.s3-website-ap-southeast-2.amazonaws.com https://test.salesforce.com *.suncorpbank.com.au; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; report-uri /json/csp-violation 2
upgrade-insecure-requests; frame-ancestors 'self' 'https://*.ed.gov'; 2
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src * data: * blob:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com blob: data:; 2
frame-ancestors 'self' *.chasepaymentechhostedpay.com; 2
frame-ancestors 'self' https://mpi.docebosaas.com; 2
connect-src https://*.peplink.com http://*.peplink.com https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.googlecode.com 127.0.0.1:* *.cloudflare.com 2
default-src 'self' 'unsafe-eval' blob: *.googleapis.com *.google.com *.mapbox.com *.cloudfront.net http://*.cloudfront.net *.google-analytics.com *.doubleclick.net *.google.co.uk *.intercomassets.com *.gstatic.com *.intercom.io *.intercomcdn.com *.cloudflare.com wss://*.intercom.io *.receptive.io receptive.io *.facebook.com *.fbsbx.com unpkg.com *.twimg.com https://feedback.eu.pendo.io *.purpleportal.net *.fbcdn.net https://*.amazonaws.com *.youtube.com *.pendo.io *.a3cloud.net https://*.purple.ai *.ggpht.com https://*.delighted.com *.googletagmanager.com https://*.blackfire.io https://*.venuewifi.net https://*.venuewifi.com data: 'unsafe-inline'; 2
object-src 'self' *; 2
default-src 'none'; base-uri 'self'; connect-src 'self' careers.jobscore.com www.google-analytics.com; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' stats.g.doubleclick.net www.google-analytics.com maps.gstatic.com maps.google.com maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com maps.google.com maps.googleapis.com cdn.rawgit.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 2
default-src 'self'; child-src 'self' *.wistia.com *.wistia.net *.addthis.com *.marketo.com *.marketo.net *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com; script-src 'self' navexglobal.ladesk.com cdnjs.cloudflare.com *.acuityscheduling.com *.ads-twitter.com *.callrail.com *.snapapp.com *.hirebridge.com *.hrjobcenter.com *.g2crowd.com *.capterra.com *.truste.com *.trustarc.com *.hushly.com *.reachforce.com *.addthisedge.com tagmanager.google.com *.wistia.com *.wistia.net *.amazonaws.com *.marketo.com *.marketo.net *.cloudfront.net *.twitter.com *.twimg.com *.terminus.services *.doubleclick.net *.olark.com *.stackadapt.com *.driftt.com *.googleadservices.com *.crazyegg.com *.facebook.net *.hotjar.com *.bing.com *.addthis.com *.googletagmanager.com *.optnmstr.com *.optimizely.com *.google-analytics.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' data: cdnjs.cloudflare.com *.acuityscheduling.com *.truste.com *.trustarc.com *.hushly.com tagmanager.google.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.olark.com 'unsafe-inline'; img-src 'self' data: navexglobal.ladesk.com t.co *.capterra.com *.g2.com *.opmnstr.com hushly.s3.amazonaws.com *.hushly.com driftt.imgix.net *.g2crowd.com *.gstatic.com *.pubmatic.com *.twitter.com *.twimg.com *.stickyadstv.com *.lkqd.net *.smartadserver.com *.districtm.io *.deployads.com *.liadm.com *.outbrain.com *.rubiconproject.com *.googletagmanager.com *.advertising.com *.taboola.com *.akamaihd.net *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.optmnstr.com *.terminus.services *.cloudfront.net *.stackadapt.com *.bing.com *.google.com *.digitru.st *.ml-api.io *.doubleclick.net *.bidswitch.net *.adnxs.com *.facebook.com *.olark.com *.google-analytics.com *.truste.com  *.trustarc.com *.optimizely.com; object-src 'self'; font-src 'self' *.hushly.com *.cloudfront.net *.amazonaws.com *.googleapis.com *.gstatic.com *.optimizely.com data:; form-action 'self' *.twitter.com *.facebook.com; base-uri 'self'; connect-src 'self' *.callrail.com *.snapapp.com *.mstrlytcs.com *.opmnstr.com *.hotjar.io *.truste.com *.trustarc.com *.hushly.com *.addthis.com *.wistia.com *.litix.io *.hotjar.com *.facebook.com *.doubleclick.net *.optimizely.com *.olark.com *.stackadapt.com *.optmnstr.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com *.akamaihd.net wss: data:; frame-src 'self' *.ladesk.com  *.optimizely.com *.acuityscheduling.com *.snapapp.com *.g2.com *.google.com *.truste.com *.trustarc.com *.doubleclick.net *.addthis.com *.hotjar.com *.driftt.com *.olark.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.twitter.com *.facebook.com *.youtube.com; frame-ancestors 'self'; media-src 'self' blob: data: *.cloudfront.net *.optimizely.com *.akamaihd.net *.wistia.com *.wistia.net *.olark.com; worker-src 'self' blob: *.wistia.com *.addthis.com *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com *.marketo.com; 2
default-src 'self' https://*.cloudfront.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.google.com http://*.googletagmanager.com http://*.gstatic.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://s-static.ak.facebook.com http://*.youtube.com http://*.googleadservices.com https://*.google-analytics.com https://*.twitch.tv https://*.rafflecopter.com; img-src 'self' data: https://*.googleapis.com https://*.google.com http://*.googletagmanager.com http://*.gstatic.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://s-static.ak.facebook.com http://*.youtube.com http://*.googleadservices.com https://*.google-analytics.com https://*.twitch.tv https://*.rafflecopter.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com http://*.googletagmanager.com http://*.gstatic.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://s-static.ak.facebook.com http://*.youtube.com http://*.googleadservices.com https://*.google-analytics.com https://*.twitch.tv https://*.rafflecopter.com; font-src 'self' https://*.googleapis.com https://*.google.com http://*.googletagmanager.com http://*.gstatic.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://s-static.ak.facebook.com http://*.youtube.com http://*.googleadservices.com https://*.google-analytics.com https://*.twitch.tv https://*.rafflecopter.com; frame-src 'self' https://*.googleapis.com https://*.google.com http://*.googletagmanager.com http://*.gstatic.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://s-static.ak.facebook.com http://*.youtube.com http://*.googleadservices.com https://*.google-analytics.com https://*.twitch.tv https://*.rafflecopter.com; object-src 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 2
default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; object-src 'self'; font-src *; connect-src *; img-src 'self' data: *; frame-src *; 2
default-src http: https: 'self' data: blob:; base-uri 'self'; child-src * blob:; connect-src *; frame-ancestors https://landing.credit-agricole.it/; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.credit-agricole.it http://*.credit-agricole.it https://*.credit-agricole.it *.cloudfront.net http://*.cloudfront.net https://*.cloudfront.net *.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net connect.ekomi.de http://connect.ekomi.de https://connect.ekomi.de widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com *.facebook.net http://*.facebook.net https://*.facebook.net www.google.com http://www.google.com https://www.google.com www.google.it http://www.google.it https://www.google.it *.google-analytics.com http://*.google-analytics.com https://*.google-analytics.com www.googleadservices.com http://www.googleadservices.com https://www.googleadservices.com www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com www.gstatic.com http://www.gstatic.com https://www.gstatic.com script.hotjar.com http://script.hotjar.com https://script.hotjar.com static.hotjar.com http://static.hotjar.com https://static.hotjar.com cdn.jsdelivr.net http://cdn.jsdelivr.net https://cdn.jsdelivr.net www.youtube.com http://www.youtube.com https://www.youtube.com ajax.googleapis.com http://ajax.googleapis.com https://ajax.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com cdn.ravenjs.com http://cdn.ravenjs.com https://cdn.ravenjs.com *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de *.mynsystems.com http://*.mynsystems.com https://*.mynsystems.com secure.adnxs.com http://secure.adnxs.com https://secure.adnxs.com ads.avocet.io http://ads.avocet.io https://ads.avocet.io s.yimg.com http://s.yimg.com https://s.yimg.com *.analytics.yahoo.com http://*.analytics.yahoo.com https://*.analytics.yahoo.com; style-src 'unsafe-inline' 'self' *.mapbox.com http://*.mapbox.com https://*.mapbox.com *.credit-agricole.it http://*.credit-agricole.it https://*.credit-agricole.it *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com fonts.googleapis.com http://fonts.googleapis.com https://fonts.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de 2
frame-ancestors *.250ok.com 2
default-src https: data: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' planar.com *.planar.com leyard.com *.leyard.com http://www.ravepubs.com https://www.ravepubs.com g.adspeed.net; 2
script-src 'self' https://www.gstatic.cn *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 'unsafe-inline';style-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk https://api-js.mixpanel.com api-js.mixpanel.com api-js.mixpanel.com;font-src 'self' https://ajax.aspnetcdn.com *.tranedigitalrewards.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com;img-src 'self' https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data:;frame-src 'self' https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  media-src * blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src https: 'unsafe-eval' 'unsafe-inline';object-src 'none' 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
frame-ancestors 'self' uninter.com *.uninter.com  http://univirtus.uninter.com; 2
frame-ancestors 'self' https://fressnapf.marketing.adobe.com https://confluence.fressnapf.de https://*.fnfarm.de app.fressnapf.de; 2
manifest-src 'self' https://*.ng-source.com 2
default-src 'self' 'unsafe-inline'; 2
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.doctor.com 2
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://*.krxd.net https://mdeo-cms.imgix.net; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://*.krxd.net; child-src https://www.google.com https://*.krxd.net; script-src 'self' 'unsafe-inline' https://a.mdeo.co https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.krxd.net; connect-src 'self' https://a.mdeo.co https://cms.mdeo.co https://test-cms.mdeo.co https://www.google-analytics.com; 2
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src *.myheritage.de https://www.myheritage.de  'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://cdn.ravenjs.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
default-src https: data: blob: wss:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline' 2
script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' static2.mybonuscenter.com static4.mybonuscenter.com static6.mybonuscenter.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2
frame-ancestors 'self' http://localhost http://dev-elementaldiets.pantheonsite.io http://elementaldiets.com https://elementaldiets.com 2
default-src 'self' https://gidonline.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gidonline.io *.braun634.com *.leonbetvouum.com reichelcormier.bid *.adbetnet.com json.bannersvideo.com serving.adbetclickin.pink cdn.hdat.xyz hhit.xyz cdn7.rocks hgbn.rocks *.mxttrf.com oconner.link franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com *.criteo.com https://apis.google.com counter.yadro.ru; frame-src 'self' https://gidonline.io *.braun634.com *.leonbetvouum.com *.adbetnet.com adbetnet.advertserve.com json.bannersvideo.com https://bannersvideo.com serving.adbetclickin.pink franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com biocdn.com cdn.hdat.xyz oconner.link *.r.worldssl.net counter.yadro.ru https://gid.videocdn.ca *.youtube.com https://www.youtube.com https://apis.google.com; connect-src 'self' https://gidonline.io franecki.net reichelcormier.bid https://xml.bannersvideo.com wss://ws.hghit.com/ws *.onedmp.com wss://oconner.link:8041; style-src 'self' 'unsafe-inline' https://gidonline.io counter.yadro.ru; font-src 'self' https://gidonline.io counter.yadro.ru fonts.gstatic.com; img-src 'self' data: https://gidonline.io *.braun634.com *.leonbetvouum.com *.gemius.pl *.adbetnet.com reichelcormier.bid serving.adbetclickin.pink imgg-cdn.adskeeper.co.uk imgg-cdn.mgid.com *.r.acdnpro.com creatives.adbetclickin.pink hg-bn.com ws.hghit.com c.datpix.net hhit.xyz hgbn.space hgbn1.com hgbnr.com hgbn.rocks cdn7.rocks hghit.com *.mxttrf.com *.deltacdn.net *.r.worldssl.net https://ft.imgsniper.com front.facetz.net counter.yadro.ru *.gstatic.com; object-src 'self' https://gidonline.io counter.yadro.ru 2
frame-ancestors 'self' https://*.backstreetmerch.com https://*.livenationmerch.com https://www.joestrummer.com https://eustore.rogerwaters.com https://www.trailerparkboysmerch.com https://store.niallhoran.com https://shop.thebodycoach.com https://merchandise.footballmanager.com https://shop.little-mix.com https://shop.shanefilan.com https://merch.bulletformyvalentine.com https://merch.raksu-official.com 2
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' newsroom.edison.com; 2
https: 2
frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il https://*.netapoz.com 2
default-src 'self'; script-src 'self'; 2
default-src 'none';style-src 'unsafe-inline' cdn.welcometothejungle.co tagmanager.google.com fonts.googleapis.com optimize.google.com app.getbeamer.com;script-src 'unsafe-inline' cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com loader.wisepops.com app.wisepops.com optimize.google.com app.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com static.hotjar.com script.hotjar.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com;media-src cdn.welcometothejungle.co;font-src cdn.welcometothejungle.co cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.dailymotion.com soundsgood.co play.soundsgood.co app.soundsgood.co playlist.soundsgood.co connect.facebook.net w.soundcloud.com 360player.io optimize.google.com app.getbeamer.com push.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com vars.hotjar.com;connect-src https://api.welcometothejungle.com wss://api.welcometothejungle.com *.algolianet.com *.algolia.net *.facebook.com popup.wisepops.com app.wisepops.com tracking.wisepops.com backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com wss://*.hotjar.com vc.hotjar.io; 2
frame-ancestors 'self' *.royalpanda.com *.rpaffiliates.com; 2
default-src 'self'; media-src https://*.amazonaws.com/live.iap.static/; img-src 'self' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://*.amazonaws.com/live.iap.static/ https://cdn.magix-iap.com/resize/; script-src 'self' https://www.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ https://consent-notice.magix.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ 2
connect-src 'self' https://api.github.com https://api.mypurecloud.ie https://googleads4.g.doubleclick.net wss://carrier-pigeon.mypurecloud.ie https://privacyportal.cookiepro.com https://app.altocloud.com https://*.pingdom.net https://*.twitter.com https://stats.g.doubleclick.net https://*.cludo.com https://*.bankofireland.com https://*.bsw-dev.net https://siteintercept.qualtrics.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
script-src  * data:   'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: ; object-src 'self'; 2
frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com www3staging.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de 2
frame-ancestors 'self' 2
frame-ancestors 'self' https://arcprod--prod.lightning.force.com/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net  *.kissmetrics.com *.googlesyndication.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com *.renewedvision.com; 
	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.googlesyndication.com *; 
	img-src 'unsafe-inline' 'unsafe-eval' data: *; 
	frame-src 'unsafe-inline' 'unsafe-eval' data:  *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 2
frame-ancestors 'self' marketplace.goxip.com www.rewardsnap.com; upgrade-insecure-requests 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.ytimg.com https://script.crazyegg.com https://dnn506yrbagrg.cloudfront.net https://planner-widget.goabout.com https://stats.g.doubleclick.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://www.gstatic.com https://track.adform.net;style-src 'self' 'unsafe-inline' https://fast.fonts.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com;img-src 'self' https://www.radboudumc.nl/getmedia https://www.test.radboudumc.nl/getmedia https://www.acc.radboudumc.nl/getmedia https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://radboudumc-web.ungerboeck.com https://planner-widget.goabout.com https://www.google.com;font-src 'self' data: https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com;connect-src 'self' https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com;frame-ancestors 'self' https://bewerk.radboudumc.nl https://bewerk.parkinsonopmaat.nl https://bewerk.healthybrainstudy.nl https://bewerk.youngstroketoolbox.nl https://bewerk.netwerkic.nl https://bewerk.hematologie-wijzer.nl https://bewerk.test.radboudumc.nl https://bewerk.test.parkinsonopmaat.nl https://bewerk.test.healthybrainstudy.nl https://bewerk.test.youngstroketoolbox.nl https://bewerk.test.netwerkic.nl https://bewerk.test.hematologie-wijzer.nl https://bewerk.acc.radboudumc.nl https://bewerk.acc.parkinsonopmaat.nl https://bewerk.acc.healthybrainstudy.nl https://bewerk.acc.youngstroketoolbox.nl https://bewerk.acc.netwerkic.nl https://bewerk.acc.hematologie-wijzer.nl https://content.radboud.kentico.local https://bewerk.parkinsonopmaat.kentico.local https://bewerk.healthybrainstudy.kentico.local https://bewerk.youngstroketoolbox.kentico.local https://bewerk.hematologie-wijzer.kentico.local 2
frame-ancestors 'self' aruplab.com *.aruplab.com arupconsult.com *.arupconsult.com testmenu.com *.testmenu.com *.csod.com 2
frame-src https://www.chelseapiers.com https://www.chelseapiersct.com https://signs.reachcm.com https://www.fitmetrix.io https://www.youtube.com https://bid.g.doubleclick.net https://apps.dashplatform.com www.googletagmanager.com 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ http://*.amazon.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css http://*.amazon.com/ https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.amazon.com/ http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media;media-src 'none';frame-src 'self' https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://players.brightcove.net;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com;report-uri /WebResource.axd?cspReport=true 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com zz.connextra.com s.btstatic.com s.thebrighttag.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 2
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 2
frame-ancestors 'self' ah4r.crm.dynamics.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com https://va.ecitizen.gov.sg http://assets.adobedtm.com http://dpm.demdex.net http://wogadobeanalytics.sc.omtrdc.net http://va.ecitizen.gov.sg https://www.google.com https://s3-us-west-2.amazonaws.com http://fonts.googleapis.com http://ajax.googleapis.com https://fonts.gstatic.com http://cm.everesttech.net http://fast.wogaa.demdex.net https://tools.onemap.sg https://www.gstatic.com https://forms.cwp.gov.sg https://www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net https://assets.juicer.io https://connect.facebook.net https://www.facebook.com https://www.juicer.io https://graph.facebook.com https://static.juicer.io https://i.imgur.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://external.xx.fbcdn.net https://twitter.com https://wogaa.demdex.net https://www.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.onemap.sg http://www.moh.gov.sg http://www.youtube.com https://www.youtube.com https://static.pigeonhole.at https://pigeonhole.at *.hotjar.com:* *.hotjar.io wss://*.hotjar.com form.gov.sg https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com.sg assets.dcube.cloud assets.wogaa.sg assets.adobedtm.com https://snowplow-web.wogaa.sg https://youtu.be; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 2
default-src * https:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; connect-src https: wss://ws5.hotjar.com/; media-src * blob:; 2
object-src 'unsafe-inline' 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https: wss: 2
report-uri https://top100golf.report-uri.com/r/d/csp/wizard;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: consent.cmp.oath.com www.googletagmanager.com *.google.co.uk *.google.com *.google-analytics.com *.doubleclick.net platform.twitter.com;style-src 'self' 'unsafe-inline' platform.twitter.com https: 2
frame-ancestors 'self' localhost:* *.tason.com 2
;frame-ancestors 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com schools.education.gov.au; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval' https://api.maptiler.com; object-src 'none' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data:; object-src 'none'; frame-ancestors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com *.whisbi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com *.whisbi.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com; img-src * blob: data: optimize.google.com *.abtasty.com *.amazonaws.com *.cloudfront.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com *.whisbi.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com *.whisbi.com c.contentsquare.net *.abtasty.com; report-uri /admin/config/system/seckit/csp-report 2
connect-src 'self' *.company-target.com *.doubleclick.net *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.mrpfd.com; default-src 'none'; font-src 'self' data: *.healthcatalyst.com *.googleapis.com *.gstatic.com *.slidesharecdn.com; frame-src 'self' *.healthcatalyst.com *.addtoany.com *.hotjar.com *.myworkdayjobs.com *.pardot.com *.youtube.com *.slideshare.net; img-src 'self'  data: *.healthcatalyst.com *.6sc.co *.bidr.io *.bizible.com *.company-target.com *.doubleclick.net *.facebook.com *.google.com *.google.pt *.google-analytics.com *.googletagmanager.com *.gravatar.com *.linkedin.com *.publishthis.com t.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.healthcatalyst.com *.6sc.co *.addtoany.com *.ads-twitter.com *.bizible.com *.bizographics.com *.demandbase.com *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.jsdelivr.net *.licdn.com *.mrpfd.com *.youtube.com *.ytimg.com *.pardot.com polyfill.io *.twitter.com; style-src 'self' 'unsafe-inline' *.healthcatalyst.com *.googleapis.com; base-uri ; form-action 'self' *.pardot.com; frame-ancestors 'self'; block-all-mixed-content; require-sri-for script style; upgrade-insecure-requests; 2
script-src 'self' 'unsafe-inline' script.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ cdn.embedly.com/widgets/platform.js maps.googleapis.com www.gstatic.com/charts/loader.js translate.google.com translate.googleapis.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ platform.instagram.com/en_US/embeds.js www.instagram.com/embed.js platform.twitter.com/widgets.js platform.twitter.com/js/ cdn.syndication.twimg.com/tweets.json connect.facebook.net www.facebook.com 'sha256-MnYIWRIvZDV4cRJPAru0pw6F3lmnPQf08T9f7+DUcz8=' 'sha256-8djXUSnIFgs34hhsRe0uCuyJW99nIX7C55VOG7J8KU8=' 'nonce-undefined'; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com https://tagmanager.google.com/ https://fonts.googleapis.com/ platform.twitter.com/css/; img-src 'self' trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/c s3.amazonaws.com/trk.cetrk.com/s gtrk.s3.amazonaws.com s3-eu-west-1.amazonaws.com/congestion-cameras s3-eu-west-1.amazonaws.com/congestion-cameras-test images.ctfassets.net images.contentful.com translate.google.com translate.googleapis.com www.google.com *.googleapis.com *.ggpht.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com/i/jot syndication.twitter.com/i/jot/syndication pbs.twimg.com/media/ pbs.twimg.com/profile_images/ abs.twimg.com/emoji/ platform.twitter.com/css/ congestion-cameras.s3.amazonaws.com data: https://www.facebook.com/tr/ https://d20vwa69zln1wj.cloudfront.net https://stats.addsearch.com s3-eu-west-1.amazonaws.com; media-src 'self' s3-eu-west-1.amazonaws.com; connect-src 'self' www.google-analytics.com translate.googleapis.com sample-api-v2.crazyegg.com; frame-src https://www.googletagmanager.com/ www.google.com/maps/embed www.google.com/maps/d/embed www.google.com/maps/d/u/0/embed docs.google.com/spreadsheets/d/e/ www.youtube.com www.facebook.com/plugins/post.php www.instagram.com/p/ platform.twitter.com www.manchestereveningnews.co.uk https://map.zap-map.com/; frame-ancestors 'self' www.manchestereveningnews.co.uk; worker-src 'self'; font-src 'self' fonts.gstatic.com; object-src 'none'; form-action 'self'; report-uri /report/csp 2
