Values for content-security-policy:
upgrade-insecure-requests 5,333
upgrade-insecure-requests; 3,380
frame-ancestors 'self' 1,617
block-all-mixed-content 1,002
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 772
frame-ancestors 'self' ; 330
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 303
default-src https: data: 'unsafe-inline' 'unsafe-eval' 301
frame-ancestors 'none' 287
frame-ancestors 'self'; 242
frame-ancestors 'self' http://webvisor.com 187
150
default-src * data: 'unsafe-eval' 'unsafe-inline' 83
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ssl.google-analytics.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://ssl.p.jwpcdn.com https://cdnjs.cloudflare.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bam.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com ;  style-src 'self' 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ssl.google-analytics.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://ssl.p.jwpcdn.com https://jwpltx.com https://cdnjs.cloudflare.com www.google-analytics.com https://www.gstatic.com https://bam.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com https://insights.hotjar.com https://static.hotjar.com ;  font-src 'self' data: https://*.highwebmedia.com https://ssl.p.jwpcdn.com https://cdnjs.cloudflare.com fonts.gstatic.com https://static.hotjar.com ;  connect-src 'self' https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://bam.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://ssl.google-analytics.com www.google-analytics.com https://links.services.disqus.com https://sentry.io https://cbvideoupload.s3-accelerate.amazonaws.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://*.hotjar.com:* wss://*.hotjar.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://cbpv.chaturbate.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com https://vars.hotjar.com ;  child-src 'self' blob: blob https://vars.hotjar.com ;  worker-src 'self' blob: blob https://vars.hotjar.com ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com https://secure.camsterchat.com https://secure.zpaymentsystems.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 82
frame-ancestors 'none'; 70
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 70
default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 54
* 53
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.sex.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com;img-src 'self' 'unsafe-inline' data: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 50
frame-ancestors about: 'self' 48
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.webtrends.com statse.webtrendslive.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com; 42
frame-ancestors 'self' https://*.tw.mawebcenters.com 40
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 36
script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 35
self 34
report-uri /report-csp-violation 33
img-src https: data:; upgrade-insecure-requests 31
upgrade-insecure-requests; block-all-mixed-content; 28
default-src 'self' 28
frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 27
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 26
frame-ancestors 'self'  http://*.impress.ly  http://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com 26
default-src 'self'  https:;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;         style-src 'self' 'unsafe-inline' https:;         img-src * data:;         font-src 'self' data: https:;         form-action *; 25
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 25
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 23
default-src * 'unsafe-inline' 'unsafe-eval' 22
frame-ancestors https://www.hk-laisee.com https://www.hk-rewards.com https://www.myopinions.com.au 22
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 20
referrer origin 20
frame-ancestors self 20
frame-ancestors 'self' https://metrica.yandex.ru/; 20
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 20
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  18
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.google-analytics.com https://*.mookie1.com http://ib.adnxs.com https://secure.adnxs.com www.googleadservices.com https://googleads.g.doubleclick.net https://in.taskanalytics.com https://www.googletagmanager.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' * data:;frame-src 'self' *.youtube.com *.vimeo.com *.morningstar.com *.portalbank.no https://id.eika.no https://www.googletagmanager.com https://ir.asp.manamind.com https://ext.mnm.as *.doubleclick.net https://*.google.se https://*.google.no https://*.google.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://www.facebook.com/tr/;report-uri /WebResource.axd?cspReport=true 17
frame-ancestors https:; 17
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com 17
default-src https: 'unsafe-inline' data: 'unsafe-eval' blob: 17
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 16
script-src *; 16
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 15
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 15
reflected-xss block 14
frame-ancestors 'none'; upgrade-insecure-requests 14
default-src http: data: 'unsafe-inline' 'unsafe-eval' 14