frame-ancestors https://*.trend.at http://*.trend.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
default-src 'self'  http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com 'unsafe-inline'; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://www.aparat.com;  connect-src 'self' http://samta.samt.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; img-src * data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net/ https://*.webvisor.com/ https://*.yandex.ru/  https://*.yandex.com/ https://*.tile.openstreetmap.org/ https://*.adroll.com/  https://*.gartner.com/ https://*.consensu.org/  https://*.google.com/ https://google.com/  https://www.youtube.com/ https://www.gstatic.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googleapis.com/  https://www.htbridge.com/ https://portal.htbridge.com/ https://portal.immuniweb.com/ https://www.google-analytics.com/ https://certify-js.alexametrics.com/ https://certify.alexametrics.com/ https://stats.g.doubleclick.net/ https://snap.licdn.com/ https://*.facebook.com/ https://*.linkedin.com/ https://secure.adnxs.com/ https://*.sharethis.com/ https://*.addthis.com/ https://*.addthisedge.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.baidu.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.beautyexpert.com https://checkout.beautyexpert.com https://www.beautyexpert.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://translate.yandex.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com; upgrade-insecure-requests; report-to report-endpoint 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self'; 2
frame-ancestors 'self' https://backend.diario26.com 2
frame-ancestors 'self' https://mossrehab.healthpost.com;  2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.dentoncounty.gov *.dentoncounty.com *.sitecore.net requirejs.org *.willyweather.com cdnres.willyweather.com *.siteimprove.com *.googlecode.com *.cloudflare.com *.fontawesome.com *.sharethis.com www.google-analytics.com *.google.com *.mailchimp.com; 2
Content-Security-Policy "default-src http: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://centerparcs.experiencecloud.adobe.com 2
frame-ancestors  https://*.gdc.coop http://*.gdc.coop https://*.aiyellow.com 2
frame-ancestors 'self' *.dja.com; 2
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src https: blob: mc.yandex.ru jivosite.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/ https://*.simpleanalytics.io/; img-src 'self' https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/ https://*.simpleanalytics.io/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; object-src 'self'; report-uri /service/csp 2
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self' ; base-uri 'self'; 2
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 2
default-src 'self' data: *.bilibili.com *.hdslb.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; style-src 'self' 'unsafe-inline' *.hdslb.com static.geetest.com; img-src 'self' data: blob: 'unsafe-inline' *.bilibili.com *.hdslb.com http://*.hdslb.com static.geetest.com *.bigfun.cn *.cnzz.com cnzz.mmstat.com open.weixin.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bilibili.com *.hdslb.com api.geetest.com static.geetest.com *.bigfun.cn *.cnzz.com http://*.cnzz.com; object-src 'self' *.hdslb.com; media-src 'self' *.acgvideo.com http://*.acgvideo.com *.ksyungslb.com; connect-src 'self' data: wss://*.bilibili.com:* *.bilibili.com *.hdslb.com *.biliapi.net *.biliapi.com *.bigfun.cn; frame-ancestors 'self' *.bilibili.com *.biligame.com *.bigfun.cn; report-uri https://security.bilibili.com/csp_report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://stats.g.doubleclick.net https://*.iis.se https://*.readspeaker.com https://tagmanager.google.com https://www.googletagmanager.com https://*.bugsnag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.amazonaws.com https://secure.gravatar.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://yoa.st 2
default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com pwna4hope.org; report-uri http://www.nativepartnership.org/site/XFrameViolation 2
default-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;script-src 'self' *.seizethedeal.com *.townsquarecommerce.com  *.seizethedeal.com:8983 *.seizethedeal.com:8982 *.townsquarecommerce.com:8983 *.townsquarecommerce.com:8982 netdna.bootstrapcdn.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com http://www.google-analytics.com https://apis.google.com https://unpkg.com https://faye.getstream.io http://nsg.symantec.com https://nsg.symantec.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://graph.facebook.com connect.facebook.net http://thomasjbradley.ca http://github.com https://maps.google.com https://cdn.rawgit.com https://maps.googleapis.com https://www.gstatic.com https://ssl.gstatic.com http://ak.sail-horizon.com https://ak.sail-horizon.com https://platform.twitter.com https://assets.pinterest.com *.adroll.com http://*.sharethis.com https://*.sharethis.com https://bat.bing.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com http://code.jquery.com https://fonts.googleapis.com http://fonts.googleapis.com https://ajax.googleapis.com https://www.google.com https://unpkg.com http://*.sharethis.com https://*.sharethis.com 'unsafe-inline';img-src * data:;connect-src 'self' https://graph.facebook.com https://faye.getstream.io wss://faye.getstream.io c.sharethis.mgr.consensu.org l.sharethis.com https://t.sharethis.com *.seizethedeal.com *.seizethedeal.com:8983 *.seizethedeal.com:8982 *.townsquarecommerce.com *.townsquarecommerce.com:8983 *.townsquarecommerce.com:8982 https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://ajax.googleapis.com https://cdnjs.cloudflare.com;font-src 'self' https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:;object-src *;media-src *;frame-src 'self' https://www.facebook.com staticxx.facebook.com https://web.facebook.com https://www.google.com https://accounts.google.com https://content.googleapis.com https://plusone.google.com https://platform.twitter.com https://nsg.symantec.com https://status.rackspace.com https://rackspace.service-now.com https://www.youtube.com https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://ws.sharethis.com edge.sharethis.com https://*.sharethis.com gsa://onpageload data:;child-src 'self' https://www.facebook.com staticxx.facebook.com https://www.google.com https://accounts.google.com https://content.googleapis.com https://plusone.google.com https://platform.twitter.com https://status.rackspace.com https://rackspace.service-now.com edge.sharethis.com gsa://onpageload data:; report-uri /policy 2
default-src 'none'; style-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com/static/0.5/styles/themes/ https://s3.amazonaws.com/vwo-surveys/theme/ https://fonts.googleapis.com/ http://app.vwo.com/ ; media-src 'self'; font-src 'self' https://www.ing.fr/assets/fonts/ https://app.vwo.com/assets/fonts/ https://fonts.gstatic.com/ ; object-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com/analysis/ https://ampcid.google.com/v1/publisher:getClientId https://www.google.com/ads https://www.google.fr/ads https://amp-error-reporting.appspot.com/ https://stats.g.doubleclick.net/r/ https://ampcid.google.fr/ https://www.google-analytics.com/r/collect https://www.ing.fr/ https://services.opcvm360.com/api-v1/ https://cr-input.mxpnl.net/; img-src 'self' https://www.google.fr/ads/ https://www.google.com/ads/ https://news.ing.be/newsingbeimages/assets/ https://stats.g.doubleclick.net/r/collect/ data: http://chart.googleapis.com/ http://*.visualwebsiteoptimizer.com/  www.ing.fr www.google-analytics.com ssl.google-analytics.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://app.vwo.com/visitor-behavior-analysis/ https://www.google.com/jsapi http://b.mxpnl.net/cs/ http://trendtext.eu/metric/ http://trendtext.eu/ https://cse.google.com/cse/brand http://www.ing.fr www.google-analytics.com ssl.google-analytics.com www.google.com platform.twitter.com connect.facebook.net apis.google.com http://d5phz18u4wuww.cloudfront.net/ http://*.visualwebsiteoptimizer.com/ code.jquery.com; frame-src https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/visitor-behavior-analysis/ https://fls.doubleclick.net/ https://*.fls.doubleclick.net/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ http://www.google.com/cse https://cse.google.com/cse; child-src 'self' https://cse.google.com/cse http://cse.google.com https://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://apis.google.com/ http://www.google.com https://www.google.com http://r.turn.com https://r.turn.com http://platform.twitter.com/widgets https://accounts.google.com https://s-static.ak.facebook.com http://www.facebook.com/plugins;  2
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp retrip.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp *.adplan-enquete.com *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com bs.serving-sys.com *.bs.serving-sys.com *.akamaized.net *.adnxs.com *.ad-v.jp *.cci.co.jp *.openxmarket.jp *.servedby-openxmarket.jp *.adtechjp.com *.pubmatic.com *.teads.tv *.ad-generation.jp *.zucks.net.zimg.jp *.fluct.jp *.href.asia *.yieldmanager.com *.seesaa.net *.kau.li *.shinobi.jp *.yahoo.com *.adlantis.jp *.gsspcln.jp *.ampproject.net; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn www.zhidaoai.com 2
frame-ancestors 'self' www.autodesk.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: 'self' data:; font-src https: 'self' data:; connect-src https: 'self' wss: 2
frame-ancestors 'self' http://www.growingio.com https://www.growingio.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.googleapis.com https://id.cashbackworld.com; img-src 'self' https: data:; font-src 'self' data: https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.gstatic.com https://maps.googleapis.com 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com  ajax.googleapis.com  maps.googleapis.com  cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' www.google-analytics.com cdnjs.cloudflare.com maps.gstatic.com maps.googleapis.com data:; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self'; form-action 'self'; report-uri /WebResource.axd?cspReport=true 2
frame-src 'self' https://*.vidyard.com https://*.infogr.am https://*.youtu.be https://*.youtube.com https://*.akamaihd.net https://*.unibuddy.co https://*.google.com https://*.hubspot.com https://*.googlevideo.com https://*.facebook.com https://*.linkedin.com https://*.twitter.com https://*.inspectlet.com https://*.hotjar.com https://vidyard.com https://infogr.am https://youtu.be https://youtube.com https://akamaihd.net https://unibuddy.co https://google.com https://hubspot.com https://googlevideo.com https://facebook.com https://linkedin.com https://twitter.com https://inspectlet.com https://hotjar.com https://googletagmanager.com http://zendesk.com https://*.googletagmanager.com https://*.ehl.edu https://*.adskom.com https://*.doubleclick.net https://*.hs-analytics.net https://*.infogram.com https://infogram.com https://wwwwebapi.ehl.edu 2
frame-ancestors https://*.ionos.it https://ionos.it; 2
frame-ancestors   https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com 2
default-src 'self' data: https://scontent.cdninstagram.com http://destinilocators.com http://www.google-analytics.com http://destinilocators.com/kerrygold/ http://best4u.md http://cdnjs.cloudflare.com http://vjs.zencdn.net/7.3.0/video-js.min.css http://www.googletagmanager.com https://best4u.md https://kerrygoldna.freshworks.com https://kerrygoldna.freshworks.com/oauth/authorize https://api.openweathermap.org https://www.google.ie http://vimeo.com https://platform.twitter.com https://i.ytimg.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://external.xx.fbcdn.net https://player.vimeo.com https://www.facebook.com https://cdn.polyfill.io https://connect.facebook.net https://az416426.vo.msecnd.net https://ajax.googleapis.com https://cdnjs.cloudflare.com https://api.instagram.com https://scontent.xx.fbcdn.net https://mozbar.moz.com https://vjs.zencdn.net https://kerrygoldna.freshdesk.com https://destinilocators.com https://secure.gravatar.com https://ps.w.org https://fonts.googleapis.com https://cdn.ampproject.org/ https://fonts.gstatic.com https://amp-error-reporting.appspot.com https://ampcid.google.com https://s.w.org/ https://5303105.fls.doubleclick.net https://kerrygoldna.freshworks.com https://assets.freshdesk.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
default-src https: data: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
default-src 'self' www.bolsasymercados.es 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com *.google.com *.google.es *.youtube.com *.vimeo.com *.vimeocdn.com *.edisoninvestmentresearch.com *.twimg.com *.twitter.com twitter.com https://www.bolsasymercados.es wss://www.bolsasymercados.es;base-uri 'self';plugin-types application/pdf;form-action 'self' *.twitter.com;frame-ancestors 'self'; 2
frame-ancestors liveshareeast3.seismic.com huron.seismic.com 2
connect-src * 2
frame-ancestors https://*.lifecell.com.ua https://*.lifecell.ua 2
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com; img-src * data: blob:, connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.algolianet.com  , object-src 'self', frame-ancestors 'self', base-uri https://www.upp.photo/, form-action 'self' https://netanswer.rpxnow.com https://www.paristech-alumni.org https://www.wats4u.com http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org  2
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 2
frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'none'; report-uri https://www.comunique-se.com.br/contato; 2
worker-src 'self' 2
'unsafe-inline' 2
default-src 'self' *.studio  *.hotjar.io  *.arena.im/  *.gstatic.com  in.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edit.co.uk *.cookiebot.com *.allinleeds.com *.googleadservices.com giphy.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com stats.g.doubleclick.net googleadservices.com px.ads.linkedin.com static.ads-twiter.com facebook.com googleads.g.doubleclick.net t.co google.com googletagmanager.com hotjar.com *.hotjar.com snap.licdn.com *.twitter.com platform.twitter.com analytics.twitter.com connect.facebook.net apis.google.com; img-src * data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.allinleeds.com *.vimeo.com giphy.com latex.codecogs.com platform.twitter.com; font-src 'self' *.gstatic.com  data:; frame-src 'self' *.studio  https://public.flourish.studio  www.youtube.com *.vimeo.com *.cookiebot.com www.facebook.com *.facebook.com *.hotjar.com *.allinleeds.com giphy.com platform.twitter.com syndication.twitter.com; 2
frame-ancestors 'self' *.maritzcx.com *.allegiancetech.com *.mcxplatform.com.au *.mcxplatform.com *.mcxplatform.de; 2
default-src 'self' 'unsafe-inline'; script-src 'self' www.google-analytics.com 'unsafe-inline'; img-src 'self' data: www.google-analytics.com 2
frame-ancestors 'self' *.wildberries.am 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
default-src * gap: ws: https://ssl.gstatic.com;style-src * 'unsafe-inline' 'self' data: blob:;font-src 'self' data: fonts.gstatic.com;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;img-src * data: 'unsafe-inline' 'self' content:; 2
frame-ancestors https://www.enelx.com https://d3eepfzwqopgtx.cloudfront.net https://d13hhoqz1xnrhs.cloudfront.net 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 2
frame-ancestors 'self' http://www.weathertechwholesale.com http://www.cabelas.com https://www.cabelas.com http://www.calcarcover.com https://www.calcarcover.com http://cabuat01.cabelas.com https://cabuat01.cabelas.com http://cabuat02.cabelas.com https://cabuat02.cabelas.com http://cabuat03.cabelas.com https://cabuat03.cabelas.com https://sandbox-assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://secure.checkout.visa.com *.intranet.dow.com *.paypal.com *.paypalobjects.com pinterest.adsymptotic.com ct.pinterest.com *.ppipe.net 2
-Report-Only '/some-report-uri'; 2
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com smrtsrc.com *.smrtsrc.com jahia-macpd-03.smartsource.local jahia-macpd-04.smartsource.local jahia-mactd-01.smartsource.local jahia-macdd-01.smartsource.local 2
default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8090 https://cdn.polyfill.io http://maps.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://www.googleadservices.com https://widget.trustpilot.com https://api.truspilot.com https://seal.verisign.com https://widgets.digg.com https://connect.facebook.net https://platform.twitter.com https://dev.visualwebsiteoptimizer.com https://uniteddomainsus.zammad.com https://uniteddomainsus.zendesk.com https://static.zdassets.com https://assets.zendesk.com https://v2.zopim.com https://polyfill.io https://cdn.ravenjs.com; object-src 'self'; 2
base-uri 'self'; child-src 'self' bid.g.doubleclick.net www.google.com www.youtube.com *.midtrans.com *.googleapis.com; connect-src *; default-src 'self'; font-src 'self' data: cdn.mxpnl.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: csi.gstatic.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net i.imgur.com img.youtube.com www.googleadservices.com www.google.com www.google.co.id www.google-analytics.com www.googletagmanager.com placehold.it placeholdit.imgix.net s3.amazonaws.com *.s3.amazonaws.com *.midtrans.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.polyfill.io cdn.mxpnl.com mixpanel.com maps.googleapis.com s.ytimg.com *.crazyegg.com s3.amazonaws.com *.s3.amazonaws.com tagmanager.google.com www.googleadservices.com www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com www.youtube.com *.midtrans.com *.googleapis.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com; frame-src *.midtrans.com www.youtube.com www.google.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.nzbvortex.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.google.com; object-src 'none'; frame-ancestors 'self' 2
frame-ancestors https://*.scif.com:* https://*.statefundca.com:* 2
frame-ancestors 'self' xmatters.com *.xmatters.com xmatters-mktg.web.app xmatters-mktg.firebaseapp.com 2
child-src 'self' *.polk-county.net; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; worker-src * blob: 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
frame-ancestors 'self' *.ariba.com *.theinstitutes.org                 www.suppliersolutions.com                 login.theinstitutes.org;             report-uri /security-violation-report.php 2
default-src script-src 'unsafe-eval' 'self' wss://*.zopim.com *.zdassets.com *.yahooapis.com *.hays.com *.googleapis.com *.gstatic.com *.addthis.com *.instagram.fbom5-1.fna.fbcdn.net *.instagram.com *.google-analytics.com *.googleapis.com *.google.com *.optimizely.com *.googletagmanager.com *.typography.com *.hays.co.uk *.youtube.com *.nccgroup-webperf.com *.slideshare.net *.linkedin.com *.gstatic.com *.crazyegg.com *.hotjar.com *.zopim.com *.soundcloud.com *.igodigital.com *.zopim.io *.twitter.com *.facebook.net *.tiqcdn.com *.tealiumiq.com *.twimg.com *.facebook.com *.bit.ly 'unsafe-inline' *.yahooapis.com; font-src 'self' *.zopim.com data: 2
default-src 'self' https://pfq-static.com https://checkout.stripe.com;img-src https: data:;style-src 'self' https://pfq-static.com 'unsafe-inline';connect-src 'self' https://api.stripe.com;frame-src 'self' https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com data:;script-src 'self' https://pfq-static.com https://www.google.com https://platform.twitter.com https://js.stripe.com;font-src https: data: 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com/lib/1295-v1.js https://admin.relay42.com/external/tags-1295/ https://tdn.r42tag.com/tags-1295/ https://t.svtrd.com/t-1295/ https://admin.relay42.com/external/tagmanagement/debugWindow https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://optimize.google.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://optimize.google.com https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com;connect-src 'self' *.eneco.nl https://www.google-analytics.com *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com jeffco.bibliocms.com *.jeffco.bibliocms.com https://jeffcolibrary.org jeffcolibrary.org *.jeffcolibrary.org; 2
object-src 'none'; form-action 'self'; frame-ancestors 'none' 2
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: blob: cdn.ckeditor.com via.placeholder.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com eum.instana.io ajax.googleapis.com widget.trustpilot.com cdn.dynamicyield.com pagead2.googlesyndication.com *.scarabresearch.com www.paypalobjects.com js.braintreegateway.com; style-src 'self' https: 'unsafe-inline' cdn.ckeditor.com fonts.googleapis.com; connect-src 'self' https: data: blob: api.sofort.com http://localhost:3035 2
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; script-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; connect-src * 'unsafe-inline' 2
base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 2
default-src 'self' data: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.oepay.com.hk *.octopus-cards.com *.oepay.octopus-cards.com *.comm.octopus.com.hk 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trkn.us code.jquery.com googleads.g.doubleclick.net player.ooyala.com analytics.ooyala.com connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com configusa.veinteractive.com s.pinimg.com ak.sail-horizon.com resources.xg4ken.com sb.scorecardresearch.com www.googletagmanager.com services.xg4ken.com secure.quantserve.com mediadesigngroup.measur.eu hallapx.apxprogrammatic.com apxprogrammatic.netmng.com www.googleadservices.com browser-update.org cdn.optimizely.com netdna.bootstrapcdn.com rules.quantcount.com ssl.google-analytics.com bat.bing.com secure.statcounter.com s.adroll.com twitter.com tagmanager.google.com ; img-src 'self' data: *.cloudfront.net www.facebook.com *.trkn.us *.gstatic.com secure-cf-c.ooyala.com www.google.com ssl.google-analytics.com ct.pinterest.com www.google-analytics.com pixel.quantserve.com bat.bing.com somni.feeln.com sb.scorecardresearch.com ad.doubleclick.net cm.g.doubleclick.net secure.adnxs.com player.ooyala.com analytics.ooyala.com 148.xg4ken.com adservice.google.com stats.g.doubleclick.net pinterest.adsymptotic.com 112.2o7.net *.amazon-adsystem.com *.googletagmanager.com dpm.demdex.net image2.pubmatic.com pixel.rubiconproject.com dsum-sec.casalemedia.com *.exelator.com tags.bluekai.com ce.lijit.com pixel.advertising.com x.bidswitch.net us-u.openx.net idsync.rlcdn.com p.adsymptotic.com beacon.krxd.net match.adsrvr.org *.rackcdn.com placehold.it code.jquery.com c.statcounter.com *.amazonaws.com *.spiritclips.com secure.fastclick.net trc.taboola.com http://quantcast.partners.tremorhub.com usermatch.targeting.unrulymedia.com eb2.3lift.com cs.lkqd.net track-east.mobileadtrading.com lib.adnxs.com *.netmng.com pippio.com contextual.media.net login.dotomi.com; connect-src 'self' *.trkn.us secure-cf-c.ooyala.com ct.pinterest.com appsapiusa.veinteractive.com player.ooyala.com api.sail-personalize.com licensing.bitmovin.com sb.scorecardresearch.com yod9dgdwqa.execute-api.us-west-2.amazonaws.com *.feeln.com *.hmnow.com api.sail-track.com logx.optimizely.com cdsusa.veinteractive.com cookieu2.veinteractive.com *.optimizely.com *.facebook.com sessionapiusa.veinteractive.com; frame-src 'self' 8529521.fls.doubleclick.net *.trkn.us www.google.com player.ooyala.com analytics.ooyala.com l.ooyala.com bid.g.doubleclick.net www.facebook.com configusa.veinteractive.com staticxx.facebook.com; child-src 'self' 8529521.fls.doubleclick.net player.ooyala.com analytics.ooyala.com l.ooyala.com bid.g.doubleclick.net www.facebook.com configusa.veinteractive.com staticxx.facebook.com; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com player.ooyala.com fonts.googleapis.com code.jquery.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com player.ooyala.com; object-src 'self' blob:; media-src * blob: data:; worker-src 'self' blob:; report-uri https://apify.hmnow.com/v3/csp.json 2