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 14
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 14
img-src 'self' data: * 14
default-src https: 'unsafe-inline' 'unsafe-eval' 13
frame-ancestors 'self' https://encheres.lefigaro.fr 13
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 12
frame-ancestors 'self' https://*.adobe.com 12
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com ; 12
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 12
default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 12
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 12
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 12
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 12
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-ancestors 'self' online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com; 12
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 12
default-src * 'unsafe-inline' 'unsafe-eval' data: 12
img-src * data: blob:; 12
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 11
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 11
default-src * data: 'unsafe-inline' 'unsafe-eval'; 11
default-src * blob: 'self' data: 'unsafe-inline' 'unsafe-eval' https:; 11
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 11
policy-definition 11
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com *.effad.ru effad.ru *.me-talk.ru disgusting.ru yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000; 11
'self' https://ajax.googleapis.com 11
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com 11
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 11
upgrade-insecure-requests; base-uri 'self' 11
default-src data: https: 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'unsafe-eval' 'unsafe-inline' 11
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 11
frame-ancestors * 11
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 10
default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests; 10
frame-ancestors 'self' https://*.cdn.ampproject.org 10
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 10
frame-ancestors 'self' https://cms.leaseplan.com http://cms.leaseplan.com 10
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 10
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com 10
frame-ancestors 'self' http://*.elsevier.es/ 10
allow 'self'; 10
default-src 'self'; 10
frame-ancestors 'self' https://explore2.mybluemix.net; 10
default-src * data: 'unsafe-inline' 'unsafe-eval' 10
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 10
img-src https: data:; frame-src https:; form-action https:; 9
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 9
object-src 'self' 9
frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 9
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 9
frame-ancestors 9
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 9
upgrade-insecure-requests; frame-ancestors 'self' 9
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://www.medscape.com https://business.facebook.com https://www.facebook.com 9
; 9
frame-ancestors 'self' https://*.mawebcenters.com 9
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 9
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 8
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.rzrs.de http://www.kaufland-reisen.de 'self' 8
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 8
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 8
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 8
img-src https: data:; child-src https:; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 8
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 8
default-src https: 'unsafe-eval' 'unsafe-inline' 8
default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 8
referrer no-referrer 8
none 8
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 8
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://uvinum.report-uri.io/r/default/csp/enforce 8
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 8
frame-ancestors 'self' asadventure.marketing.adobe.com 8
block-all-mixed-content; 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 8
default-src 'self'; script-src data: https://share.yandex.ru *.marketgid.com static.criteo.net https://www.google-analytics.com https://connect.ok.ru https://www.google.com www.googletagmanager.com https://www.gstatic.com https://*.vk.com https://vk.com https://graph.facebook.com https://connect.mail.ru 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.googleapis.com 'self' 'unsafe-inline'; img-src data: https://img-24x7.com *.marketgid.com *.mgid.com *.tovarro.com *.trafmag.com *.mixmarket.biz rtb.com.ru cooster.ru recreativ.ru https://www.google-analytics.com yastatic.net check.googlezip.net https://www.gstatic.com https://vk.com https://www.google.ru 'self'; font-src data: https://fonts.gstatic.com 'self'; connect-src bidder.criteo.com https://graph.facebook.com 'self'; frame-src ybnotification: https://streamstorm.online https://streamguard.cc https://www.youtube.com https://vk.com https://*.vk.com https://*.yandex.ru https://www.google.com 'self' 7
default-src http: https: wss://*.zopim.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 7