default-src 'self' * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:;connect-src 'self' blob: *.bg.co.uk *.wgp-bgs.co.uk *.birdguides.com *.birdguides-cdn.com https://vimeo.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com ws://am.freshrelevance.com http://am.freshrelevance.com *.traveldesk.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com *.g.doubleclick.net;base-uri 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv.azureedge.net gcv-cms.azureedge.net gcv-dev.azureedge.net gcv-qa.azureedge.net gcv-qa2.azureedge.net gcv-qa3.azureedge.net www-gcv.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com; 2
frame-ancestors  http://one.axa.com http://author.one.axa.com http://pre.one.axa.com http://author.pre.one.axa.com 2
default-src 'unsafe-inline' https:; img-src data: https: 2
default-src 'none'; img-src 'self' data: https://matomo.localethereum.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.localethereum.com https://onesignal.com; style-src 'self' 'unsafe-inline' https://onesignal.com; object-src 'none'; connect-src 'self' data: https://api.localethereum.com https://api.localethereumapi.com https://localcryptosapi.com https://api.localcryptosapi.com https://proxy.api.localethereumapi.com https://api.localethereum.dev.michael.pub https://localethereum-user-blobs.s3.amazonaws.com https://mainnet.infura.io wss://bridge.walletconnect.org https://onesignal.com; font-src 'self' https://fonts.gstatic.com; media-src 'self'; frame-src https://localethereum.com https://onesignal.com https://widget.portis.io https://x2.fortmatic.com; frame-ancestors https://myethvault.com; manifest-src 'self'; base-uri 'self'; form-action 'self' 2
frame-ancestors 'self' cooper.fastcommand.com cooperhealth.org cooperhealth.edu *.cooperhealth.org *.cooperhealth.edu 2
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
default-src https: 2
script-src 'self'; object-src 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://p.typekit.net https://fonts.gstatic.com https://siteimproveanalytics.com https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io photoshelter.com; 2
script-src * 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.anthem.com 2
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 2
default-src 'self' *.projects-abroad.net fonts.googleapis.com www.google-analytics.com www.gstatic.com fonts.gstatic.com connect.facebook.net www.googletagmanager.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com js.hs-scripts.com js.hscta.net js.hsforms.net forms.hsforms.com js.hs-analytics.net cta-service-cms2.hubspot.com d10lpsik1i8c69.cloudfront.net code.jquery.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com native.testing.equest.com www.google.com *.docusign.net www.youtube.com youtu.be player.vimeo.com docs.google.com 'unsafe-inline' 'unsafe-eval' data: font;frame-src 'self' www.google.com www.youtube.com www.facebook.com staticxx.facebook.com orangehrm.orangehrm.com vars.hotjar.com bid.g.doubleclick.net forms.hsforms.com native.testing.equest.com *.amazonaws.com;connect-src 'self' *.orangehrm.com settings.luckyorange.net vc.hotjar.com vc.hotjar.io in.hotjar.com;worker-src blob: 'self';img-src * 'self' data: blob: 2
policy-uri /'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' msg.playcanvas.com code.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com cdn.webglstats.com https://s3-eu-west-1.amazonaws.com 2
frame-ancestors 'self' https://www.kabeldeutschland.de https://www.vodafone.de https://gigakombi.vodafone.de 2
frame-src 'self' *.2wglobal.com *.vimeo.com *.vimeocdn.com *.youtube.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.facebook.com 2
default-src 'self' gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com data:; script-src 'self' https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline' data:; object-src 'self'; child-src gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self' https://t2.jiji.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self'  https://ds-aksb-a.akamaihd.net https://*.demdex.net https://*.gsam.com https://*.gs.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com data:; style-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com; connect-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com; font-src 'self' https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data:; img-src 'self' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data:; object-src 'self'; frame-src 'self'  https://information.huntonak.com https://cdn.yoshki.com https://www.youtube.com https://player.vimeo.com; 2
base-uri 'self'; connect-src 'self'  *.edgy.app; media-src 'self'  *.edgy.app; frame-ancestors 'self'  *.edgy.app 2
default-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: http://fonts.googleapis.com https://fonts.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com; font-src 'unsafe-eval' 'unsafe-inline' 'self' https://cloud.webtype.com https://fonts.gstatic.com data: http://*.hotjar.com https://*.hotjar.com; object-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src https: 'self' http://*.hotjar.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors 'self' *.photoreading.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' chws02 chws02.mc-gov.net *.mc-gov.net *.montva.com *.montgomerycountyva.gov *.montgomerycountyva.gov/sitefinity/* *.vamcso.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org chws02 chws02.mc-gov.net *.mc-gov.net *.montva.com *.montgomerycountyva.gov *.montgomerycountyva.gov/sitefinity/* *.vamcso.org syndication.twitter.com platform.twitter.com https://weatherwidget.io *.twitter.com *.fema.gov; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com code.jquery.com cdnjs.cloudflare.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css *.twimg.com syndication.twitter.com platform.twitter.com chws02 chws02.mc-gov.net *.mc-gov.net *.montva.com *.montgomerycountyva.gov *.montgomerycountyva.gov/sitefinity/*; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com blob: *.eloqua.com track.hubspot.com code.jquery.com cdnjs.cloudflare.com data:; media-src 'self' blob: *.youtube.com youtu.be data: public.sheltermanager.com https://www.podbean.com; frame-src 'self' https://www.youtube.com/ https://www.podbean.com https://player.vimeo.com/ public.sheltermanager.com/ http://youtu.be https://youtu.be *.youtube.com https://www.youtube.com/ https://www.podbean.com https://player.vimeo.com/ public.sheltermanager.com/ platform.twitter.com *.twitter.com weatherwidget.io syndication.twitter.com platform.twitter.com https://www.fema.gov https://weatherwidget.io data: chws02 chws02.mc-gov.net *.mc-gov.net *.montva.com *.montgomerycountyva.gov *.vamcso.org; 2
frame-ancestors 'self' cdn.blueconic.net latt.blueconic.net 2
default-src='self' 2
frame-ancestors 'self' https://pagesense.zoho.eu 2
frame-ancestors *.firstclasswatches.co.uk *.firstclasswatches.com 2
frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/enforce; 2
default-src 'self' *.googlesyndication.com; connect-src 'self' wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com securepubads.g.doubleclick.net *.gstatic.com; frame-src 'self' *.google.com aexp.demdex.net *.aexp.demdex.net  *.omtrdc.net *.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com cloud.typography.com www.skymilesdining.com; font-src 'self' data: *.zopim.com *.gstatic.com; img-src 'self' *.zopim.io *.zopim.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.gstatic.com data: stats.g.doubleclick.net loyaltypartner.122.2o7.net *.omtrdc.net *.ggpht.com seal-chicago.bbb.org *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.doubleclick.net *.zopim.com assets.adobedtm.com aexp.demdex.net *.omtrdc.net assets.zendesk.com *.zdassets.com seal-chicago.bbb.org *.hotjar.com nexus.ensighten.com; form-action 'self'; 2
connect-src 'self' https://maps.googleapis.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://dpm.demdex.net https://in.hotjar.com https://vc.hotjar.io https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' https://fonts.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://maps.googleapis.com https://fast.wistia.com https://www.googletagmanager.com https://assets.adobedtm.com https://www.googleadservices.com https://www.google-analytics.com https://static.hotjar.com https://get.siriuscom.com https://static.ads-twitter.com https://snap.licdn.com https://siriuscontenttest.112.2o7.net https://script.hotjar.com https://www.inxero.com https://inxo-cdn.inxero.com https://www.youtube.com https://app.wistia.com https://unpkg.com/leaflet@1.3.4/dist/leaflet.css https://unpkg.com/leaflet@1.3.4/dist/leaflet.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://inxo-cdn.inxero.com https://unpkg.com/leaflet@1.3.4/dist/leaflet.css; img-src 'self' 'unsafe-inline' https://embedwistia-a.akamaihd.net https://fast.wistia.com https://www.google-analytics.com data: https://app.wistia.com https://api.tiles.mapbox.com/ https://unpkg.com/leaflet@1.3.4/dist/images/marker-icon.png; media-src self 'unsafe-inline' https://www.siriuscom.com blob:; default-src 'none' https://get.siriuscom.com https://vars.hotjar.com https://fast.wistia.com https://vc.hotjar.io https://www.inxero.com https://e.issuu.com https://www.youtube.com https://app.wistia.com 'unsafe-inline' 'self' https://www.slideshare.net; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net *.api.here.com; object-src 'self'; img-src * 'self' https: data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net; style-src 'unsafe-inline' 'self' fonts.googleapis.com js.api.here.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com dq4irj27fs462.cloudfront.net; connect-src 'self' blob: *.lancom-systems.de *.lancom-systems.com wss://chat.userlike.com chat.userlike.com api.userlike.com www.google-analytics.com *.doubleclick.net *.hereapi.com js.api.here.com ; media-src 'self' dq4irj27fs462.cloudfront.net blob: ; worker-src 'self' blob: ; 2
default-src 'self' 'report-sample' *.google-analytics.com; script-src 'self' 'report-sample' code.jquery.com ajax.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; frame-src 'self' *.youtube.com www.google.com; font-src 'self' fonts.gstatic.com data:; form-action 'self' https://checkout.globalgatewaye4.firstdata.com; upgrade-insecure-requests; report-uri /errors/cspreport.php; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.segment.com dev.visualwebsiteoptimizer.com embedwistia-a.akamaihd.net fast.fonts.net fast.wistia.com fast.wistia.net js.hsforms.net *.hubspot.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://js-agent.newrelic.com https://connect.facebook.net https://bam.nr-data.net https://js.hs-analytics.net https://www.googleadservices.com https://secure.quantserve.com https://rules.quantcount.com https://js.hs-scripts.com https://app.wistia.com *.cloudfront.net jobs.jobvite.com *.vwo.com; object-src 'self' blob:; worker-src 'self' blob:; 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com code.jquery.com ajax.googleapis.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com storage.googleapis.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com translate.googleapis.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com *.interactions.giosgusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; font-src 'self' data: use.typekit.net *.typekit.net fonts.gstatic.com fonts.googleapis.com storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io www.google-analytics.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se maps.googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com translate.google.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com tagmanager.google.com ssl.gstatic.com translate.googleapis.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com commondatastorage.googleapis.com i.ytimg.com dl.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com performance.typekit.net p.typekit.net api.siteattention.com www.google-analytics.com stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com tagmanager.google.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com api.giosg.com wss://www.upm.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com dl.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com tools.eurolandir.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' https://*.bigbrotherawards.nl 2
true 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  2
default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; 2
default-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; 2
default-src 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:*;script-src 'self' 'unsafe-eval' https://*.sbanken.no https://www.google-analytics.com https://optimize.google.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://*.sbanken.no https://optimize.google.com;img-src 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:* https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://finncdn.no https://*.finncdn.no/ https://*.google.com https://*.google.no https://www.facebook.com;frame-src 'self' * https://optimize.google.com;font-src 'self' data: https://*.sbanken.no https://optimize.google.com;connect-src 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:* https://www.google-analytics.com https://optimize.google.com https://stats.g.doubleclick.net https://online.adservice.com;frame-ancestors 'self' https://*.sbanken.no https://sbanken.no https://*.internbank.no:* https://internbank.no:*;report-uri https://secure.sbanken.no/Authentication/WebResource.axd?cspReport=true 2
frame-ancestors https://www.davidchipperfield.co.uk 2
frame-ancestors 'self' app.vwo.com subs09.app.clicktale.com dev.renovateamerica.com qa.renovateamerica.com stage.renovateamerica.com authoring.renovateamerica.com www.renovateamerica.com training.renovateamerica.com go.renovateamerica.com go.pardot.com apply.renovateamerica.com 2
default-src 'self' data: gap: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://service.maxymiser.net https://*.iesnare.com https://*.netspend.net https://*.paypal.com; connect-src 'self' gap: file: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://*.netspend.net https://*.hockeyapp.net https://*.propay.com https://*.appsflyer.com https://*.onelink.me *.westernunion.com https://heapanalytics.com https://*.heapanalytics.com https://www.youtube.com; frame-src gap: https://*.paypal.com https://*.linksynergy.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://service.maxymiser.net https://web.idologylive.com https://us.personalcard.net https://*.cashedge.com https://*.netspend.net https://*.netspend.com https://www.google.com https://www.youtube.com https://www.aceflareaccount.com https://www.aceelitecard.com https://www.wunetspendprepaid.com https://www.transact711.com https://www.hebprepaid.com https://www.mycontrolcard.com https://www.netspendallaccess.com https://www.gianteagleprepaid.com https://www.brinksprepaidmastercard.com https://www.brinksmoneyallaccess.com https://www.brinkspaycard.com https://www.skylightpaycard.com https://www.skylightallaccess.com https://www.acebusinessselectcard.com https://www.paypal-prepaid.com https://www.meijerprepaidcard.com https://netspend.mileageplusgo.com; font-src 'self' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.googleapis.com *.gstatic.com https://service.maxymiser.net https://heapanalytics.com https://*.heapanalytics.com https://www.youtube.com; img-src 'self' data: blob: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.co.uk *.googletagmanager.com https://stats.g.doubleclick.net https://images.cardlytics.com https://*.linksynergy.com https://service.maxymiser.net https://*.paypal.com https://*.netspend.net https://static.helpjuice.com https://heapanalytics.com https://*.heapanalytics.com https://www.youtube.com; object-src https://*.iesnare.com; style-src 'self' 'unsafe-inline' https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net https://tagmanager.google.com *.googleapis.com https://heapanalytics.com https://*.heapanalytics.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://*.mysmartone.com https://dlxobnwx015t0.cloudfront.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.googleadservices.com https://intljs.rmtag.com https://113.xg4ken.com https://*.linksynergy.com https://service.maxymiser.net https://*.netspend.net https://*.hockeyapp.net https://*.acecashexpress.com https://*.force.com https://*.iesnare.com https://*.iovation.com https://*.appsflyer.com https://*.onelink.me https://*.paypal.com https://bat.bing.com *.propay.com *.westernunion.com https://heapanalytics.com https://*.heapanalytics.com https://www.youtube.com *.ytimg.com; report-uri /webapi/v2/csp/report 2
frame-ancestors 'self' https://analytics.google.com/analytics/ https://*.buypass.no https://*.buypass.com https://*.norsk-tipping.no https://*.altinn.no; default-src 'self' 'unsafe-inline' https://www.gstatic.com https://sjs.bizographics.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://player.pippa.io/ https://analytics.google.com/analytics/ https://sdks.shopifycdn.com/ https://buypass-as.myshopify.com *.buypass.no *.buypass.com; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://v.shopify.com data: 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
script-src 'unsafe-inline' 'unsafe-eval' https: eddirasa.net *.eddirasa.net *.googlesyndication.com *.doubleclick.net *.google.com; img-src https: data:; font-src https: data: eddirasa.net; worker-src 'unsafe-inline' 'unsafe-eval' https: blob: eddirasa.net *.eddirasa.net *.googlesyndication.com *.doubleclick.net *.google.com; upgrade-insecure-requests 2
frame-ancestors https://www.milanomalpensa-airport.com https://www.milanolinate-airport.com https://external.airport.ai 2
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com fullstory.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com;         connect-src * 'self' data: *.hubspot.com;         frame-src 'self' data: player.vimeo.com js.driftt.com;        style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;         media-src 'self' data: www.qualia.com;         object-src 'none';         upgrade-insecure-requests 2
frame-ancestors 'self' https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com  http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com 2
frame-ancestors 'self' https://cvonline.lt https://www.cvonline.lt; 2
block-all-mixed-content; frame-ancestors 'none' 2
frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2
frame-ancestors http://*.nip.io/ 'self' www.miclaroapp.com.co miclaroapp.com.co www.claroaparatiprimero.co claroparatiprimero.co www.apiselfservice.co apiselfservice.co https://servidorclaro-cristianfuentes.c9users.io/ https://www.claro.com.co/ https://miclaroweb-fabricadigital.codeanyapp.com/ sscoqa.tmx-internacional.net www.miclaro.com.co http://aplicaciones.claro.com.co/; 2
default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://www.google-analytics.com/j/collect https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synology.jobbase.io https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://secure.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://alb.reddit.com https://t.co/i/adsct https://p.adsymptotic.com/d/px https://bat.bing.com data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com; script-src 'self' data: blob: https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://synology.jobbase.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
connect-src 'self' https://www.dlcompare.com https://ajax.googleapis.com data: https://www.googletagmanager.com https://www.google-analytics.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ckeditor.iframe.ly https://d3tg06jbotvai2.cloudfront.net https://dlcompare-images.s3.eu-west-3.amazonaws.com https://www.dlcompare.com https://js.gleam.io https://cdn.syndication.twimg.com https://cdn.ckeditor.com https://adservice.google.fr https://pagead2.googlesyndication.com https://www.gstatic.com https://platform.twitter.com https://www.google.com  https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src * data:; style-src 'self' 'unsafe-inline' https://d3tg06jbotvai2.cloudfront.net https://dlcompare-images.s3.eu-west-3.amazonaws.com https://www.dlcompare.com https://platform.twitter.com https://cdn.ckeditor.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://d3tg06jbotvai2.cloudfront.net http://fonts.gstatic.com https://www.dlcompare.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src *; object-src 'self' https://www.youtube.com; base-uri 'self'; 2
block-all-mixed-content;frame-ancestors *.web.de web.de http://images.google.de 2
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.olay.com.cn *.pantene.com.cn *.gillette.com.cn *.rejoice.com.cn *.vidalsassoon.com.cn *.crest.com.cn *.braun.com.cn *.always.com.cn *.head-shoulders.com.cn *.safeguard.com.cn *.oralb.com.cn *.whisper.com.cn *.vicks.com.cn *.cnpgsitecore.com *.pg.com.cn *.happywhisper.com.cn *.betrad.com *.rfihub.net *.cdnmaster.com *.cdnmaster.cn *.agkn.com *.tpcserve.com *.google-analytics.com *.googletagmanager.com *.chinacloudsites.cn *.pgerase.com *.vs.com.cn *.iesnare.com *.qq.com 2
: frame-ancestors 2
frame-ancestors https://*.acufinder.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 2
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com data:; script-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com 'sha256-Zc2oA+UYJ+DvoL6dBPANTH0scVupEzz5Lf3etbzNLtI=' 2
frame-ancestors 'self' *.google.de *.google.ch *.google.at *.google.nl *.google.cz *.google.sk *.google.com *.google.se *.optimizely.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.no *.spyber.com *.googleapis.com *.addthis.com *.pinterest.com *.addthisedge.com *.apis.google.com *.googlesyndication.com; style-src 'self' *.googleapis.com 'unsafe-inline'; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'none'; 2
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 2
default-src 'self' mailto: https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.addthis.com/ https://optimize.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com http://localhost:50029 https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com stats.g.doubleclick.net https://angular-ui.github.io https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://siteimproveanalytics.com/ https://policy.cookiereports.com/ https://connect.facebook.net https://*.twitter.com https://www.googleadservices.com/pagead/conversion_async.js https://v1.addthisedge.com https://v1.addthis.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com https://*.youtube.com https://s.ytimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://*.twitter.com; img-src 'self' https://www.googletagmanager.com https://gowlingwlg.com *.google.com https://www.google.co.uk http://*.twimg.com https://*.twimg.com https://www.google.ca/ https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://us2.siteimprove.com stats.g.doubleclick.net data: https://*.twitter.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' http://localhost:50029; report-uri /WebResource.axd?cspReport=true https://m.addthis.com; frame-src 'self' https://mozbar.moz.com/ https://edge.addthis.com/ https://optimize.google.com s7.addthis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.media-server.com https://*.slideshare.net https://*.vuturevx.com https://*.gowlingwlg.com https://cdn.yoshki.com/ https://w.soundcloud.com/ https://html5-player.libsyn.com https://player.vimeo.com https://*.twitter.com https://twitter.com; media-src 'self' https://*.gowlingwlg.com http://*.libsyn.com 2
default-src 'self' https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://*.google.com https://www.google-analytics.com https://*.hotjar.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://*.draghmar.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; img-src 'self' https://purefarminggame.com https://*.purefarminggame.com https://tormentgame.com https://*.tormentgame.com https://techland.net https://*.techland.net https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://t.co/i/adsct; frame-src 'self' https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/; connect-src 'self' https://mc.yandex.ru https://in.hotjar.com 2
default-src 'unsafe-eval' 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; connect-src *; font-src * data: 2
frame-ancestors 'self' https://www.rafi.com/ 2
default-src 'self'; base-uri 'none'; img-src 'self' data:; child-src 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
default-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net; img-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net data:; connect-src 'self' https://*.santanderconsumer.pl http://*.santanderconsumer.pl https://*.savecart.pl http://*.savecart.pl https://*.facebook.com http://*.facebook.com https://*.retargeted.co https://*.scbpl.srv; script-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net 'unsafe-inline' 'unsafe-eval'; style-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.google.com http://*.google.com https://*.googlecode.com http://*.googlecode.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://*.ytimg.com http://*.ytimg.com https://*.facebook.com http://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.fbcdn.net http://*.fbcdn.net 'unsafe-inline' 2
default-src https://d27urz3c38hyx4.cloudfront.net; img-src https://d27urz3c38hyx4.cloudfront.net data:; style-src https://d27urz3c38hyx4.cloudfront.net 'unsafe-inline'; script-src https://d27urz3c38hyx4.cloudfront.net; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none' 2
default-src 'self' https://www.engie.ro;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gateway.zscloud.net https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com/ https://googleads.g.doubleclick.net;  style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: blob: https://www.engie.ro https://gateway.zscloud.net https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://engie-romania.force.com; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: https://gwss.engie.ro https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io/; reflected-xss block; 2
default-src 'self' https://*.ubembed.com http://*.ubembed.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com/ https://lkq.qumucloud.com/ https://cdn.qumucloud.com/ https://ssl.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagservices.com/ https://www.googletagmanager.com https://connect.facebook.net/ https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://gateway.zscalertwo.net https://fs17.formsite.com/ http://cdn.jsdelivr.net/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com/ https://maps.googleapis.com/  http://ajax.googleapis.com/ http://maps.googleapis.com http://www.interactivegarage.com https://www.interactivegarage.com http://emarketing.ekeystone.com/abm/abm.aspx?z=28;  style-src 'self' 'unsafe-inline' https://cdn.qumucloud.com/ https://lkq.qumucloud.com http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com; img-src 'self' http://media.ekeystone.com/ https://lkq.qumucloud.com/ https://cdn.qumucloud.com/ https://fonts.gstatic.com/ https://www.google-analytics.com/  http://vehiclepartimages.com/ https://www.google.com/ http://www.google-analytics.com/ https://www.facebook.com/ https://gateway.zscalertwo.net https://stats.g.doubleclick.net https://ssl.google-analytics.com/ http://media.viantp.com/ https://www.google.co.in/pagead/ http://www.googletagmanager.com/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com http://emarketing.ekeystone.com data:; child-src 'self' https://lkq.qumucloud.com https://sdn.sitecore.net http://sdn.sitecore.net https://www.google.com https://recruiting.adp.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://fs17.formsite.com/ http://www.youtube.com https://*.ubembed.com/ http://www.facebook.com  https://*.pages.ubembed.com http://*.ubembed.com http://*.pages.ubembed.com http://www.interactivegarage.com https://www.interactivegarage.com https://gateway.zscalertwo.net; font-src 'self' https://cdn.qumucloud.com/ https://fonts.gstatic.com https://*.ubembed.com  http://*.ubembed.com data:; frame-ancestors 'self'; media-src 'self' http://media.ekeystone.com/ http://vehiclepartimages.com/ https://*.ubembed.com http://*.ubembed.com; 2
frame-ancestors 'self' cse.google.com; 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
default-src * data: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 2
script-src 'unsafe-inline' 'self' fonts.googleapis.com www.google.com www.gstatic.com recaptcha.msgapp.com cdn.ampproject.org www.google-analytics.com client-analytics.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.sandbox.braintreegateway.com js.braintreegateway.com marketing.suzohapp.com stats.g.doubleclick.net maps.googleapis.com maps.google.com ajax.googleapis.com mts1.googleapis.com 2
default-src 'self'; object-src 'none'; sandbox allow-scripts allow-same-origin allow-popups; frame-ancestors 'none'; form-action 'none'; base-uri 'self'; report-uri /views/layouts/csp-reports.jsp; plugin-types text/html;img-src 'self' data: https://storage.googleapis.com/answerconnect-vr2/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.google.co.in/pagead/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://bat.bing.com/ https://storage.googleapis.com/livesupport/ https://www.google.com/ https://www.google-analytics.com https://lh3.googleusercontent.com/ https://ssl.google-analytics.com/ https://stats.g.doubleclick.net/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.0.3/purify.js https://signup-dot-live-cwa.appspot.com/ https://signup-dot-stagingclientwebaccess-hrd.appspot.com/ https://maps.googleapis.com/ https://storage.googleapis.com/clientaccess/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://www.googleadservices.com/ https://www.trustpilot.com/  https://livesupport-app.appspot.com/client/get/script/LS-5c96b4fd https://app.chatsupport.co/api/client/get/script/LS-9418ffaa https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://widget.trustpilot.com https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/ https://bat.bing.com/bat.js https://cdn.callrail.com/companies/ https://js.callrail.com/group/ https://script.hotjar.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://storage.googleapis.com/;font-src 'self' https://fonts.gstatic.com/ https://storage.googleapis.com/livesupport/chat/fonts/ data:;connect-src 'self' https://livesupport-app.appspot.com/api/ wss://rtmserver.anywhereworks.com/ https://js.callrail.com/; media-src 'self' https://ssl.gstatic.com/ https://storage.googleapis.com/livesupport/;frame-src 'self' https://bid.g.doubleclick.net/ https://widget.trustpilot.com https://www.googletagmanager.com/ https://vars.hotjar.com/; 2
script-src 'unsafe-inline' 'unsafe-eval' *.museumofthehome.org.uk ajax.googleapis.com maps.googleapis.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.addthis.com *.addthisedge.com *.ytimg.com; style-src 'self' 'unsafe-inline'  *.fonts.net; 2
default-src 'self' data: gap: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com  https://*.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://scai.maerskline.com https://api.massrelevance.com https://img.en25.com https://*.bizographics.com https://*.doubleclick.net https://*.linkedin.com; img-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://www.google.co.uk https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://*.google.dk https://scai.maerskline.com https://www.google.com/ads/ga-audiences* https://*.bizographics.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://www.google.com/recaptcha/ https://*.cookieinformation.com https://*.youku.com; font-src 'self' data: https://*.zscalertwo.net https://*.maersk.com https://*.sealandmaersk.com https://*.sealandmaersk.com.cn https://*.sealand.com https://*.seagoline.com https://*.mcc.com.sg https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 2
font-src https://www.callisonrtkl.com https://cdn.crtkl.com data: 2
default-src 'self' 'unsafe-inline' *.googletagmanager.com *.datatables.net *.zdassets.com *.googleapis.com *.cloudflare.com *.google.com *.gstatic.com *.zendesk.com *.google-analytics.com *.amazonaws.com *.claveunica.gob.cl *.tesoreria.cl *.tgr.cl *.tegere.info; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.datatables.net *.zdassets.com *.googleapis.com *.cloudflare.com *.google.com *.gstatic.com *.zendesk.com *.google-analytics.com *.amazonaws.com *.claveunica.gob.cl *.tesoreria.cl *.tgr.cl *.tegere.info; img-src *; 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://cdn.ravenjs.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
default-src https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval';
 script-src https://connect.facebook.net https://googleadservices.com https://api-maps.yandex.ru https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru https://www.googleadservices.com https://www.google-analytics.com https://*.maps.yandex.net https://*.yandex.ru https://vk.com https://connect.facebook.net https://web.chat2desk.com https://*.chat2desk.com https://top-fwz1.mail.ru https://cdn.jsdelivr.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.carrotquest.io https://tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval';
 style-src data: https://livechat.chat2desk.com https://yandex.ru https://tagmanager.google.com https://fonts.googleapis.com https://web.chat2desk.com https://cdn.jsdelivr.net 'self' 'unsafe-inline';
 img-src data: https://www.google.co.uk https://login.vk.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://*.yandex.ru https://*.yandex.net https://stats.g.doubleclick.net https://*.facebook.com https://*.mail.ru https://*.chat2desk.com https://vk.com https://*.vk.ru https://*.google.com https://*.google.ru 'self';
 worker-src https://*.yandex.ru https://3d.sviaz-bank.ru https://*.doubleclick.net https://*.facebook.net https: 'self';
 frame-src https://3d.sviaz-bank.ru https://ibtst.sviaz-bank.ru http://ibtst.sviaz-bank.ru https: 'self';
 frame-ancestors https://3d.sviaz-bank.ru https://ibtst.sviaz-bank.ru http://ibtst.sviaz-bank.ru http://webvisor.com https: 'self';
 font-src https://cdn.carrotquest.io https://*.gstatic.com https://*.mail.ru https://*.chat2desk.com 'self';
 connect-src https://api.carrotquest.io https://*.yandex.ru https://yandex.ru https://*.chat2desk.com https://*.mail.ru https://go.mail.ru https://googleads.g.doubleclick.net https://www.google.com https://www.google.ru https://suggestions.dadata.ru wss://livechat.chat2desk.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com 'self';
 object-src 'self';
 media-src 'self';
 report-uri /csp/report.php; 2
default-src 'self' https://*.expresspigeon.com https://*.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.expresspigeon.com https://cdn.ampproject.org https://v2.zopim.com https://*.vimeocdn.com https://tracking.g2crowd.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googleusercontent.com https://*.google.com https://*.linkedin.com https://*.licdn.com https://*.zendesk.com https://*.facebook.net https://*.facebook.com https://*.doubleclick.net https://*.googleapis.com  https://*.cloudfront.net https://expresspigeonblog.disqus.com https://*.disquscdn.com https://disqus.com https://platform.twitter.com https://*.zdassets.com; img-src data: *; style-src 'self' 'unsafe-inline' https://*.expresspigeon.com https://*.disquscdn.com https://*.cloudfront.net https://*.googleapis.com https://assets.zendesk.com https://*.google.com; frame-src 'self' https://www.youtube.com https://assets.zendesk.com https://*.facebook.com https://*.twitter.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com https://*.google.com https://disqus.com https://bid.g.doubleclick.net https://player.vimeo.com; object-src 'self' blob: filesystem:; font-src 'self' data: https://expresspigeon.com https://*.expresspigeon.com https://*.cloudfront.net https://*.gstatic.com https://*.googleusercontent.com https://*.zopim.com; connect-src https://expresspigeon.zendesk.com https://expresspigeon.com https://ekr.zdassets.com https://*.cloudfront.net https://featherservices.aviary.com https://*.expresspigeon.com https://*.facebook.com wss://*.zopim.com https://*.zdassets.com 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://img.szsing.com https://mobile.bitkan.com https://res.wx.qq.com https://static.bitkan.com https://www.google-analytics.com https://www.googletagmanager.com https://hm.baidu.com https://www.sobot.com https://aeis.alicdn.com https://g.alicdn.com https://cf.aliyun.com https://ynuf.alipay.com https://static.geetest.com https://api.geetest.com https://monitor.geetest.com https://dn-staticdown.qbox.me; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://img.szsing.com https://mobile.bitkan.com https://static.bitkan.com https://fonts.googleapis.com https://static.geetest.com https://dn-staticdown.qbox.me; font-src 'self' data: https://img.szsing.com https://mobile.bitkan.com https://static.bitkan.com https://fonts.gstatic.com https://at.alicdn.com; frame-src 'self' redpacket: https://mobile.bitkan.com  https://bitkan.com https://beta.bitkan.com https://static.bitkan.com https://www.sobot.com https://v.qq.com https://player.youku.com; connect-src 'self' https://img.szsing.com https://mobile.bitkan.com https://wapi.bitkan.com wss://s.btckan.com:8080 wss://imws.sobot.com:* https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://hm.baidu.com https://upload.qiniup.com https://ynuf.alipay.com https://cors-anywhere.bitkan.com https://uplog.qbox.me https://api.qiniu.com; object-src 'none' 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; 2
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com sdk.companywebcast.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' track.yello.de *.usabilla.com *.cloudfront.net *.mouseflow.com *.ekomi.com *.wt-safetag.com *.doubleclick.net *.googleadservices.com *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com *.adform.net *.adjust.com *.dwin1.com *.awin1.com *.zenaps.com ad4m.at ad4mat.net ad4mat.de *.ad4mat.net *.intelliad.de *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com t.nativendo.de;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.thunderhead.com;img-src 'self' data: track.yello.de *.contentful.com *.ctfassets.net *.usabilla.com *.cloudfront.net *.mouseflow.com *.wcfbc.net *.google-analytics.com *.doubleclick.net *.google.com *.google.de *.gstatic.com *.googletagmanager.com *.tagmanager.google.com *.googleusercontent.com *.ytimg.com *.awin1.com ad4m.at *.ad4m.at *.ad4mat.net r.adserver01.de r.adc-serv.net r.df-srv.de ad11.adfarm1.adition.com ih.adscale.de a.twiago.com ads.creative-serving.com imagesrv.adition.com ads.creative-serving.com secure.adnxs.com x.bidswitch.net dpm.demdex.net match.justpremium.com *.intelliad.de *.tradedoubler.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.communicationads.net;frame-src *.usabilla.com *.cloudfront.net *.ekomi.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.adform.net *.awin1.com ad4m.at *.intelliad.de *.rfihub.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com;connect-src 'self' track.yello.de dc.services.visualstudio.com localhost:* *.mouseflow.com *.ekomi.com *.zenaps.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.nexcheck.de wss://*.nexcheck.de;frame-ancestors 'self' *.yello.de localhost:* 2
Content-Security-Policy-Report-Only 2
connect-src 'self'       https://www.google-analytics.com       https://open.http.mp.streamamg.com       https://cf.vod.mp.streamamg.com        http://www.aragontelevision.es            *.cloudfront.net       *.yourcommunify.com       yourcommunify.com        *.google-analytics.com;              default-src *.realsociedad.com       *.realsociedad.eus       blob:       'self';              style-src 'self' 'unsafe-inline'       *.cloudfront.net       *.googleapis.com;              img-src 'self'         http://placehold.it        https://twitter.github.io        https://stats.g.doubleclick.net/        https://www.google.com        https://www.facebook.com/        https://www.google.es        http://realsociedadcdnpre.barrabes.biz                       https://cdn.realsociedad.eus        https://cdntienda.realsociedad.eus                       https://cdntienda.realsociedad.com                        http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com        *.cloudfront.net                       https://img.youtube.com        *.azureedge.net        *.google-analytics.com        https://cdn.realsociedad.com        data:        https://maps.googleapis.com        https://open.http.mp.streamamg.com        https://cdn.bleacherreport.net/        *.w55c.net         *.gstatic.com;              media-src 'self'                        https://cdn.realsociedad.eus                        https://cdntienda.realsociedad.com        https://cdntienda.realsociedad.eus                              http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com                       https://img.youtube.com        http://www.aragontelevision.es        *.twimg.com;              font-src 'self'       https://open.http.mp.streamamg.com       *.gstatic.com;               script-src 'self'                          'unsafe-inline'        https://stats.mp.streamamg.com       http://open.http.mp.streamamg.com                         https://www.realsociedad.com       https://www.realsociedad.eus                         https://www.googletagmanager.com                          http://www.google-analytics.com       https://ssl.google-analytics.com       'unsafe-eval'       https://www.youtube.com       https://connect.facebook.net       *.ytimg.com       *.cloudfront.net       *.w55c.net        *.hspvst.com       *.yourcommunify.com       yourcommunify.com       https://maps.googleapis.com;    object-src https://www.realsociedad.eus                          https://fundazioa.realsociedad.eus;    frame-src *.realsociedad.com        *.realsociedad.eus        *.cloudfront.net       *.yourcommunify.com       yourcommunify.com       http://www.youtube.com       https://www.youtube.com       https://connect.facebook.net       https://www.facebook.com       https://open.http.mp.streamamg.com/       https://www.eitb.eus       https://www.aragontelevision.es       http://www.aragontelevision.es       *.powerbi.com *.flipsnack.com;  2
default-src 'self' *.persistent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net  https://tagmanager.google.com https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com  https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://script.hotjar.com  https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://vars.hotjar.com/ http://go.persistent.com/  https://bid.g.doubleclick.net/ http://get.adobe.com/  https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in  https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net  http://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://www.googleapis.com/  https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/  https://in.hotjar.com/ wss://ws6.hotjar.com  https://www.facebook.com/  https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 2
default-src 'self'; media-src 'self' *.youtube.com; img-src 'self' data: about: t.co *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com 51degrees.cachefly.net i.creativecommons.org licensebuttons.net *.dotnetnuke.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.licdn.com *.51degrees.com *.linkedin.com *.pinterest.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.addthis.com *.addthisedge.com *.twitter.com *.google.com *.facebook.net cdn.rawgit.com ajax.googleapis.com ts.51degrees.com cloud.51degrees.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com cdn.rawgit.com cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.51d.es 51des.azurewebsites.net; child-src 'self' *.addthisedge.com *.addthis.com *.facebook.com *.google.com *.twitter.com; connect-src 'self' *.51degrees.com *.twitter.com *.dnnsharp.com devicedatasubmissions.azurewebsites.net *.google-analytics.com *.doubleclick.net; 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d1x7e3pccdjra6.cloudfront.net https://www.google-analytics.com *.google.com *.newrelic.com https://bam.nr-data.net; object-src 'self' https://d1x7e3pccdjra6.cloudfront.net; style-src 'self' 'unsafe-inline' https://d1x7e3pccdjra6.cloudfront.net https://fonts.googleapis.com; img-src 'self' data: *.doubleclick.net https://d1x7e3pccdjra6.cloudfront.net https://www.google-analytics.com *.google.com https://maps.googleapis.com https://bam.nr-data.net; media-src 'none'; frame-src 'none'; font-src 'self' https://d1x7e3pccdjra6.cloudfront.net https://fonts.gstatic.com; connect-src 'self' https://bam.nr-data.net 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com ; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com https://fonts.gstatic.com https://sxt.cdn.skype.com ; frame-src https: ; report-uri /cspreport.htm 2
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=aa975688-092d-4ec2-a94a-c1f71b837209 2
default-src data: 'self' https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
referrer origin; 2
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' googleadservices.com rum-static.pingdom.net paypalobjects.com *.trustami.com *.trustlogo.com trustlogo.com *.ehi-siegel.de *.googletagmanager.com *.google-analytics.com googleadservices.com *.sovido.de *.comodo.com *.bing.com *.uptrendsdata.com cdn.dictum.com tagmanager.google.com; style-src 'unsafe-inline' 'self' vjs.zencdn.net cdn.dictum.com tagmanager.google.com fonts.googleapis.com; connect-src 'self' paypal.com rum-collector-2.pingdom.net *.sovido.de *.google-analytics.com *.tagmanager.google.com www.alphavantage.co; img-src * data:; font-src 'self' fonts.gstatic.com tagmanager.google.com vjs.zencdn.net cdn.dictum.com data:; object-src 'self'; media-src *.dictum.com *.rackcdn.com; frame-src 'self' paypal.com *.youtube.com *.google.com *.youtube-nocookie.com *.vimeo.com *.dailymotion.com *.googletagmanager.com; frame-ancestors 'self' *.youtube.com *.sovido.de; 2
frame-ancestors 'self' http://jobcloud.ch http://*.jobcloud.ch http://jobs.ch http://*.jobs.ch http://jobup.ch http://*.jobup.ch http://ingjobs.ch http://ictcareer.ch http://jobs4sales.ch http://financejobs.ch http://medtalents.ch http://jobwinner.ch http://alpha.ch http://topjobs.ch http://*.jobscout24.ch http://impieghi.ch http://*.impieghi.ch http://*.stellenmarkt.ch 2
default-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com/; child-src 'self'; worker-src 'self'; frame-src 'self'; img-src 'self' data: https://www.gravatar.com/ https://ps.w.org/; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;frame-ancestors 'self'; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval'  https:; worker-src 'self' blob:; child-src 'self' blob:;  style-src 'unsafe-inline' https:; 2
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; reflected-xss block 2
default-src *; child-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ; report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 2
frame-ancestors 'self'; default-src 'self'; base-uri 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src 'self' *.gstatic.com *.embedly.com data:;connect-src 'self' *.reddit.com *.akamaihd.net unite.spoe.at; media-src * blob: data: 'self'; object-src 'self'; frame-src * ; manifest-src 'self'; worker-src 'self' blob: data: ; form-action *; upgrade-insecure-requests; block-all-mixed-content; 2
script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com 2
frame-ancestors *.bellmts.ca http://*.mts.ca https://*.mts.ca http://mts.yellowpages.ca http://mts.canada411.ca https://icmanitoba.com https://login.stingray.com https://webplayer.stingray.com; 2
default-src 'self';  img-src 'self' 'unsafe-inline' * data: www.w3.org; frame-src 'self' staticcontents.investis.com vars.hotjar.com in.hotjar.com www.google.com sjp.getmediamanager.com careers.sjp.co.uk irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com sjp.hireserve-test.com sls-sjp.cs110.force.com www3.sjp.co.uk go.pardot.com sjp.force.com sjp.secure.force.com sjp-corp.staging.investis.com sjp-corp.production.investis.com sjp.co.uk my.visme.co a.visme.co; style-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gateway.zscloud.net tagmanager.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io cdnjs.cloudflare.com https://www.facebook.com vars.hotjar.com in.hotjar.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net sjp.getmediamanager.com *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com my.visme.co a.visme.co https://my.visme.co http://my.visme.co https://a.visme.co http://a.visme.co; media-src 'self'; connect-src 'self' https://in.hotjar.com https://vc.hotjar.io https://my.visme.co http://my.visme.co https://a.visme.co http://a.visme.co https://api.edq.com; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; form-action *; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 2
frame-ancestors 'self' *.valassisdigital.com; 2