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 7
default-src 'self' *.transunion.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.transunion.com blob: f1.media.brightcove.com; img-src * data:; font-src data: *.transunion.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 7
default-src 'self'; frame-src 'self' data: fbrpc://call https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/					   https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://m.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.algolia.net https://*.algolianet.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; report-uri https://headersreporting.mysaleapi.com/Report 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com 7
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 7
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 7
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 7
nosniff 7
frame-src https:; report-uri /csp-violation-endpoint/ 7
frame-ancestors 'self' *.classcreator.com *.classconnection.com *.facebook.net *.facebook.com 7
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 7
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src https: data:; child-src https: data:; connect-src https: data: ws://*.hotjar.com wss://*.hotjar.com; object-src 'none'; 7
font-src self https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 7
img-src *;object-src *;frame-src *; 7
upgrade-insecure-requests; frame-ancestors 'self'; 7
default-src *; img-src 'self' data: http://* ;style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' data: gap: 7
default-src 'self' http://dpm.demdex.net https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://*.map2.ssl.hwcdn.net; 7
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 7
default-src 'self' 'unsafe-inline' http://park.101datacenter.net data: 7
frame-ancestors 'self' *.tunegenie.com http://127.0.0.1:* https://127.0.0.1:*; 7
frame-ancestors www.facebook.com oauth.securevetsource.com accounts.google.com accounts.google.co.in 7
default-src 'self'; script-src 'self' 'unsafe-inline' 6
upgrade-insecure-requests; default-src * data: gap: blob: about: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' http://www.clarksusa.com/; 6
default-src 'self' wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://evbk.gamooga.com https://securepubads.g.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://intldashboard.redbus.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://www.google.co.in https://connect.facebook.net http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com http://logs.redbus.com/ https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com/ http://cdn-jp.gsecondscreen.com https://googleads.g.doubleclick.net http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com http://www.googleadservices.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com/sessionstack.js http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com; img-src 'self' data: https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com  https://googleads.g.doubleclick.net https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com https://stats.g.doubleclick.net http://origin-st.redbus.in https://pilgrimages-cms.s3-ap-southeast-1.amazonaws.com https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://www.facebook.com https://api.midtrans.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://bid.g.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com/ https://googleads.g.doubleclick.net https://staticxx.facebook.com https://dis.as.criteo.com; object-src 'none' 6
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 6
default-src https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' data:  *.accesso.com; img-src 'self' https: data:; 6
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com *.telerain.com:* 6
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 6
default-src https:; font-src https: data:; img-src http: https: data:; object-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 6
frame-ancestors 'self' https://*.concurra.com/ http://*.concurra.com/ 6
connect-src 'self' habboo-a.akamaihd.net *.habbo.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com *.googlesyndication.com *.gstatic.com images.habbogroup.com http://images.habbogroup.com http://*.habbo.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com http://*.idcgames.com www.funnygames.fi http://www.funnygames.fi www.funnygames.es http://www.funnygames.es www.funnygames.nl http://www.funnygames.nl www.funnygames.fr http://www.funnygames.fr www.funnygames.it http://www.funnygames.it www.funnygames.us http://www.funnygames.us www.funnygames.eu http://www.funnygames.eu www.funnygames.biz http://www.funnygames.biz www.funnygames.com.br http://www.funnygames.com.br *.gamesxl.com http://*.gamesxl.com keygames.com http://keygames.com www.games.co.za http://www.games.co.za www.elkspel.nl http://www.elkspel.nl www.spele.nl http://www.spele.nl www.spele.be http://www.spele.be www.spelletjesoverzicht.nl http://www.spelletjesoverzicht.nl *.orangegames.com http://*.orangegames.com *.giochixl.it http://*.giochixl.it www.1001giochi.it http://www.1001giochi.it *.jeuxdelajungle.fr http://*.jeuxdelajungle.fr www.1001games.fr http://www.1001games.fr gamecell.com https://gamecell.com www.gamecell.com https://www.gamecell.com *.1001pelit.com http://*.1001pelit.com www.isladejuegos.es http://www.isladejuegos.es *.1001spiele.de http://*.1001spiele.de www.jetztspielen.ws http://www.jetztspielen.ws www.spielaffe.de http://www.spielaffe.de *.spielspiele.de http://*.spielspiele.de *.1001jogos.pt http://*.1001jogos.pt; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com; upgrade-insecure-requests; report-uri /csp/report 6