default-src 'self' https://*.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu https://*.newrelic.com; frame-src 'self' https://*.wepublish.com https://*.polly.help https://*.hotjar.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.trustarc.com https://*.youtube.com https://*.criteo.com https://*.criteo.net https://millionpacman.pacorabanne.com https://sisleyquiz.nl https://view.publitas.com https://pixel.mathtag.com https://*.tradedoubler.com https://*.awin1.com https://*.zenaps.com https://*.pacorabanne.com https://wevegotyourback.prod2.mrynk.net https://www.jeanpaulgaultier.com/flankers/esampling/iciparisxl/en/ https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu https://w.soundcloud.com https://*.sagenda.net https://*.instagram.com https://*.jeanpaulgaultier.com https://claudiastrater-iciparisxl.happywinners.nl https://dot.vu https://*.hilarious.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.polly.help https://*.newrelic.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleadservices.com https://*.nr-data.net https://*.feefo.com https://*.doubleclick.net https://*.hotjar.com https://*.pingdom.net https://*.truste.com https://*.trustarc.com https://*.facebook.net https://d38knilzwtuys1.cloudfront.net https://*.shoppingminds.com https://*.peerius.com https://*.aswatson.net https://*.peerius.episerver.net https://*.optimizely.com https://*.iciparisxl.net https://*.iciparisxl.be https://*.iciparisxl.nl https://*.iciparisxl.lu https://*.mathtag.com https://*.dwin1.com https://*.criteo.net https://*.criteo.com https://view.publitas.com https://*.tradetracker.net https://*.zenaps.com https://s.go-mpulse.net https://*.instagram.com https://odigo-aswatson.dimelochat.com https://odigo-aswatson.ws.dimelo.com https://*.rackcdn.com https://*.bing.com; connect-src 'self' https://*.google-analytics.com https://*.feefo.com https://*.pingdom.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.shoppingminds.com https://*.shoppingminds.net https://*.doubleclick.net https://*.iciparisxl.net https://*.iciparisxl.be https://*.iciparisxl.nl https://*.iciparisxl.lu https://*.facebook.com https://*.facebook.net https://*.revieve.com https://*.peerius.com https://*.fragrancesoftheworld.com https://*.aswatson.net https://*.ovolab.com https://*.peerius.episerver.net https://*.newrelic.com https://*.zenaps.com https://c.go-mpulse.net https://*.akstat.io https://*.akamaihd.net wss://odigo-aswatson.ws.dimelo.com https://bam.nr-data.net https://*.dimelochat.com https://*.bing.com; style-src 'self' 'unsafe-inline' https://*.polly.help https://*.bootstrapcdn.com https://*.google.com https://*.googleapis.com https://d38knilzwtuys1.cloudfront.net https://cdnjs.cloudflare.com https://*.revieve.com https://*.uk.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.uk.aswatson.net https://*.iciparisxl.nl https://*.iciparisxl.be https://*.iciparisxl.lu; img-src 'self' https: data: blob: https://*.aswatson.net ; media-src 'self' https: data: blob: https://*.aswatson.net; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://openpay.s3.amazonaws.com/  https://ajax.googleapis.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://v2.zopim.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://script.crazyegg.com/ https://widget-mediator.zopim.com https://connect.facebook.net/ https://stackpath.bootstrapcdn.com/ https://player.vimeo.com/; connect-src 'self' https://api.openpay.mx/  wss://widget-mediator.zopim.com https://connect.facebook.net/ https://opera.caminoreal.socialand.io/ https://player.vimeo.com/; img-src 'self' https://caminoreal.socialand.io/ https://www.gravatar.com/ https://www.google-analytics.com/ https://v2.zopim.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://www.google.com.mx/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.facebook.com/ data:; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com/; frame-src 'self' https://ssl.kaptcha.com/ https://api.opencontrol.mx/  https://api.openpay.mx/ https://8175096.fls.doubleclick.net/ https://staticxx.facebook.com/ https://connect.facebook.net/; font-src 'self'  http://fonts.googleapis.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://v2.zopim.com/ data: 2
default-src 'self' data: gap: https://www.googletagmanager.com https://code.jquery.com https://fonts.gstatic.com https://doc33xfmr9x9n.cloudfront.net https://www.facebook.com https://stats.g.doubleclick.net https://penguin.co.in https://connect.facebook.net https://cdn.penguin.co.in https://www.google-analytics.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://code.jquery.com https://fonts.gstatic.com https://fonts.googleapis.com https://doc33xfmr9x9n.cloudfront.net https://www.facebook.com https://stats.g.doubleclick.net https://penguin.co.in https://connect.facebook.net https://cdn.penguin.co.in https://www.google-analytics.com; media-src *; img-src 'self' data: https://code.jquery.com https://fonts.gstatic.com https://doc33xfmr9x9n.cloudfront.net https://www.facebook.com https://stats.g.doubleclick.net https://penguin.co.in https://connect.facebook.net https://cdn.penguin.co.in https://www.google-analytics.com http://placehold.it content:; 2
default-src 'self';  script-src 'self' *.google-analytics.com *.googleapis.com *.googleadservices.com *.googlecode.com *.jquery.com:* *.aasm.valutec.net *.w3.org  *.e2ma.net *.verisign.com  *.signup.e2ma.net *.captcha.com; connect-src 'self'; img-src 'self' *.google-analytics.com *.googleadservices.com *.valutec.net *.tfyogurt.com; style-src 'self' *.googleapis.com *.tfyogurt.com *.e2ma.net *.app.e2ma.net; frame-ancestors 'self'; 2
frame-ancestors 'self' http://*.atheneo.net; 2
frame-ancestors 'self' https://sso.kabelmail.de 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com jwpltx.com googlevideo.com *.youtube.com *.jwpcdn.com *.google.com *.asset.tv *.cloudfront.net *.crazyegg.com *.amazonaws.com static.ads-twitter.com dnn506yrbagrg.cloudfront.net snap.licdn.com connect.facebook.net analytics.twitter.com t.co *.cloudflare.com *.licdn.com *.youtube-nocookie.com *.linkedin.com *.facebook.com w.soundcloud.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.youtube.com *.googleapis.com *.googletagmanager.com *.sharethis.com *.eyereturn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.ads.linkedin.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com *.fontawesome.com *.myfonts.net; font-src 'self' *.gstatic.com *.fontawesome.com *.myfonts.net data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.ca *.eyereturn.com *.g.doubleclick.net *.adsrvr.org *.facebook.com *.pubmatic.com *.casalemedia.com *.search.spotxchange.com *.eyedemand.com *.sharethis.com; frame-src 'self' localhost:* *.google.com *.doubleclick.net *.youtube.com go.loyalty.com *.sharethis.com c.sharethis.mgr.consensu.org *.facebook.com; connect-src 'self' *.sharethis.com; 2
frame-ancestors 'self' *.tombolaarcade.co.uk; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.launchdarkly.com *.instavid360.com *.google.com *.gstatic.com *.criteo.net *.criteo.com secure.adnxs.com *.krxd.net *.hotjar.com tdn.da-services.ch *.youtube.com *.ytimg.com https://assets.carforyou.ch 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' pay.tuitionexpress.com/ cdnjs.cloudflare.com/ www.cirrusgroup.com/ www.cirrusgroupllc.com/ https://daycareworks.com/ https://family.daycareworks.com/ https://connect.daycareworks.com/ https://ccsd.daycareworks.com/ https://ccsdfamily.daycareworks.com/ https://ymcaoc.daycareworks.com/ https://ymcaocf.daycareworks.com/ https://api.daycareworks.com/ https://beta.daycareworks.com/ https://beta.daycareworks.com/ http://www.google-analytics.com/ https://*.zoho.com https://*.zohostatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' www.cirrusgroup.com/ www.cirrusgroupllc.com/ https://daycareworks.com/ https://family.daycareworks.com/ https://connect.daycareworks.com/ https://ccsd.daycareworks.com/ https://ccsdfamily.daycareworks.com/ https://ymcaoc.daycareworks.com/ https://ymcaocf.daycareworks.com/ https://api.daycareworks.com/ https://beta.daycareworks.com/ http://www.google-analytics.com/ https://*.zoho.com https://*.zohostatic.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com *.cdn.rawgit.com https://cdn.rawgit.com https://snap.licdn.com https://p.adsymptotic.com   http://bat.bing.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/  https://apps.kaonadn.net http://4560310.fls.doubleclick.net; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de ; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' wss://dev-av.securepoint.de; font-src 'self' https://fonts.gstatic.com 2
connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com  https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;frame-ancestors 'self'  ;frame-src https://www.google.com https://staticxx.facebook.com https://www.facebook.com/ https://www.youtube.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com ;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.spaargids.be https://www.gstatic.com  blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.spaargids.be https://www.gstatic.com  blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src *; media-src https: data: blob:; upgrade-insecure-requests; report-uri https://depersgroep.report-uri.io/r/default/csp/enforce; 2
policy-uri /'self' 2
script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 2
child-src 'self' blob:; connect-src 'self' https://cdn.polyfill.io facebook.com google-analytics.com; default-src 'self'; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io t.co; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src 'none'; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.prismic.io maps.googleapis.com https://www.google.com https://www.gstatic.com https://siteimproveanalytics.com https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-eval' https://fill.dropandsign.is https://*.infogram.com 'sha256-YH54gkKoSCguf7XwyHBjeXdm0z7gtwuISqyXjav2ufs=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-+6FBqPsN2jOyr39YDL5Y0nLI3rqK11VRyF0X5VAQwvU=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-FGLCUi65ML/oDTnqwCiDZ2ibrgDhfL+wmSyEYamrBkM=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-FA7dx6sdwFrVkNcXvOZhbKKYH0F9fTmjG3r8Aelqd/U=' 'sha256-MKPP43uCIli7EIvb/yQsPCl2XPraHEq+mMM48cPEnUA=' 'sha256-OlAu+nb14/tvTR/ARl1r0WWfsvjRt4DtTcgvtKPn12E=' 'sha256-AbMRibXituKZ/0sePhYI5qZMZY5xjlM+vx+M95gWXhg=' 'sha256-ikYcTQZ5ZdSDFGRMxd7Nzk4olgL4v3dFZigVGZ4Nyfc=' 'sha256-kvLuUu0gbldkoIWcCsicGWJJIo7km4Ka2hZhbmxF9ew=' 'sha256-HL4lOWN7pSCpO+63uDOZHjjfROPQU2hMjOxBnhsbAwY=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com https://fill.dropandsign.is; frame-src https://*.islandsbanki.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://player.vimeo.com https://www.youtube.com https://airtable.com https://consentcdn.cookiebot.com https://www.vib.is https://fill.dropandsign.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com; worker-src 'self' blob: 2
frame-src 'self' http://onlinetestrunner.etadbir.com; frame-ancestors 'self' http://onlinetestrunner.etadbir.com; 2
frame-ancestors 'self'; script-src 'self' cdn.segment.com/analytics.js/ 2
default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.geopunt.be; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob:; media-src 'self' https://cdn.sparkcentral.com; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data:; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io *.geopunt.be *.hotjar.com *.hotjar.io; report-uri /report-csp-violation 2
default-src 'self' www.mega-porno.me mega-porno.me http://img.mega-porno.me megabc.info mega-bc.info *.fcdn.net *.kxcdn.com *.fex.net *.pljs.ru https://fex.net https://n161adserv.com *.advertserve.com advrich.com bigoff.info 69v.club redirect.mpay69.net redirect.mpay69.org redirect.mpay69.info test.test-mp.info http://mp-https.info http://bobi-bobi.info http://mpay3.info http://plpromos.com http://fderty.com promo-bc.com ajx161.online *.n161adserv.com u2bmco.com franecki.net *.cdnbmb.com *.ankunding.biz razdvabm.com *.bongacash.com mibmcbm.com orjzy.com *.iwad.ru 11flexiblebig9.website syndication.exosrv.com *.trfmxt.com mtrcss.com bestrrd.com mtrcdn.com zrlcr.com *.vids69.com *.mega-porno.me *.advertserve.com http://counter.rambler.ru my2.imgsmail.ru www.gstatic.com yandex.st an.yandex.ru pagead2.googlesyndication.com www.youtube.com vk.com cdn.connect.mail.ru *.gstatic.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com https://apis.google.com www.gstatic.com *.xcvgdf.party 'unsafe-inline' 'unsafe-eval' http://www.mega-porno.me http://mega-porno.me data: 0.gravatar.com http://0.gravatar.com/ 1.gravatar.com http://1.gravatar.com/ an.yandex.ru/count http://an.yandex.ru/count/ favicon.yandex.net http://favicon.yandex.net avatars-fast.yandex.net http://avatars-fast.yandex.net/ vk.com yastatic.net counter.rambler.ru top-fwz1.mail.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com yastatic.net http://yastatic.net/ connect.mail.ru an.yandex.ru www.youtube.com googleads.g.doubleclick.net vk.com userapi.com site.yandex.net yastatic.net https://yastatic.net http://site.yandex.net https://site.yandex.net *.gstatic.com https://vk.com fonts.googleapis.com mc.yandex.ru *.gstatic.com 2
frame-ancestors 'self' http://www.1ch.us https://little.lolicatgirls.com 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 2
default-src 'none'; script-src 'self' connect.facebook.net graph.facebook.com 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com; connect-src 'self' *; img-src 'self' data: *.facebook.com *.youtube.com *.twimg.com *.twitter.com *; style-src 'self' 'unsafe-inline'; media-src 'self' *.youtube.com; font-src 'self'; object-src 'self'; frame-src 'self' *.bmlfuw.gv.at *.bmnt.gv.at https://*.youtube.com *.facebook.com https://*.umweltbundesamt.at https://*.laola1.tv https://*.europa.eu https://*.facebook.com 2
default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com/*; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'none' 2
default-src http:; script-src http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline' assets.adobedtm.com dpm.demdex.net 2
default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2
default-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net https://disqus.com https://c.disquscdn.com; script-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net https://www.gstatic.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://ssl.google-analytics.com https://sjs.bizographics.com 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://www.googletagmanager.com https://www.google.com.ua https://www.google.com https://googleads.g.doubleclick.net https://js.usemessages.com https://links.services.disqus.com https://www.linkedin.com https://px.ads.linkedin.com https://eu-west-1.dc.ads.linkedin.com https://www.bizographics.com https://snap.licdn.com https://dc.ads.linkedin.com https://secure.adnxs.com https://cdnjs.cloudflare.com https://api.usemessages.com https://js.hs-analytics.net https://js.hs-scripts.com https://disqus.com https://maxcdn.bootstrapcdn.com https://unitedsoftserveinc.disqus.com https://c.disquscdn.com https://connect.facebook.net https://web.facebook.com https://platform.linkedin.com https://ajax.aspnetcdn.com https://www.google-analytics.com https://www.googleadservices.com https://analytics.twitter.com https://static.ads-twitter.com https://www.googletagmanager.com https://code.jquery.com https://platform.twitter.com https://unpkg.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://trk.techtarget.com 'unsafe-eval'; object-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net; style-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net 'unsafe-inline' https://tagmanager.google.com https://cdnjs.cloudflare.com https://rawgit.com https://hello.myfonts.net https://c.disquscdn.com https://fonts.googleapis.com; img-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com http://c.softserveinc.com c.azureedge.net https://p.adsymptotic.com https://www.googleadservices.com https://px.ads.linkedin.com https://apt.techtarget.com https://secure.adnxs.com https://no-cache.hubspot.com https://cm.g.doubleclick.net https://cdn.viglink.com https://links.services.disqus.com https://api.viglink.com https://bcp.crwdcntrl.net https://imp2.ads.linkedin.com https://imp2.ads.linkedin.com https://web.facebook.com https://connect.facebook.net https://track.hubspot.com https://referrer.disqus.com https://www.linkedin.com https://www.linkedin.com/analytics/ https://static.licdn.com https://www.facebook.com https://*.twitter.com  https://www.google.de https://stats.g.doubleclick.net https://www.google.com.ua https://www.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://t.co https://go.techtarget.com https://cdn.ttgtmedia.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com 'unsafe-inline' https://ssl.gstatic.com; media-src 'self' ; frame-src 'self' https://w.soundcloud.com cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net https://www.google.com/ https://syndication.twitter.com https://platform.twitter.com https://web.facebook.com https://staticxx.facebook.com https://www.facebook.com https://disqus.com https://embed.ted.com https://mva.microsoft.com https://www.youtube.com https://bid.g.doubleclick.net https://vars.hotjar.com; font-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net http://static.hotjar.com https://static.hotjar.com https://fonts.gstatic.com data:; connect-src 'self' cdnssinc.softserveinc.com cdnssinc-prod.softserveinc.com cdnssinc-dev.softserveinc.com cdnssinc-demo.softserveinc.com c.azureedge.net https://api.hubspot.com https://api.hsforms.com https://syndication.twitter.com https://jeromeetienne.github.io/ https://www.facebook.com https://links.services.disqus.com http://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.com:* wss://*.hotjar.com; child-src https://vars.hotjar.com 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.eloqua.com *.en25.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hsforms.net *.timevaluecalculators.com *.twimg.com ajax.aspnetcdn.com apis.google.com cdn.ampproject.org connect.facebook.net hello.myfonts.net http://platform.stumbleupon.com/1/widgets.js https://*.hsforms.com https://*.hsleadflows.net https://*.hubspot.com https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net platform.linkedin.com platform.twitter.com www.google.com www.googletagmanager.com cdn.userway.org https://*.hotjar.com https://usrwy.com/widget.js; style-src 'self' 'unsafe-inline' *.timevaluecalculators.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.timevaluecalculators.com *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com https://*.hubspot.com https://*.hsforms.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com pages.mycfe.com pages.additionfi.com cdn.userway.org/; media-src 'self' data: blob:; frame-src 'self' https://*.doubleclick.net https://*.hsforms.com https://app.hubspot.com https://vars.hotjar.com/ cdn.userway.org/ https://www.youtube.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.hubspot.com https://*.hsforms.com https://maps.googleapis.com https://api.userway.org/api/tunings/1fJAlvpd8l in.hotjar.com vc.hotjar.io wss://ws2.hotjar.com/; 2
frame-ancestors http://webvisor.com 2
default-src 'self' fonts.gstatic.com datatables.net; img-src 'self' * franceserv.fr www.franceserv.fr data: platform.twitter.com hostadvice.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.datatables.net ajax.googleapis.com datatables.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com datatables.net *.datatables.net platform.twitter.com ajax.googleapis.com apis.google.com api.stripe.com uploads.stripe.com js.stripe.com device.maxmind.com; child-src 'self' qwebirc.franceserv.fr js.stripe.com 2
default-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org; script-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.livehelpnow.net lptag.liveperson.net public.tableau.com *.tableau.com *.tableausoftware.com googleads.g.doubleclick.net *.googleadservices.com www.googleadservices.com connect.facebook.net *.google.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com cdnjs.cloudflare.com use.fontawesome.com maps.googleapis.com munchkin.marketo.net impactapi.causeview.com ; style-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-inline' *.googleapis.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; font-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org fonts.gstatic.com *.juicer.io maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; img-src 'self' data: *.servsafe.com chooserestaurants.org *.chooserestaurants.org *.juicer.io *.google.com www.livehelpnow.net cdn.livehelpnow.net www.google-analytics.com *.doubleclick.net *.google.com www.textbooks.restaurant.org flex.msn.com www.googleadservices.com i.imgur.com *.xx.fbcdn.net scontent.cdninstagram.com placehold.it live.staticflickr.com; connect-src 'self' *.servsafe.com www.juicer.io graph.facebook.com *.mktoresp.com impactapi.causeview.com; frame-ancestors 'self' *.servsafe.com *.discoverlink.com; object-src 'self' *.servsafe.com; frame-src 'self' *.servsafe.com bid.g.doubleclick.net *.discoverlink.com *.google.com www.youtube.com *.instagram.com; child-src 'self' *.servsafe.com bid.g.doubleclick.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://awards.ratingruneta.ru cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net; frame-src 'self' https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net; child-src blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; report-uri /csp-report/; 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' *.gstatic.com 'nonce-2000c7f20c' *.interactievetv.nl *.appsquad.net *.kpnstreaming.nl *.tv.kpn.com https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.interactievetv.nl *.appsquad.net *.kpnstreaming.nl *.tv.kpn.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.mobgen.com *.interactievetv.nl *.itvonline.nl *.theoplayer.com *.kpnstreaming.nl *.kpndrm.nl time.akamai.com *.appsquad.net *.tv.kpn.com https://www.google-analytics.com; img-src 'self' data: res.cloudinary.com *.itvonline.nl *.theoplayer.com *.interactievetv.nl *.appsquad.net *.tv.kpn.com https://www.google-analytics.com; media-src 'self' blob: https://kpnvideovod.download.kpnstreaming.nl *.kpnstreaming.nl; worker-src 'self' blob: 2
form-action https:; upgrade-insecure-requests; report-uri https://vaimo-domain.uriports.com/reports/enforce; report-to default 2
default-src: https: 2
script-src 'self'   https://*.wistia.com https://embedwistia-a.akamaihd.net blob:   https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
default-src https: data: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: https://ajax.aspnetcdn.com http://www.freetrademagazines.com https://pd.gophercentral.com https://pmgi.go2cloud.org https://ptv.gophercentral.com https://magazinebonus.com http://www.inforefinery.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://staffprivileges.com https://magazinevoucher.com; 2
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 2
default-src 'self'; img-src * data:; media-src *; style-src * 'unsafe-inline'; font-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.myappro.com:* *.personalcard.net:* ; frame-src 'self' *.personalcard.net:* *.google.com:* *.youtube.com:* *.rtbiq.com newton.newtonsoftware.com:*; connect-src gw.oribi.io 'self'; 2
frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 2
default-src 'self'; script-src 'self' https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline'; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 2
default-src 'self' *.vistana.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: *.vistana.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.addthis.com *.addthisedge.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com *.truste.com preferences.truste.com s.w.org aa.agkn.com *.salesforceliveagent.com *.formstack.com s3.amazonaws.com *.s3.amazonaws.com bat.bing.com ajax.cloudflare.com tag.retargeter.com *.threatpulse.net:* https://cloudflarestream.com https://www.google-analytics.com/ https://maps.googleapis.com/maps/api/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.google.com/ads/user-list https://www.google.XYX/ads/user-list https://bid.g.doubleclick.net https://www.googleadservices.com https://tagmanager.google.com/ https://*.salesforceliveagent.com https://*.formstack.com https://vistana-web-static.s3.amazonaws.com https://tag.retargeter.com https://bat.bing.com https://connect.facebook.net https://nebula-cdn.kampyle.com; style-src 'unsafe-inline' 'self' *.vistana.com *.googleapis.com *.gstatic.com *.google.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com s3.amazonaws.com *.s3.amazonaws.com *.formstack.com vistana-web-static.s3.amazonaws.com https://*.formstack.com; img-src 'self' data: *.trustarc.com *.vistana.com *.cloudflarestream.com *.cloudfront.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.yimg.com *.ytimg.com *.vistana.com *.pinterest.com cdnjs.cloudflare.com *.formstack.com *.bing.com *.truste.com geo-um.btrll.com *.googleusercontent.com *.adnxs.com *.sellpoints.com *.doubleclick.net stats.g.doubleclick.net https://t.sellpoints.com https://scontent.xx.fbcdn.net http://scontent.xx.fbcdn.net s3.amazonaws.com *.s3.amazonaws.com https://cloudflarestream.com http://*.s3.amazonaws.com https://www.google-analytics.com/ https://csi.gstatic.com/csi https://maps.googleapis.com https://*.cloudfront.net https://svo-svn-socialuploads.s3.amazonaws.com http://vistana-web-static.s3.amazonaws.com https://vistana-web-static.s3.amazonaws.com http://vistana-user-profile.s3.amazonaws.com https://vistana-user-profile.s3.amazonaws.com https://scontent.xx.fbcdn.net https://*.formstack.com https://s3.amazonaws.com https://googleads.g.doubleclick.net https://bat.bing.com https://preferences.truste.com https://secure.adnxs.com https://geo-um.btrll.com https://cm.g.doubleclick.net https://*.googleusercontent.com https://*.adnxs.com https://connect.facebook.net https://www.facebook.com https://saml.threatpulse.net:8443 *.kampyle.com; font-src 'self' data: *.vistana.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com s3.amazonaws.com *.s3.amazonaws.com vistana-web-static.s3.amazonaws.com; connect-src 'self' *.vistana.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.addthis.com *.addthisedge.com tag.retargeter.com aa.agkn.com s3.amazonaws.com *.s3.amazonaws.com *.adnxs.com *.threatpulse.net:* *.cloudflarestream.com https://cloudflarestream.com https://fonts.googleapis.com cdnjs.cloudflare.com https://vistana-web-static.s3.amazonaws.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://videodelivery.net https://svo-svn-socialuploads.s3.amazonaws.com https://secure.adnxs.com https://connect.facebook.net; media-src 'self' blob: *.vistana.com *.google.com *.youtube.com *.vimeo.com *.vimeocdn.com cdnjs.cloudflare.com s3.amazonaws.com *.s3.amazonaws.com *.cloudflarestream.com https://cloudflarestream.com https://videodelivery.net https://*.vimeocdn.com https://s3.amazonaws.com https://gcs-vimeo.akamaized.net https://videodelivery.net; object-src 'self' *.vistana.com; frame-src 'self' *.vistana.com *.trustarc.com *.googletagmanager.com *.google.com *.youtube.com *.vimeo.com *.addthis.com *.facebook.com *.truste.com https://www.googletagmanager.com/ns.html https://www.facebook.com https://preferences-mgr.truste.com https://connect.facebook.net; frame-ancestors 'self' *.vistana.com *.facebook.com https://connect.facebook.net; form-action 'self' *.vistana.com *.facebook.com *.facebook.net *.formstack.com *.starwoodhotels.com *.vistana.com *.salesforceliveagent.com *.salesforce.com http://*.vistana.com https://*.vistana.com https://www.facebook.com https://starwoodvo.formstack.com https://*.starwoodhotels.com; manifest-src 'self' *.vistana.com;, 2
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https:; connect-src https: wss: 'self'; 2
font-src 'self' *.tenkites.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self'  *.tenkites.com *.airship.co.uk  *.mapbox.com *.bookatable.com *.adactus.co.uk *.altaineapps.com *.tenkites.com *.byronhamburgers.com *.byron.co byronweb.azurewebsites.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.airship.co.uk *.mapbox.com *.bookatable.com *.adactus.co.uk *.altaineapps.com *.byronhamburgers.com *.byron.co byronweb.azurewebsites.net 2
object-src 'none'; base-uri 'self' 2
script-src 'self' da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com 'unsafe-inline' www.google-analytics.com www.googleadservices.com www.googletagmanager.com code.jquery.com *.twitter.com cdn.syndication.twimg.com; img-src 'self' *.ggpht.com *.googleusercontent.com www.google-analytics.com www.googleadservices.com data: 'unsafe-inline' *.twitter.com *.twimg.com; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors https://fryslan.maps.arcgis.com 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
default-src 'self'; connect-src 'self' https://www.rovid.nl; img-src 'self' https://sscict.piwik.prisma-it.com https://pbs.twimg.com https://www.rovid.nl https://server.rijksoverheid.nl data:; style-src 'self' 'sha256-G1BR0wU4PZyN/xje5UjmpZbkO0q6sDomFK2DT81svxA=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'unsafe-hashes'; script-src 'self' https://sscict.piwik.prisma-it.com 'sha256-YD+ji63HED+niGxf6wr8WWviek1sit7HOdPqBPJ14GE=' 'sha256-V/WCEBiW7wHyuUQbJ0UcBlHRp4RqMsm9ut+KQ0YrxLA=' 'sha256-YTwGPqmtQeBNh0qvOFyuX/4EQm9TserEyeoTTU0u6Rg='; object-src 'self'; media-src 'self' https://www.rovid.nl; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/; 2
media-src 'self' *.ebaystatic.com; font-src 'self' *.ebaystatic.com 2
default-src 'self' *.multimedia.pl *.google.com *.criteo.com *.fls.doubleclick.net *.facebook.com *.callpage.io *.cloudflare.com *.youtube.com https://unpkg.com https://mz.mvno.plus.pl/; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.facebook.com *.callpage.io *.googleapis.com https://x.cnt.my/  https://googleads.g.doubleclick.net https://rt.inistrack.net https://track.omgpl.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net/ https://conversionlabs.net.pl https://pixel.wp.pl/; font-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.callpage.io https://tagmanager.google.com https://fonts.googleapis.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.criteo.net *.cloudflare.com *.callpage.io *.criteo.com *.googleapis.com *.rt.inistrack.net *.google.com https://x.cnt.my/ https://track.omgpl.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://static.clickonometrics.pl https://delivery.clickonometrics.pl/ https://tagmanager.google.com https://pro.hit.gemius.pl/ https://analytics.greensender.pl https://pixel.wp.pl/ blob: *.multimedia.pl; 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com    ; form-action 'self'; img-src 'self' data: https://www.google-analytics.com https://*.binaryedge.io; media-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com *.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; report-uri https://179b16fb5b6f9d9732425c24d4e75d5b.report-uri.com/r/d/csp/wizard 2
script-src * https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';worker-src https: blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;        script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'        'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'         'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'         'unsafe-inline' 'unsafe-eval'; font-src 'self'                                                          'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com leguidenoir.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' leguidenoir.com *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net; img-src 'self' data: *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net leguidenoir.com ucarecdn.com; frame-src 'self' leguidenoir.com *.youtube.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com leguidenoir.com; 2
default-src 'self'; media-src 'self' 203.122.51.205 newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com; img-src * data: *; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.youtube.com *.facebook.com; font-src 'self' use.fontawesome.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com; 2
default-src 'self' shop.bestservice.de dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 2
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.in https://manganime.id https://manganime.in 2
script-src 'self' data: https://optimize.google.com http://100012771.collect.igodigital.com/ https://dc.ads.linkedin.com/ https://www.linkedin.com/ https://analytics.twitter.com/ https://px.ads.linkedin.com/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://connect.facebook.net https://bat.bing.com https://collector-1623.tvsquared.com https://s.ytimg.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://apis.google.com https://ajax.googleapis.com https://dl.episerver.net https://platform.twitter.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://plusone.google.com https://facebook.com https://platform.twitter.com https://www.googletagmanager.com https://tagmanager.google.com; frame-src 'self' https://www.youtube.com https://vars.hotjar.com/ https://www.facebook.com/ https://optimize.google.com 2
frame-src https://logixmlreports.intranet.fmcna.com https://jvdash.fmcna.com 2
frame-src 'self' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 onlainporno.net *.onlainporno.net m.onlainporno.net *.m.onlainporno.net onlainporno.net *.onlainporno.net video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com *.youtube.com youtube.com https://*.youtube.com https://youtube.com *.adswrapme.click adswrapme.click https://*.adswrapme.click https://adswrapme.click *.vadideo.com vadideo.com https://*.vadideo.com https://vadideo.com *.advertserve.com advertserve.com https://*.advertserve.com https://advertserve.com *.advrich.com advrich.com https://*.advrich.com https://advrich.com *.livestatisc.com livestatisc.com https://*.livestatisc.com https://livestatisc.com *.xxx-hunt-er.xyz xxx-hunt-er.xyz https://*.xxx-hunt-er.xyz https://xxx-hunt-er.xyz *.n161adserv.com n161adserv.com https://*.n161adserv.com https://n161adserv.com *.cdn7.rocks cdn7.rocks https://*.cdn7.rocks https://cdn7.rocks *.huffson-delivery.com huffson-delivery.com https://*.huffson-delivery.com https://huffson-delivery.com *.hgbn.rocks hgbn.rocks https://*.hgbn.rocks https://hgbn.rocks *.cdn7.network cdn7.network https://*.cdn7.network https://cdn7.network *.caf0efcb749af91.com caf0efcb749af91.com https://*.caf0efcb749af91.com https://caf0efcb749af91.com *.c.datpix.net c.datpix.net https://*.c.datpix.net https://c.datpix.net *.huffson.com huffson.com https://*.huffson.com https://huffson.com *.znewswork.com znewswork.com https://*.znewswork.com https://znewswork.com *.zscript.life zscript.life https://*.zscript.life https://zscript.life *.u2bmco.com u2bmco.com https://*.u2bmco.com https://u2bmco.com *.pushvadideo.com pushvadideo.com https://*.pushvadideo.com https://pushvadideo.com *.code-zp1.com code-zp1.com https://*.code-zp1.com https://code-zp1.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 onlainporno.net *.onlainporno.net m.onlainporno.net *.m.onlainporno.net onlainporno.net *.onlainporno.net video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com *.youtube.com youtube.com https://*.youtube.com https://youtube.com *.adswrapme.click adswrapme.click https://*.adswrapme.click https://adswrapme.click *.vadideo.com vadideo.com https://*.vadideo.com https://vadideo.com *.advertserve.com advertserve.com https://*.advertserve.com https://advertserve.com *.advrich.com advrich.com https://*.advrich.com https://advrich.com *.livestatisc.com livestatisc.com https://*.livestatisc.com https://livestatisc.com *.xxx-hunt-er.xyz xxx-hunt-er.xyz https://*.xxx-hunt-er.xyz https://xxx-hunt-er.xyz *.n161adserv.com n161adserv.com https://*.n161adserv.com https://n161adserv.com *.cdn7.rocks cdn7.rocks https://*.cdn7.rocks https://cdn7.rocks *.huffson-delivery.com huffson-delivery.com https://*.huffson-delivery.com https://huffson-delivery.com *.hgbn.rocks hgbn.rocks https://*.hgbn.rocks https://hgbn.rocks *.cdn7.network cdn7.network https://*.cdn7.network https://cdn7.network *.caf0efcb749af91.com caf0efcb749af91.com https://*.caf0efcb749af91.com https://caf0efcb749af91.com *.c.datpix.net c.datpix.net https://*.c.datpix.net https://c.datpix.net *.huffson.com huffson.com https://*.huffson.com https://huffson.com *.znewswork.com znewswork.com https://*.znewswork.com https://znewswork.com *.zscript.life zscript.life https://*.zscript.life https://zscript.life *.u2bmco.com u2bmco.com https://*.u2bmco.com https://u2bmco.com *.pushvadideo.com pushvadideo.com https://*.pushvadideo.com https://pushvadideo.com *.code-zp1.com code-zp1.com https://*.code-zp1.com https://code-zp1.com 2
frame-ancestors http://*.iow.gov.uk 2
frame-ancestors https://api.beeksebergen.nl 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.cbbd.be www.stripmuseum.be www.comicscenter.net csi.gstatic.com ssl.google-analytics.com code.jquery.com ajax.googleapis.com img.youtube.com www.youtube.com api-public.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com www.google-analytics.com maps.googleapis.com www.google.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 2
default-src 'self' www.youtube-nocookie.com i.ytimg.com s.ytimg.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.altospam.eu; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; report-uri https://altospam.uriports.com/reports/report; report-to default; base-uri 'self'; 2
default-src 'self' 'unsafe-inline'  https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; script-src  'self' 'unsafe-inline' https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; img-src 'self' 'unsafe-inline' data: http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; connect-src 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net;  frame-src https://www.indec.gob.ar/ http://www.youtube.com https://www.youtube.com https://app.powerbi.com/ https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar https://indecbeta.shinyapps.io/; 2
img-src 'self' data:; 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 2
default-src 'self' https:; connect-src 'self' blob: https:; font-src 'self' blob: data: https: https://fonts.googleapis.com https://fonts.gstatic.com https://player.cloud.wowza.com/ https://player.sky.com https://q7h8x4g8.stackpathcdn.com https://s3.amazonaws.com/; img-src 'self' 'unsafe-inline' data: https: https://gg.google.com https://lh6.googleusercontent.com https://maps.google.com https://maps.gstatic.com https://player.cloud.wowza.com/ https://player.sky.com https://proxy.video.sky.com https://q7h8x4g8.stackpathcdn.com https://s3.amazonaws.com/ https://smetrics.sky.com https://static.video.sky.com https://stats.g.doubleclick.net/ https://vlog.leadformix.com/bf https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.youtube.com; media-src 'self' blob: http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://player.cloud.wowza.com/ https://q7h8x4g8.stackpathcdn.com https://s3.amazonaws.com/ https://static.video.sky.com/ https://wowzaprod102-i.akamaihd.net/ https://www.google.com https://www.youtube.com https://youtube.com https://zap.cloud.wowza.com/; object-src 'self' blob: https: https://s3.amazonaws.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://ajax.googleapis.com https://graph.facebook.com/ https://maps.googleapis.com https://mozbar.moz.com/ https://notify.bugsnag.com https://player.cloud.wowza.com/ https://player.sky.com https://proxy.video.sky.com https://public.newsharecounts.com https://public.newsharecounts.com/ https://q7h8x4g8.stackpathcdn.com https://s.ytimg.com/ https://s3.amazonaws.com/ https://stats.g.doubleclick.net/ https://vlog.leadformix.com/bf/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.linkedin.com/ https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https: https://player.cloud.wowza.com/ https://player.sky.com/ https://q7h8x4g8.stackpathcdn.com https://s.ytimg.com/ https://s3.amazonaws.com/ https://www.google.com https://www.gstatic.com https://www.youtube.com https://youtube.com; frame-src 'self' 'unsafe-inline' http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://docs.google.com/ https://graph.facebook.com/ https://notify.bugsnag.com https://player.cloud.wowza.com/ https://player.sky.com/ https://proxy.video.sky.com/ https://public.newsharecounts.com/ https://s.ytimg.com/ https://s3.amazonaws.com/ https://static.video.sky.com/ https://stats.g.doubleclick.net/ https://view.officeapps.live.com/ https://wowzaprod102-i.akamaihd.net/ https://www.google.com https://www.linkedin.com/ https://www.youtube.com https://youtube.com https://zap.cloud.wowza.com/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' xhibitsignage.com www.xhibitsignage.com screen.cloud *.screen.cloud signage.screen.cloud; 2
default-src 'self'; object-src 'self' blob:; style-src * 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' acsbap.com *.paypal.com *.facebook.com *.facebook.net *.criteo.net *.criteo.com *.doubleclick.net *.twitter.com *.ads-twitter.com *.trackedlink.net *.cloudfront.net *.xg4ken.com *.bing.com *.getcandid.com *.pinterest.com *.amazonaws.com *.googletagmanager.com tagmanager.google.com *.shopbot.ca *.pinimg.com *.pinterest.com *.youtube.com *.adnxs.com *.yimg.com *.ytimg.com *.hotjar.com *.amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.adroll.com *.jsdelivr.net *.typekit.net *.adsrvr.org *.rubiconproject.com *.casalemedia.com *.openx.net *.pubmatic.com *.richemontpartners.com *.kaptcha.com *.impactradius-event.com *.rolex.com *.flexiti.fi *.smaato.net *.sharethrough.com chimpstatic.com *.braintreegateway.com tools-cartier.ctxprod1.com maisonbirks-cartier.ctxprod1.com *.breitling.com *.jquery.com *.vimeocdn.com *.google.com *.gstatic.com *.tudorwatch.com ajax.cloudflare.com odcc2.bell.ca z.moatads.com; font-src 'self' data: *.gstatic.com maxcdn.bootstrapcdn.com maps.googleapis.com; img-src * data:; frame-src 'self' acsbap.com *.paypal.com *.facebook.com *.facebook.net *.criteo.net *.criteo.com *.doubleclick.net *.twitter.com *.ads-twitter.com *.trackedlink.net *.cloudfront.net *.xg4ken.com *.bing.com *.getcandid.com *.pinterest.com *.amazonaws.com *.googletagmanager.com tagmanager.google.com *.shopbot.ca *.pinimg.com *.pinterest.com *.youtube.com *.adnxs.com *.yimg.com *.ytimg.com *.hotjar.com *.amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.adroll.com *.jsdelivr.net *.typekit.net *.adsrvr.org *.rubiconproject.com *.casalemedia.com *.openx.net *.pubmatic.com *.richemontpartners.com *.moneris.com birksgroup.pxf.io *.flexiti.fi *.smaato.net *.sharethrough.com *.vimeo.com *.braintreegateway.com tools-cartier.ctxprod1.com maisonbirks-cartier.ctxprod1.com *.rolex.com *.breitling.com *.tudorwatch.com *.patek.com *.google.com odcc2.bell.ca; connect-src *; media-src 'none'; report-uri /csp-violation.php; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2
default-src 'self' https://connect.facebook.net/en_US/fbevents.js https://www.google.com/recaptcha/api.js https://fonts.gstatic.com/  https://fonts.googleapis.com https://www.googletagmanager.com ;script-src 'self' 'sha256-7Ia7ivoj7HI/U+5g2XG9hbQ69AbUohgkE2T1pl/AAjE=' https://www.gstatic.com/ https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha/releases/66WEle60vY1w2WveBS-1ZMFs/recaptcha__es.js https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__es.js https://connect.facebook.net/signals/config/1610730305895192  https://www.googletagmanager.com https://rec.smartlook.com/ https://track.oniad.com/ https://track.adform.net/  https://scontent.cdninstagram.com/  https://platform.oniad.com  https://track.adform.net/serving/scripts/trackpoint/async/  https://www.google-analytics.com/  https://www.googletagmanager.com https://api.instagram.com https://ajax.googleapis.com/* https://www.google.com/recaptcha/api.js ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/count/36c8c0  ;img-src * data: 'unsafe-inline';connect-src * 'unsafe-inline';frame-src *;base-uri 'self'; 2
frame-ancestors *.travelallrussia.com *.firebirdtours.com *.force.com http://webvisor.com https://tourstoeurope.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://partssource.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' https://*.ivenue.com 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.google.com static.addtoany.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com s.ytimg.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com *.gstatic.com; img-src 'self' 'unsafe-inline' data: maps.googleapis.com px.marchex.io s3.amazonaws.com sshs-web.s3.amazonaws.com *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com stats.g.doubleclick.net *.google-analytics.com *.googletagmanager.com; frame-src 'self' 'unsafe-inline' static.addtoany.com *.doubleclick.net *.google.com add auntbertha.com *.auntbertha.com players.brightcove.net *.youtube.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com sshs-web.s3.amazonaws.com; connect-src 'self' 'unsafe-inline' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors https://*.protoshare.com http://*.protoshare.com 2
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors market.forte.kz goislamic.kz my.fortebank.com forte.bank 2
default-src 'self'; block-all-mixed-content; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com/; img-src 'self' self data: 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri /nelmio/csp/report 2
default-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com liberapay.com data: 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; 2
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' about: data: blob:; frame-ancestors https://*.bolsasuniversitarias.com https://*.krowdy.net https://*.laborum.pe https://*.informes.me https://*.krowdy.com https://*.laborum.me forms.gle docs.google.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rta.ae *.salik.gov.ae *.salik.ae *.readspeaker.com/ *.google-analytics.com *.botframework.com/ wss://directline.botframework.com *.dubai.gov.ae/ *.google.ae *.googleapis.com *.gstatic.com data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com *.doubleclick.net www.google.com www.google.it *.gravatar.com via.placeholder.com *.w.org data: blob: linkmaker.itunes.apple.com play.google.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.bunrattycastle.ie https://www.craggaunowen.ie https://www.dunguairecastle.com https://www.gpowitnesshistory.ie https://www.kingjohnscastle.com https://www.knappoguecastle.ie https://www.malahidecastleandgardens.ie https://www.newbridgehouseandfarm.com https://www.shannonheritage.com data: https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.bing.com https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://*.crazyegg.com https://*.youtube.com https://*.youtu.be https://youtu.be https://*.instagram.com https://*.cdninstagram.com; 2
default-src 'self' https://news.mtc.doc.com https://doc.com https://blog.doc.com https://www.doc.com https://api.doc.com https://news.health.doc.com https://news.mtc.docademic.com https://*.docademic.com https://*.news.docademic.com https://docademic.com https://links.services.disqus.com https://api.coinmarketcap.com https://api.ethplorer.io https://www.googleapis.com/youtube/v3/playlistItems https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.coinmarketcap.com https://s.ytimg.com https://www.youtube.com/iframe_api https://www.youtube.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://api.docademic.com https://www.marcoguglie.it https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://news-docademic-com.disqus.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com  https://www.google.com https://www.gstatic.com https://assets.zendesk.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://news.mtc.docademic.com; img-src 'self' data: https://cdn.docademic.com https://news.mtc.docademic.com https://secure.gravatar.com https://i.ytimg.com https://img.youtube.com https://doctors.docademic.com https://ssl.google-analytics.com https://www.google-analytics.com https://play.google.com https://referrer.disqus.com https://c.disquscdn.com https://s-static.ak.facebook.com https://assets.zendesk.com https://cdn.viglink.com https://links.services.disqus.com; style-src 'self' 'unsafe-inline' https://news.mtc.docademic.com https://c.disquscdn.com  https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data:application/font-woff https://cdn.docademic.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src https://www.google.com https://www.youtube.com/ https://disqus.com/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2
report-uri 'self' 2
reflected-xss 'block' 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 2
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'none'; 2
frame-ancestors     'self'; 2
frame-ancestors https://www.qnb.com https://www.qnb.co.id https://www.dpworld.com https://connexions.dpworld.com https://ofamily.ooredoo.qa www.ooredoo.com.kw; 2