default-src 'self'; style-src 'self' 'unsafe-inline'; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; 6
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 6
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-ancestors 'self' 6
frame-ancestors 'self' *.fluencycms.co.uk; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6
frame-ancestors 'self' https://optimize.google.com/ 6
default-src https: 'unsafe-inline' 'unsafe-eval' data: 6
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; frame-ancestors 'self' app.optimizely.com;font-src * data: 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 6
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bali6nora.com *.juicer.io *.dotmailer-surveys.com *.nr-data.net *.newrelic.com *.hotjar.com *.google-analytics.com fast.fonts.net www.googletagmanager.com player.vimeo.com www.googleadservices.com googleads.g.doubleclick.net www.youtube.com s.ytimg.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.juicer.io fast.fonts.net; font-src 'self' 'unsafe-inline' *.juicer.io data:; frame-src: 'self'; img-src * data:; media-src: 'self'; frame-ancestors 'self'; 6
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 6
base-uri 'self' 6
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.usabilla.com https://*.hotjar.com https://*.youtube.com https://*.youku.com https://*.google.com https://*.google-analytics.com https://*.iadvize.com https://*.r42tag.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 6
frame-ancestors 'self' *.gdatasoftware.com *.gdata.de; 6
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 6
object-src 'none'; 6
frame-ancestors 'self' *.imodules.com 6
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
block-all-mixed-content;frame-ancestors *.mail.com 5
frame-ancestors 'self' https://optimize.google.com 5
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj 5
frame-ancestors 'self' https://www.growingio.com 5
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.sex.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com;img-src 'self' 'unsafe-inline' data: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 5
frame-ancestors https://eu1-ifwe.3dexperience.3ds.com https://eu1-215dsi0708-ifwe.3dexperience.3ds.com http://sw.local:81 http://sw2.local:81 https://solidworks.com https://www-dev.itvpc.solidworks.com https://www-qal.itvpc.solidworks.com https://www-ppd.itvpc.solidworks.com https://www-contrib.itvpc.solidworks.com 5
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 5
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com; report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=anonweb 5
upgrade-insecure-requests; base-uri 'self'; 5
frame-ancestors 'self' http://localhost:* https://www.stumbleupon.com/ 5
frame-ancestors 'self' *.loveknitting.com *.loveknitting.de *.loveknitting.co.uk *.loveknitting.com.au *.lovecrochet.com *.lovecrochet.de *.lovecrochet.co.uk *.lovecrochet.com.au *.lovestitching.com *.lovecrafts.com 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com qicm.americanexpress.com ci-mpsnare.iovation.com mpsnare.iesnare.com secure.cmax.americanexpress.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe https://m.addthisedge.com https://m.addthis.com https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ *.addthis.com  https://home-c11.incontact.com/inContact/ChatClient/js/embed.min.js https://js.adsrvr.org/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com https://qicm.americanexpress.com https://secure.cmax.americanexpress.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com ;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com;frame-src 'self' http://s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.americanexpress.com/ https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://edge.addthis.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://home-c11.incontact.com/;connect-src 'self' http://m.addthis.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://online.americanexpress.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 5
default-src 'self' data: *.cms.vwfs.tools server.adform.net vwfs.demdex.net *.iadvize.com; img-src 'self' data: *.cms.vwfs.tools *.omtrdc.net img.youtube.com googleads.g.doubleclick.net static.doubleclick.net *.iadvize.com; script-src 'self' assets.adobedtm.com *.volkswagenbank.de *.omtrdc.net *.iadvize.com *.youtube.com s.ytimg.com googleads.g.doubleclick.net static.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.iadvize.com; connect-src 'self' dpm.demdex.net cm.everesttech.net *.iadvize.com wss://*.iadvize.com *.youtube.com; child-src * 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  5