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://az124611.vo.msecnd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://connect.facebook.net https://*.youtube.com https://s.ytimg.com https://platform.twitter.com https://*.pinterest.com https://platform.linkedin.com https://apis.google.com http://analytics.clickdimensions.com https://az124611.vo.msecnd.net https://*.outbrain.com; connect-src 'self' https://rss.mygreenstoneaccess.com/ https://rss.myfarmcredit.com/ https://rss.myfarmcreditsemo.com; img-src 'self' https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ data: https://*.pinterest.com https://static.licdn.com https://az124611.vo.msecnd.net https://*.facebook.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://*.facebook.com https://*.clickdimensions.com https://*.youtube.com https://*.google.com https://*.twitter.com/ https://assets.pinterest.com https://platform.linkedin.com https://*.fls.doubleclick.net https://*.docusign.net https://greenstonefcs.com; media-src 'self' https://*.youtube.com 2
base-uri 'none'; object-src 'none'; script-src 'report-sample' https://boti.ru/logs/ https://boti.ru/sidekiq/ https://boti.ru/mini-profiler-resources/ https://boti.ru/assets/ https://boti.ru/brotli_asset/ https://boti.ru/extra-locales/ https://boti.ru/highlight-js/ https://boti.ru/javascripts/ https://boti.ru/plugins/ https://boti.ru/theme-javascripts/ https://boti.ru/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; worker-src 'self' blob: 2
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com *.talent-soft.com; 2
connect-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/; font-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net; script-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://platform.twitter.com; style-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline'; img-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://px.ads.linkedin.com https://t.co https://www.google.co.in https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.facebook.com https://www.google.com/; report-uri https://www.comviva.com; default-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://www.youtube-nocookie.com https://www.un.org https://www.facebook.com/; 2
default-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com *.facebook.com *.ampproject.org *.youtube.com *.twitter.com *.wogaa.demdex.net dpm.demdex.net wogadobeanalytics.sc.omtrdc.net cm.everesttech.net https://ton.twimg.com *.addthis.com *.mccy.gov.sg *.flickr.com https://stats.g.doubleclick.net https://amp-error-reporting.appspot.com *.ytimg.com *.google.com *.gstatic.com https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com *.google.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com wogaa.demdex.net dpm.demdex.net wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.addthis.com *.mccy.gov.sg https://stats.g.doubleclick.net https://amp-error-reporting.appspot.com *.google.com *.gstatic.com https://*.wogaa.sg https://dpm.demdex.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com z.moatads.com www.googletagmanager.com www.googleapis.com www.google-analytics.com assets.wogaa.sg www.adobetag.com http://platform.twitter.com connect.facebook.net *.facebook.com *.addthis.com *.syndication.twimg.com *.addthisedge.com *.ampproject.org *.youtube.com *.ytimg.com *.mccy.gov.sg *.wogaa.demdex.net *.gstatic.com https://*.wogaa.sg https://assets.adobedtm.com/; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/; font-src 'self' data: https://assets.wogaa.sg/fonts/; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.com.sg stats.g.doubleclick.net www.google-analytics.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/;  object-src 'none'; 2
default-src * data: blob:;script-src 'self' static4.sodonsolution.org static.portal4new.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.gstatic.com maps.gstatic.com maps.googleapis.com static.whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net certify-js.alexametrics.com cdnjs.cloudflare.com platform.twitter.com www.youtube.com/iframe_api s.ytimg.com cse.google.com www.google.com;style-src 'self' static4.sodonsolution.org static.portal4new.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' www.gstatic.com static.whatshelp.io cse.google.com www.google.com;connect-src 'self' www.google-analytics.com whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net staticxx.facebook.com graph.facebook.com;object-src 'self'; 2
default-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io data:; script-src 'self' *.bootstrapcdn.com *.rawgit.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io https://tdns4.gtranslate.net https://mc.yandex.ru data:; img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com; frame-src  *.ltts.com *.linkedin.com *.youtube.com youtube.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com; connect-src 'self' https://tdns4.gtranslate.net https://mc.yandex.ru https://in.hotjar.com https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com; report-uri /report-csp-violation 2
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com  https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://intldashboard.redbus.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://www.google.co.in https://connect.facebook.net http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com http://logs.redbus.com/ https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com/ http://cdn-jp.gsecondscreen.com https://googleads.g.doubleclick.net http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com http://www.googleadservices.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com/sessionstack.js http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com; img-src 'self' data:  https://*.online-metrix.net https://cdn1.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://googleads.g.doubleclick.net https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com https://stats.g.doubleclick.net http://origin-st.redbus.in https://pilgrimages-cms.s3-ap-southeast-1.amazonaws.com https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://www.facebook.com https://api.midtrans.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self'   https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://bid.g.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com/ https://googleads.g.doubleclick.net https://staticxx.facebook.com https://dis.as.criteo.com; object-src 'self' 2
object-src 'self' ; default-src 'none' ; font-src https: 'self' https://fonts.gstatic.com/s/ubuntu/; img-src https: 'self' blob: data: https://sunlightsupply.s3.amazonaws.com/ https://scotts-hawthorne-public-nonprod.s3-us-west-2.amazonaws.com/ https://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://sunlightsupply.s3.amazonaws.com/ https://scotts-hawthorne-public-nonprod.s3-us-west-2.amazonaws.com https://cdnjs.cloudflare.com/ajax/libs/Sortable/1.9.0/Sortable.min.js https://cdnjs.cloudflare.com/ajax/libs/lazyloadjs/3.2.2/lazyload.js https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://www.google-analytics.com/analytics.js https://ajax.aspnetcdn.com/ajax/knockout/knockout-3.3.0.js https://cdnjs.cloudflare.com/ajax/libs/vue/2.5.13/vue.min.js https://assets.pinterest.com/js/pinit.js http://assets.pinterest.com/js/pinit_main.js https://platform.twitter.com  https://www.google.com/recaptcha/ https://gstatic.com/recaptcha/ http://assets.adobedtm.com/; style-src https: 'self' 'unsafe-inline' ; frame-src https: 'self' https://facebook.com http://staticxx.facebook.com/ https://platform.twitter.com http://platform.twitter.com https://translate.google.com https://youtube.com https://www.google.com/recaptcha/; child-src https: 'self' https://facebook.com http://staticxx.facebook.com/ https://platform.twitter.com http://platform.twitter.com https://translate.google.com https://youtube.com; connect-src https: 'self' ;frame-ancestors 'self'; 2
default-src 'self'; style-src 'self' 'unsafe-inline' use.typekit.net/ p.typekit.net/; script-src 'self' 'unsafe-inline' www.space.net/; form-action 'self'; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube-nocookie.com/; img-src 'self' www.space.net/ data:; object-src 'none'; font-src 'self' use.typekit.net/; 2
frame-ancestors http://www.stumbleupon.com 2
default-src https://*.mobilityportal.nl/ https://*.bootstrapcdn.com/ https://*.jsdelivr.net/ https://*.tawk.to/ https://*.readspeaker.com/ https://web.prioticket.com/ https://fonts.gstatic.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; connect-src https://maps.googleapis.com/maps/ https://*.google-analytics.com/ wss://*.tawk.to/ https://*.tawk.to/ https://*.mobilityportal.nl/ https://www.facebook.com/ https://*.johancruijffarena.nl/ https://web.prioticket.com/ 'self'; frame-src https://www.youtube.com/ https://*.readspeaker.com https://*.facebook.com/ https://*.azurewebsites.net/ 'self'; img-src https://*.ytimg.com/ https://maps.googleapis.com/ https://*.jsdelivr.net/ https://*.mobilityportal.nl/ https://maps.gstatic.com/ https://*.prioticket.com/ https://*.google-analytics.com/ https://*.facebook.com/ 'self' data:; script-src 'self' https://web.prioticket.com/  'unsafe-inline' 'unsafe-eval' data: https: wss: 2
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ ; 				    img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/tr/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/pcs/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ ; 				    style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ ; 				    font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ ; 				    script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://connect.facebook.net/en_US/fbevents.js blob: 'self'; 				    connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://csi.gstatic.com/ ; 				    frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/lsget.html https://www.youtube.com/embed/ ; 				    child-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://sparbanner.kolrus.cloud/ ; 				    media-src https://sparbanner.kolrus.cloud/ https://server.infinety.hu/; 2
default-src 'self' data: unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc; frame-src 'self' unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc; font-src 'self' data: unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc; img-src * 'self' data: unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc; style-src 'self' 'unsafe-inline' unpkg.com *.unpkg.com app.link *.app.link yimg.com *.yimg.com mainadv.com *.mainadv.com yahoo.com *.yahoo.com branch.io *.branch.io t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com semasio.net *.semasio.net googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc 2
frame-ancestors 'self' https://*.facebook.com/; 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.cloudflare.com *.youtube.com *.ytimg.com *.googleapis.com *.googletagmanager.com connect.facebook.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.addtoany.com cloud.typography.com www.groningerforum.nl; font-src 'self' *.gstatic.com data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com www.facebook.com www.googletagmanager.com *.doubleclick.net *.google.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com youtu.be *.activetickets.com activetickets.groningerforum.nl www.facebook.com *.ticketworks.nl *.afasonline.com groningerforum.podiumnederland.nl forum.podiumnederland.nl;media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net;connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl www.google-analytics.com; 2
frame-ancestors https://*.dsw.nl https://*.d1.dsw.lan 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https https://static.optoma.co https://teststatic.optomaeurope.com https://code.jquery.com https://fast.fonts.net https://www.googletagmanager.com https://*.google.com https://*.pingdom.net https://*.youtube.com https://www.google-analytics.com https://*.ytimg.com https://www.youtube-nocookie.com https://*.googleapis.com https://*.gstatic.com https://*.doubleclick.net https://*.google.co.uk https://*.jsdelivr.net https://*.aspnetcdn.com https://youtube.com https://*.vimeo.com https://unpkg.com https://*.addthis.com https://secure.perk0mean.com https://*.whoisvisiting.com https://cdnjs.cloudflare.com https://*.cloudflareinsights.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 2
default-src 'self'; base-uri 'self'; connect-src 'self' free.sharedcount.com xfive.s3.amazonaws.com rum-collector-2.pingdom.net get.geojs.io; img-src 'self' data: https: *.gravatar.com placehold.it; style-src 'self' 'sha256-bQmtQGXeqdx2iSsMjkJB50VCL0tAnUqTUrMqjJYJixU=' ; font-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com codepen.io player.vimeo.com https://www.google.com/recaptcha/ js.driftt.com; frame-ancestors 'none'; object-src 'none'; form-action 'self' xfive.us12.list-manage.com; manifest-src 'self'; media-src 'self' www.xfivecdn.com; script-src 'self' rum-static.pingdom.net production-assets.codepen.io www.googletagmanager.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js.driftt.com 'sha256-KpHv3zgivMSB4dPnfYfqMt2lBibsYvM36EdoBBAsfbM=' 'sha256-usaNaDjYaJk13pKJ3+ZScs4bxEEsUZ+JOE61TTGapMY=' 'sha256-8caDTiD0WrC0oWvdVtAbTLxzJRqpayFg5S5n5bvQaas=' 'sha256-MQjfs0R4CxwhatLwo9KHcxfmgKeFuJY43yVB+NGsKAw=' 'sha256-5uhdr7etoZMI7xATFFE80NliRDfTa+WgiPlbe/yD040=' 'sha256-1m9w2v94adFN3KZ9pVlHHbSe2mK5w5fa4zARq5+ChUM=' 'sha256-pwBk7f4VSoHMXGHfaWQCIoGmdeGRHSYSrksPvrZ0wZg=' 'sha256-QgCd1tnwG0imJEuc3Hx9e1ybwm2iDsNJCUMgxinHRtE=' 'sha256-WCk7uTuPWChH7LL0WI6jXyi5EOlvm9FHS6I1pO7ZjSU=' 'sha256-ScFl77FG6p6KHs9dlDJdk7A0PHH7p5NJqRx5qgeiu7U=' ; 2
default-src 'self' *.associatedasset.com *.aamresales.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io *.vimeocdn.com *.vimeo.com *.youtube.com *.msecnd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.associatedasset.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.hotjar.com *.hotjar.io *.vimeocdn.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.msecnd.net; connect-src 'self' *.associatedasset.com wss://*.associatedasset.com *.hotjar.com *.hotjar.io; frame-ancestors 'self' 2
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://analytics.twitter.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://cti.w55c.net/ct/dx_upx_0DizJQMrIp.js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://fonts.googleapis.com; img-src 'self' https://t.co https://www.facebook.com https://t.mookie1.com https://contextual.media.net https://ads.stickyadstv.com https://su.addthis.com https://ads.yahoo.com https://idsync.rlcdn.com https://beacon.krxd.net https://dpm.demdex.net https://tags.w55c.net data: https://i.ytimg.com https://secure.gravatar.com https://analytics.twitter.com https://www.google-analytics.com https://loadus.exelator.com https://bh.contextweb.com https://stats.g.doubleclick.net https://maps.googleapis.com; connect-src 'self' https://my.wpengine.com; font-src 'self' https://fonts.googleapis.com data: https://fonts.gstatic.com; media-src https://www.youtube.com 'self'; report-uri https://ecostruxureit.report-uri.com/r/d/csp/reportOnly; object-src 'self'; frame-src 'self' https://www.youtube.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com; img-src 'self' data: www.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; media-src 'self'; frame-src 'self' www.youtube-nocookie.com docs.google.com; connect-src 'self' www.google-analytics.com; object-src 'none'; 2
default-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self'; script-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; style-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; img-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com flockler.com embed-cdn.flockler.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com static.flockler.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; report-uri /report-csp-violation 2
default-src 'self' data: www.fibt.com app.fibt.com fibt.com apptest.loanspq.com www.firstintlbank.com firstintlbank.com https://chatgw.firstintlbank.com https://web3.secureinternetbank.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.gstatic.com https://googleads.g.doubleclick.net https://placehold.it; style-src 'self' 'unsafe-inline' https://chat.firstintlbank.com https://reports.hrmdirect.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/css https://chatgw.firstintlbank.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google.com https://chat.firstintlbank.com https://chatgw.firstintlbank.com https://web3.secureinternetbank.com https://reports.hrmdirect.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://bid.g.doubleclick.net https://www.optimalblue.com https://firstintlbank.hrmdirect.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.youtube.com https://chatgw.firstintlbank.com https://chat.firstintlbank.com 2
frame-ancestors https://*.nursingjobs.org; script-src *  https://s.opendsp.com https://loadus.exelator.com https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 2
connect-src 'self' https://bam.nr-data.net; font-src 'self' https://*.typekit.net; frame-src 'self' https://*.doubleclick.net https://*.rfihub.com https://*.emjcd.com https://*.facebook.com https://*.dotomi.com; img-src 'self' data: https://www.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' http://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self'; frame-ancestors 'self'; report-uri https://www.wen.com/report-uri/enforce 2
default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com connect.facebook.net fast.fonts.net fonts.googleapis.com pccdelivery.net platform.twitter.com s3.amazonaws.com stats.g.doubleclick.net storage.googleapis.com www.google-analytics.com www.googletagmanager.com www.pccdelivery.net api.salesflare.com fonts.gstatic.com;              font-src 'self' *.fonts.net fonts.gstatic.com *.fonts.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' s3.amazonaws.com ajax.googleapis.com platform.twitter.com connect.facebook.net www.googletagmanager.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net pccdelivery.net s3.amazonaws.com storage.googleapis.com www.google-analytics.com www.googletagservices.com pccdelivery.net ad.doubleclick.net *.2mdn.net *.googlesyndication.com;              style-src code.jquery.com fast.fonts.net 'self' 'unsafe-inline' fonts.googleapis.com s3.amazonaws.com;              child-src 'self' platform.twitter.com storage.googleapis.com;              connect-src 'self' api.salesflare.com stats.g.doubleclick.net www.pccdelivery.net;              frame-src 'self' platform.twitter.com storage.googleapis.com www.googletagmanager.com *.2mdn.net *.googlesyndication.com;              img-src * data: https://www.google.com;              manifest-src s3.amazonaws.com;              form-action 'self' https://www.2checkout.com;              frame-ancestors 'self' 2
frame-ancestors 'self' https://www.veinteractive.com/ 2
upgrade-insecure-requests; form-action: http://go.aclara.com/*; 2
default-src 'self' blob:; script-src 'self' blob: https://d1g3mdmxf8zbo9.cloudfront.net/js/; object-src 'self' https://d1g3mdmxf8zbo9.cloudfront.net/images/; img-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/images/; frame-src https://d1g3mdmxf8zbo9.cloudfront.net/images/; style-src 'self' 'unsafe-inline' https://d1g3mdmxf8zbo9.cloudfront.net/css/; font-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/fonts/; worker-src blob:; media-src 'self' blob: about: https://media.luffy.cx/videos/ https://d1g3mdmxf8zbo9.cloudfront.net/images/; connect-src 'self' https://media.luffy.cx/videos/ https://comments.luffy.cx; base-uri 'none'; form-action https://duckduckgo.com; frame-ancestors 'none'; block-all-mixed-content; 2
img-src https: data:; media-src https:; frame-src https:; child-src https:; connect-src https: 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src *; frame-ancestors 'self' 2
frame-ancestors 'none'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com *.youtube-nocookie.com dailymotion.com; img-src http: https: data: blob:; worker-src blob:; child-src blob:; connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://translate.yandex.net; base-uri 'self'; frame-src * data: blob:; 2
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 2
default-src 'none'; img-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' blob:; media-src 'self' 2
frame-ancestors 'self' http://*.domain.com; img-src *;  2
script-src 'self' 'unsafe-inline' 'unsafe-eval' kaldewei-ass.secure.footprint.net kaldewei-tt.secure.footprint.net https://www.kaldewei.de *.kaldewei.de https://www.kaldewei.com http://test-lieferzeitenauskunft.kaldewei.de test-lieferzeitenauskunft.kaldewei.de lieferzeitenauskunft.kaldewei.de *.hotjar.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com jwpsrv.com www.polantis.com maps.googleapis.com maps.gstatic.com bat.bing.com https://interaktiv.contilla.de/15012d2d2e303369c8628723/0/webapp.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://www.recaptcha.net/recaptcha/api.js; 2
frame-ancestors 'self' https://salesfra.me/ https://*.upseller.cloud ; 2
default-src 'self' http: https: data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; base-uri 'self' *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; font-src 'self' data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; frame-ancestors 'self' *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; media-src 'self' data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; object-src 'self' blob: data: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000; style-src 'self' 'unsafe-inline' http: *.google.com *.googleapis.com *.googlecode.com *.googleusercontent.com *.gstatic.com *.scrivito.com *.scrvt.com *.svlfg.de scrivito-public-cdn.s3.eu-west-1.amazonaws.com scrivito-upload.s3-eu-west-1.amazonaws.com scrivito-upload.s3-accelerate.amazonaws.com img.youtube.com localhost:3000 *.intra.pinuts.de *.intra.pinuts.de:3000 *.intra.pinuts.de:9000 2
default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com  https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 2
frame-ancestors https://ap.diginsite.net www.woodhuston.com 2
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com 2
default-src 'self' *.transunion.com *.transunion.co.za *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.passage.ai wss://tars-prod.passage.ai; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net app.trustev.com pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com *.passage.ai blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.comi *.passage.ai wss://tars-prod.passage.ai; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com fonts.gstatic.com *.transunion.co.za api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2
default-src *;     frame-src 'self' *.google.com *.youtube.com https://staticxx.facebook.com https://dw408jcu6cqwk.cloudfront.net https://accounts.livechatinc.com https://secure.livechatinc.com http://4511566.fls.doubleclick.net/ http://tags.tiqcdn.com/ https://bid.g.doubleclick.net/;     font-src * 'self' data: fwd-chatbot-tools.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com fonts.gstatic.com fonts.googleapis.com;     img-src * 'self' data: chatbot-ph.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com;     style-src * 'self' 'unsafe-inline' cdnjs.cloudflare.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com execution-apn.ci360.sas.com browser-update.org cdn.mouseflow.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://fwd.api.useinsider.com *.useinsider.com https://search.fwd.com.hk http://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net *.cloudfront.net *.mimecast.com *.adsrvr.org *.facebook.com *.youtube.com *.bing.com *.ytimg.com *.visualwebsiteoptimizer.com *.yahoo.com bs.serving-sys.com https://*.analytics.yahoo.com *.yimg.com *.taboola.com *.innity.net *.innity.com *.zdassets.com wss://chatbot.fwd.com.hk https://portal.fwd.com.vn https://dw408jcu6cqwk.cloudfront.net;     connect-src 'self' execution-apn.ci360.sas.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://api.useinsider.com https://location.api.useinsider.com https://hit.api.useinsider.com https://fwd.api.useinsider.com https://category-collector.api.useinsider.com http://dev.surfer.seasonalife.com https://surfer.seasonalife.com *.surfer.seasonalife.com *.seasonalife.com https://image.useinsider.com https://*.api.useinsider.com wss://directline.botframework.com https://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph http://search.fwd.com.hk https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.botframework.com *.facebook.com *.vimeo.com *.youtube.com *.taboola.com *.yimg.com *.innity.net *.innity.com wss://*.fwd.com.hk *.yahoo.com *.mouseflow.com wss://chatbot.fwd.com.hk trc.taboola.com cdn.taboola.com *.zdassets.com *.doubleclick.net *.tigcdn.com www.google-analytics.com wss://api.livechatinc.com https://api.livechatinc.com https://h49u5ppoz9.execute-api.ap-southeast-1.amazonaws.com https://1z4ebxptw1.execute-api.ap-southeast-1.amazonaws.com https://hooks.slack.com;     object-src 'none';     form-action 'self';  2