frame-ancestors https://www.thetrainline.com https://www.liligo.fr 5
connect-src * 'self' 5
frame-ancestors https://app.monsido.com http://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.homeaffairs.gov.au https://*.customs.gov.au https://*.abf.gov.au 5
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 5
default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com 5
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 5
default-src gap://ready file://* data: *; frame-ancestors 'self' *; style-src 'self'  https://* 'unsafe-inline'; script-src 'self'  https://* *.omtrdc.net s.btstatic.com www.googleadservices.com www.adobetag.com s.thebrighttag.com www.google-analytics.com pixel.rubiconproject.com ospe.costa.it d.turn.com bam.nr-data.net www.googletagmanager.com segment-pixel.invitemedia.com ds-aksb-a.akamaihd.net aws.tracker.squidanalytics.com platform.twitter.com apis.google.com connect.facebook.net aws.tracker.squidanalytics.com tagmanager.google.com *.criteo.net *.criteo.com *.doubleclick.net *.sepage.fr *.turn.com *.qualtrics.com *.youtube.com *.costa.it *.clickpoint.com *.hariken.co *.zanox.com server-it.imrworldwide.com https://d.turn.com https://bam.nr-data.net https://webcams.costa.it 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 5
script-src 'self'; object-src 'self' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; 5
style-src 'self' 'unsafe-inline' *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com 5
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src 'self' *; font-src 'self' data: *; connect-src 'self' *; 5
default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 5
frame-ancestors http://ecomdisplay.int/ 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self';script-src 'self' https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com 'unsafe-inline' https://www.googletagmanager.com *.mxpnl.com;style-src 'self' https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'unsafe-inline';connect-src 'self' https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com https://api.mixpanel.com;font-src https://ajax.aspnetcdn.com 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com;img-src 'self' https://www.google-analytics.com *.acceleratoradmin.com https://www.google-analytics.com https://www.googletagmanager.com data:; frame-src https://www.google.com *.swiftprepaid.com *.acceleratoradmin.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.lincolnelectricdigitalrewards.com *.adpclientappreciation.com *.youtube.com https://youtu.be 5
default-src https: 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors *.sitewebmotors.com.br; 5
script-src 'self'    5
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; font-src https: data:; report-uri https://elnino.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 5
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; upgrade-insecure-requests 5
default-src 'self' wss: http: https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 5
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 5
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd; worker-src 'self' https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 5
default-src 'self' *.onewp.net;   style-src 'unsafe-inline' 'self' data: *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.google.com *.googleapis.com use.typekit.net p.typekit.net;   font-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net fonts.gstatic.com data: *.northfork.se *.onewp.net use.typekit.net;   script-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.googletagmanager.com *.google-analytics.com *.google.com use.typekit.net sc-static.net *.sc-static.net 'unsafe-inline' 'unsafe-eval';   connect-src 'self' *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.onewp.net *.google-analytics.com yoast.com performance.typekit.net;   img-src 'self' data: *.google.com *.facebook.com *.adform.net *.facebook.net *.northfork.se *.cdninstagram.com *.onewp.net *.google-analytics.com *.gstatic.com *.doubleclick.net secure.gravatar.com s.w.org p.typekit.net;   frame-src 'self' * 5
default-src 'self'; connect-src 'self' https: *.fibi.co.il; style-src https: 'unsafe-inline'; child-src 'self' https: *.fibi.co.il; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com 5
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5
upgrade-insecure-requests;frame-ancestors 'none';object-src 'none'; 5
img-src * 5
frame-ancestors 'self' *.casinomodule.com; 5
base-uri 'self'; 5
frame-ancestors 'self' esri.experiencecloud.adobe.com esri.marketing.adobe.com 5
upgrade-insecure-requests; block-all-mixed-content 5
frame-ancestors 'self' https://*.facebook.com; 5
frame-ancestors 'self' https://*.salesforce.com 5
report-uri //report-csp-violation 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
upgrade-insecure-requests; default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; 5
default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 5
frame-ancestors 'self' http://webvisor.com https://webvisor.com 4
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 4