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 2
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info ; child-src 'self' * ;frame-src 'self' * 2
worker-src 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com; img-src * data:; media-src 'self'; child-src 'self' https://www.youtube.com https://s3.amazonaws.com/ask-mozilla/ https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com  https://s3.amazonaws.com/ask-mozilla/ https://auremoser.carto.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com; default-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com  https://platform.twitter.com; frame-ancestors 'none' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src 'self'; child-src *.facebook.com *.facebook.net *.criteo.com *.criteo.net *.twitter.com *.doubleclick.net *.g.doubleclick.net *.salecycle.com self blob: *.official-deals.co.uk *.official-coupons.com *.revlifter.io *.maxymiser.net *.maxymiser.com *.zenaps.com *.turn.com *.smct.co smct.co www.youtube.com www.google.com www.google.co.uk pixel.everesttech.net www.everestjs.net d16fk4ms6rqz1v.cloudfront.net www.energysaver.shop connect.studentbeans.com/ coverage.ee.co.uk; connect-src 'self' *.maxymiser.net www.secure-mobiles.com *.salecycle.com wss://*.salecycle.com *.googlesyndication.com *.smct.co *.revlifter.io *.official-coupons.com *.official-deals.co.uk *.zenaps.com *.g.doubleclick.net www.google-analytics.com www.reviews.co.uk api-cache.reviews.co.uk syndication.twitter.com smct.co cdn.ampproject.org www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' www.facebook.com paypage2-cst.cxmlpg.com PP2.cxmlpg.com pp2.cxmlpg.com *.facebook.net *.secure-mobiles.com *.secure-mobiles.website; frame-src *.facebook.com *.facebook.net *.criteo.com *.criteo.net *.twitter.com *.doubleclick.net *.g.doubleclick.net *.salecycle.com self blob: *.official-deals.co.uk *.official-coupons.com *.revlifter.io *.maxymiser.net *.maxymiser.com *.zenaps.com *.turn.com *.smct.co smct.co www.youtube.com www.google.com www.google.co.uk pixel.everesttech.net www.everestjs.net d16fk4ms6rqz1v.cloudfront.net www.energysaver.shop connect.studentbeans.com/ coverage.ee.co.uk; img-src 'self' media.e2save.com data: *.facebook.com *.twitter.com *.yahoo.com *.maxymiser.com *.maxymiser.net *.googlesyndication.com *.everesttech.net *.cloudfront.net *.adnxs.com *.g.doubleclick.net *.gstatic.com *.kickdyn.com *.demdex.net *.awin1.com *.revlifter.io *.official-coupons.com *.scene7.com *.carphonewarehouse.com *.gsmarena.com www.reviews.co.uk *.zenaps.com *.smct.co *.turn.com smct.co http://3873553.fls.doubleclick.net http://ap.lijit.com http://bat.bing.com http://bat.r.msn.com http://browser-update.org http://code.jquery.com http://connect.facebook.net http://eb2.3lift.com http://fonts.googleapis.com http://fonts.gstatic.com http://ib.adnxs.com http://odr.mookie1.com http://p.adsymptotic.com http://pixel.everesttech.net http://pixel-geo.prfct.co http://static.ads-twitter.com http://stats.g.doubleclick.net http://sync.outbrain.com http://t.co dis.criteo.com http://dis.eu.criteo.com http://usersync.criteo.com http://widget.criteo.com http://widget.eu.criteo.com http://static.criteo.net http://www.everestjs.net http://www.google.com www.googleadservices.com www.google-analytics.com http://x.bidswitch.net 4674603.fls.doubleclick.net cs.marinsm.com image2.pubmatic.com pixel.prfct.co/cb pixel.rubiconproject.com s3.amazonaws.com s3-eu-west-1.amazonaws.com us-u.openx.net www.dwin1.com www.ist-track.com media.mobiles.com media.secure-mobiles.com www.facebook.com i.ytimg.com www.google.com www.google.co.uk pixel-geo.prfct.co mpp.vindicosuite.com cm.smartstream.tv www.w3.org http://www.deepfreeze.it revivve.com media.one-time-offer.com stags.bluekai.com pixelg.adswizz.com adswizz.com api.official-deals.co.uk ad.yieldmanager.com http://conv-tm.everesttech.net sync.search.spotxchange.com carphonewarehouse.112.2o7.net http://cdn2.gsmarena.com http://s7g1.scene7.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobedtm.com *.criteo.com *.twitter.com *.facebook.com *.maxymiser.com *.maxymiser.net *.everesttech.net *.gstatic.com *.yahoo.com *.wlscripts.com *.wlscripts.net *.wlscripts.fr *.wlscripts.org *.wlservices.fr *.wlhb93vgfn.net *.wlgwd6qgbu.net *.wla42fn4ze.net *.wlqmhmbb6d.net *.wlwxzrw6qz.net *.wlmgmmu93s.com *.wlkdnmc2w4.com *.wl3d3u4bhk.com *.wldrj3w96a.com *.wlwh7zz5yy.com *.ahh53xth.net *.745whzwa.net *.b8uq3h8n.com *.4cx23t7s.com *.788b6dds.com *.xue35xg7.fr *.rm5yz52k.link *.peez2xy8.net *.ebvxbx48th.com *.5fp4w82y.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.revlifter.io *.official-coupons.com *.salecycle.com *.zenaps.com *.turn.com *.smct.co *.g.doubleclick.net smct.co http://3873553.fls.doubleclick.net http://ad.yieldmanager.com http://ap.lijit.com http://bat.bing.com http://bat.r.msn.com http://browser-update.org http://cm.everesttech.net/cm http://code.jquery.com http://connect.facebook.net http://d16fk4ms6rqz1v.cloudfront.net http://dis.eu.criteo.com http://eb2.3lift.com http://fonts.googleapis.com http://ib.adnxs.com http://odr.mookie1.com http://p.adsymptotic.com http://pixel.everesttech.net http://pixel-geo.prfct.co http://static.ads-twitter.com http://static.criteo.net http://stats.g.doubleclick.net http://sync.outbrain.com http://t.co http://usersync.criteo.com http://widget.criteo.com http://widget.eu.criteo.com http://www.everestjs.net www.google.com www.googleadservices.com www.google-analytics.com http://www.reviews.co.uk http://x.bidswitch.net 4674603.fls.doubleclick.net analytics.twitter.com cs.marinsm.com d30ke5tqu2tkyx.cloudfront.net dis.criteo.com graph.facebook.com image2.pubmatic.com pixel.prfct.co/cb pixel.rubiconproject.com s3.amazonaws.com s3-eu-west-1.amazonaws.com us-u.openx.net www.ist-track.com www.googletagmanager.com www.dwin1.com www.everestjs.net connect.facebook.net pixel-geo.prfct.co stags.bluekai.com pix04.revsci.net m.addthisedge.com tagmanager.google.com revivve.com d3dh5c7rwzliwm.cloudfront.net cdnjs.cloudflare.com mpsnare.iesnare.com dd851bjvaq21r.cloudfront.net d1zcmf9gypbah2.cloudfront.net d1d0vz2qtvxxil.cloudfront.net d1e3opepwlrr7l.cloudfront.net d19z38rx8c0xf6.cloudfront.net d269j27os1jbtu.cloudfront.net d3dh5c7rwzliwm.cloudfront.net cdn.studentbeans.com cdn.ampproject.org pixelg.adswizz.com adswizz.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com tagmanager.google.com 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.youtube.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com; frame-src 'self' *.google.com *.youtube.com; font-src 'unsafe-eval' 'unsafe-inline' 'self' https://themes.googleusercontent.com https://fonts.gstatic.com data:; object-src 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://www.google-analytics.com https://www.google-analytics.com http://cdn.appdynamics.com https://cdn.appdynamics.com http://col.eum-appdynamics.com https://col.eum-appdynamics.com https://tfs.encompass.ninja; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; connect-src http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com; media-src mediastream:; 2
frame-ancestors 'self' springchicken.co.uk 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.etracker.de *.etracker.com *.deutsches-ausschreibungsblatt.de code.jquery.com; child-src 'self' *.youtube.com; object-src 'self' 2
connect-src 'self' wss: *.maxict.nl                                                                       *.doubleclick.net                                                                       *.google-analytics.com                                                                       *.hotjar.com                                                                       *.hotjar.io                                                                       *.pro6pp.nl                                                                       *.tawk.to;                                               default-src 'none';                                               font-src 'self' data: *.maxict.nl                                                                     *.gstatic.com                                                                     *.tawk.to;                                               frame-src 'self' 'unsafe-inline' about: *.maxict.nl                                                                                       *.criteo.com                                                                                       *.google.com                                                                                       *.dpd.de                                                                                       *.eetgroup.com                                                                                       *.facebook.com                                                                                       *.hotjar.com                                                                                       *.hotjar.io                                                                                       *.kingston.com                                                                                       *.newstar.eu                                                                                       *.newstar.nl                                                                                       *.startech.com                                                                                       *.tawk.to                                                                                       *.twindis.com                                                                                       *.youtube.com                                                                                       *.psaparts.co.uk;                                               img-src 'self' data: https: *.maxict.nl                                                                           *.google.com;                                               manifest-src 'self' *.maxict.nl;                                               object-src 'self' *.maxict.nl;                                               script-src 'self' 'unsafe-inline' 'unsafe-eval' about: *.maxict.nl                                                                                                      *.bing.com                                                                                                      *.bizographics.com                                                                                                      *.cloudfront.net                                                                                                      *.criteo.com                                                                                                      *.criteo.net                                                                                                      *.doubleclick.net                                                                                                      *.facebook.net                                                                                                      *.flix360.com                                                                                                      *.flixcar.com                                                                                                      *.flixfacts.com                                                                                                      *.google-analytics.com                                                                                                      *.googleadservices.com                                                                                                      *.googletagmanager.com                                                                                                      *.google.com                                                                                                      *.hotjar.com                                                                                                      *.hotjar.io                                                                                                      *.iceleads.com                                                                                                      *.jsdelivr.net                                                                                                      *.licdn.com                                                                                                      *.linkedin.com                                                                                                      *.list-manage.com                                                                                                      *.mailchimp.com                                                                                                      *.tawk.to                                                                                                      *.vane3alga.com;                                               style-src 'self' 'unsafe-inline' *.maxict.nl                                                                                *.cloudfront.net                                                                                *.googleapis.com                                                                                *.google.com                                                                                *.jsdelivr.net                                                                                *.mailchimp.com;                                               upgrade-insecure-requests; 2
img-src blob: https: data:; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sompojapan.com.tr *.somposigorta.com.tr *.google.com *.google-analytics.com *.googleapis.com *.facebook.com *.gstatic.com *.facebook.net *.googletagmanager.com *.bootstrapcdn.com *.hotjar.com *.onesignal.com onesignal.com mc.yandex.ru track.adform.net *.googleadservices.com googleads.g.doubleclick.net *.cloudflare.com *.polyfill.io polyfill.io transloadit.edgly.net 2
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ https://www.googletagmanager.com/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://identityserver.local:44301/; 2
default-src 'self' ; connect-src 'self' https://www.google-analytics.com https://api.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://authedmine.com https://ssl.google-analytics.com https://ajax.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com;img-src 'self' https://curatorio.s3.amazonaws.com https://*.uecdn.es https://www.google.com https://www.instagram.com https://*.curator.io https://www.googletagmanager.com https://www.auchan-retail.com http://pbs.twimg.com https://pbs.twimg.com https://image-store.slidesharecdn.com https://i.ytimg.com https://*.licdn.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.cdninstagram.com https://*.googleusercontent.com https://secure.gravatar.com https://ps.w.org https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://secure.gravatar.com https://ssl.google-analytics.com data:;style-src 'self' 'unsafe-inline' data: https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.curator.io https://www.auchan-retail.com https://themes.googleusercontent.com https://fonts.gstatic.com data:; child-src https://www.auchan-retail.com https://www.youtube.com https://indd.adobe.com https://player.vimeo.com https://www.youtu.be; media-src 'self' https://www.instagram.com https://dms.licdn.com https://www.youtu.be https://www.youtube.com https://www.auchan-retail.com https://www.youtube.com https://video.twimg.com https://*.cdninstagram.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.samson.de 2
frame-ancestors 'self'; report-uri https://www.weps.org/report-uri/enforce 2
default-src 'self' *.legocdn.com *.lego.com; script-src 'self' https: *.legocdn.com *.lego.com lego.com *.akamai.net googletagmanager.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' http: *.lego.com https: *.lego.com https: dpm.demdex.net; style-src 'self'  https: *.legocdn.com 'unsafe-inline'; img-src 'self' https: *.legocdn.com http://c.analytics.lego.com data:; font-src 'self' https: fonts.gstatic.com data:; frame-src 'self' https: http://legoeducation.23video.com; object-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://api.easygis.eu https://cdnjs.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu; report-uri /report-csp-violation 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://chatbot.elmuemasz.hu/; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://chatbot.elmuemasz.hu/; img-src 'self' 'unsafe-inline' data: https://i.ibb.co/61frh4q/elmuelek.png https://i.imgur.com/ https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://ssl.gstatic.com/ https://chatbot.elmuemasz.hu/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com;connect-src 'self' https://api.cai.tools.sap/ https://www.google-analytics.com https://chatbot.elmuemasz.hu/ wss://chatbot.elmuemasz.hu/; frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://staticxx.facebook.com https://docs.google.com/forms/ https://my.matterport.com/show/ https://www.youtube.com/embed/;frame-ancestors 'self'; form-action 'self'; 2
default-src gap://ready file://* data: *; frame-ancestors 'self' *; style-src 'self'  https://* 'unsafe-inline'; script-src 'self'  https://* *.omtrdc.net s.btstatic.com www.googleadservices.com www.adobetag.com s.thebrighttag.com www.google-analytics.com pixel.rubiconproject.com ospe.costa.it d.turn.com bam.nr-data.net www.googletagmanager.com segment-pixel.invitemedia.com ds-aksb-a.akamaihd.net aws.tracker.squidanalytics.com platform.twitter.com apis.google.com connect.facebook.net aws.tracker.squidanalytics.com tagmanager.google.com *.criteo.net *.criteo.com *.doubleclick.net *.sepage.fr *.turn.com *.qualtrics.com *.youtube.com *.costa.it *.clickpoint.com *.hariken.co *.zanox.com server-it.imrworldwide.com https://d.turn.com https://bam.nr-data.net https://webcams.costa.it 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://87.98.171.25 http://176.9.86.142 http://176.9.142.103 http://144.76.24.149 http://136.243.73.233 http://148.251.0.18 http://144.76.218.27 http://148.251.136.187; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com *.cloudfront.net; style-src 'self' fonts.googleapis.com *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self' fonts.gstatic.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
default-src 'self' *.cscglobal.com *.google-analytics.com *.maxmind.com corporationserviceco.tt.omtrdc.net sample-api-v2.crazyegg.com; script-src 'self' px.ads.linkedin.com sjs.bizographics.com dnn506yrbagrg.cloudfront.net accounts.google.com optimize.google.com csc.global/assets/at.js *.google-analytics.com *.googletagmanager.com *.googleadservices.com script.crazyegg.com *.maxmind.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' optimize.google.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com px.ads.linkedin.com *.cscglobal.com cdn2.hubspot.net data: *.google-analytics.com ssl.gstatic.com *.gstatic.com googleads.g.doubleclick.net  *.googletagmanager.com *.google.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com; frame-src 'self' optimize.google.com *.youtube.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
default-src 'self' https: data: bat.bing.com *.marketo.com *.marketo.net *.mktoresp.com Discovery-ces.cloud.sitecore.net geoIp-ces.cloud.sitecore.net *.bizible.com www.linkedin.com px.ads.linkedin.com secure.adnxs.com us-east-1.dc.ads.linkedin.com s3.amazonaws.com www.bizographics.com snap.licdn.com dc.ads.linkedin.com www.googleadservices.com optimize.google.com webjira.tripwire.com storage.googleapis.com www.googletagmanager.com www.google-analytics.com rum-collector.pingdom.net www.surveygizmo.com surveygizmolibrary.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.snapengage.com *.opmnstr.com analytics.twitter.com static.ads-twitter.com sjs.bizographics.com bat.bing.com script.crazyegg.com *.bizible.com www.google.com www.gstatic.com *.vwo.com Discovery-ces.cloud.sitecore.net geoIp-ces.cloud.sitecore.net www.google.com/ads www.linkedin.com px.ads.linkedin.com secure.adnxs.com us-east-1.dc.ads.linkedin.com s3.amazonaws.com www.bizographics.com snap.licdn.com dc.ads.linkedin.com webjira.tripwire.com s.ytimg.com s3.amazonaws.com/sgpubli www.youtube.com www.surveygizmo.com optimize.google.com rum-static.pingdom.net maxcdn.bootstrapcdn.com www.googletagmanager.com code.jquery.com *.g.doubleclick.net *.doubleclick.net tagmanager.google.com www.google-analytics.com www.googleapis.com www.googleadservices.com dnn506yrbagrg.cloudfront.net cdn.optimizely.com *.marketo.com www.themuse.com storage.googleapis.com www.snapengage.com ajax.googleapis.com cdnjs.cloudflare.com *.marketo.net *.mktoresp.com; style-src 'self' 'unsafe-inline' sjs.bizographics.com bat.bing.com script.crazyegg.com www.linkedin.com px.ads.linkedin.com secure.adnxs.com us-east-1.dc.ads.linkedin.com s3.amazonaws.com www.bizographics.com snap.licdn.com dc.ads.linkedin.com webjira.tripwire.com  www.surveygizmo.com fonts.googleapis.com optimize.google.com rum-collector.pingdom.net rum-static.pingdom.net maxcdn.bootstrapcdn.com www.googletagmanager.com code.jquery.com *.marketo.com tagmanager.google.com cdnjs.cloudflare.com; connect-src 'self' *.cookiebot.com *.snapengage.com *.opmnstr.com sample-api-v2.crazyegg.com sjs.bizographics.com bat.bing.com script.crazyegg.com *.pingdom.net www.linkedin.com px.ads.linkedin.com secure.adnxs.com us-east-1.dc.ads.linkedin.com s3.amazonaws.com www.bizographics.com snap.licdn.com dc.ads.linkedin.com pagead2.googlesyndication.com webjira.tripwire.com *.optimizely.com optimize.google.com rum-static.pingdom.net www.googletagmanager.com *.marketo.com *.marketo.net *.mktoresp.com; font-src 'self' 'unsafe-inline' data: tripwire.com fonts.gstatic.com maxcdn.bootstrapcdn.com; child-src 'self' *.cookiebot.com sdn.sitecore.net www.dummies.com app-sj08.marketo.com optimize.google.com www.themuse.com www.youtube.com *.surveygizmo.com bid.g.doubleclick.net webjira.tripwire.com; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 2
default-src 'none'; style-src 'self' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-ajz1GSNU9xYVrFEDSz6Xwg7amWQ/yvW75tQa1ZvRIWc='; img-src 'self'; script-src 'self' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-PXdqDbrbLNehJtNpiPW2TQydYZCFqMfccotljXsn1JE=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=';frame-ancestors 'self'; form-action 'none'; base-uri 'none'; 2
frame-ancestors www-preprod.vegatele.com cabinet.vegatele.com vega.ua my.vega.ua;
        script-src 'unsafe-eval' 'unsafe-inline' 'self' cdn.smile-soft.com static.hotjar.com script.hotjar.com vega.pbx.vega.ua connect.facebook.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com vega.phonet.com.ua optimize.google.com;
        block-all-mixed-content; 2
base-uri 'self';connect-src *;default-src 'self' *.meetup.com *.dev.meetup.com:8001;font-src * data:;frame-ancestors 'self';frame-src *;img-src * data: blob:;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline' 2
script-src 'self' *.seksualiteit.nl *.seksindepraktijk.nl *.seksuelevorming.nl *.rutgers.international *.rutgers.nl *.weekvandelentekriebels.nl *.rutgers.ug *.rutgers.id *.anticonceptievoorjou.nl *.hotjar.com *.adform.net *.addthisedge.com *.addthis.com *.facebook.com *.newrelic.com *.nr-data.net *.cdn77.org *.ckeditor.com *.smartsupp-widget-161959.c.cdn77.org *.smartsuppchat.com *.adscience.nl *.bugherd.com *.googletagmanager.com *.googleapis.com *.pinterest.com *.readspeaker.com 'unsafe-inline' connect.facebook.net 'unsafe-eval' dev.visualwebsiteoptimizer.com *.google-analytics.com *.bootstrapcdn.com *.google.com *.gstatic.com *.typekit.net *.vimeocdn.com *.youtube.com *.ytimg.com *.fbcdn.net; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.cdn77.org *.bootstrapcdn.com *.myfonts.net *.readspeaker.com *.youtube.com; font-src 'self' *.cdn77.org *.fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.fonts.googleapis.com *.googleapis.com *.ckeditor.com *.newrelic.com; media-src * 'self' data: 2
report-uri //csp.merlion.ru:8080/report/428307387702970221/; connect-src rutube.ru *.google-analytics.com 'self' *.yandex.ru https://*.yandex.ru