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 4
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 4
frame-ancestors 'self' *.microfocus.com https://*.softwaregrp.com; 4
default-src https:;script-src 'self' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://*.google.com.sg https://*.google.com http://*.rambler.ru https://*.google-analytics.com https://*.google.co.uz https://*.google.ru https://*.google.co.uk https://*.googlesyndication.com https://*.googleapis.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' blob: https://cdn.my-styles.ru; connect-src 'self' https://googleads.g.doubleclick.net https://*.googlesyndication.com http://*.googleapis.com https://*.gstatic.com;img-src 'self' https://*.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.yadro.ru https://*.gstatic.com https://*.googlesyndication.com https://*.ggpht.com https://*.maps.yandex.net https://*.yandex.ru data:; 4
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 4
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443; media-src 'self' https://*.qbrick.com:443; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; child-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk; font-src 'self' 4
frame-ancestors 'self' *.nike.com *.nikedev.com *.nikecloud.com 4
default-src 'self'; connect-src * *://*.hotjar.com; font-src 'self' *.cloudfront.net *.hotjar.com data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; report-uri https://telogis-referee-primary.herokuapp.com/vzc-csp-report; report-to https://telogis-referee-primary.herokuapp.com/vzc-csp-report; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.cloudfront.net 'unsafe-inline' 4
frame-ancestors https://*.gameforge.com 4
frame-ancestors https://www.zyxel.com https://bbwf.zyxel.com https://www12.zyxel.com 4
default-src *; font-src data: *; img-src data: *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' * 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthis.com m.addthisedge.com m.addthis.com w.estat.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com www.google.com ajax.googleapis.com; base-uri 'self'; 4
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; 4
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors * 4
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://client.comprigo.com https://hal9000.redintelligence.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.wozutesten.de https://cdnmuc2.petafuel.net https://cdnnbg.petafuel.net https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.adcell.de https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.wozutesten.de https://cdnmuc2.petafuel.net https://cdnnbg.petafuel.net https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ; 4
default-src 'self'; connect-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; frame-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; object-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; img-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; font-src * data: filesystem:; media-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com 4
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 4
frame-ancestors 'self' X-Frame-Options: ALLOW-FROM�http://webvisor.com/�https://metrica.yandex.com/ 4
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4
frame-ancestors *.ivanti.com 4
script-src 'self' http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 4
frame-ancestors https://*.marketo.com 4
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 4
frame-ancestors 'self' uxanalytics.content-square.fr 4
default-src 'self' blob:; script-src *.marketgid.com static.criteo.net https://vk.com https://www.google-analytics.com https://google.com https://*.google.com https://www.googletagmanager.com https://graph.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.googleapis.com 'self' 'unsafe-inline'; img-src data: *.marketgid.com *.trafmag.com *.mixmarket.biz rtb.com.ru cooster.ru recreativ.ru cm.marketgid.com https://www.google-analytics.com yastatic.net https://*.gstatic.com https://www.google.ru 'self'; font-src https://*.gstatic.com 'self'; connect-src bidder.criteo.com 'self'; frame-src https://streamstorm.online https://streamguard.cc https://trailerclub.me https://www.stormo.tv https://player.ictv.ua https://viho.tv ybnotification: https://www.youtube.com https://video.rutube.ru https://rutube.ru https://1plus1.video https://ovva.tv https://videomore.ru 'self' 4
object-src 'self'; frame-ancestors 'self' 4
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 4
frame-ancestors 'self' http://www.weathertechwholesale.com http://www.cabelas.com https://www.cabelas.com http://www.calcarcover.com https://www.calcarcover.com http://cabuat01.cabelas.com https://cabuat01.cabelas.com http://cabuat02.cabelas.com https://cabuat02.cabelas.com http://cabuat03.cabelas.com https://cabuat03.cabelas.com https://sandbox-assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://secure.checkout.visa.com *.intranet.dow.com 4
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 4
frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com; 4
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 4
default-src 'self' n161adserv.com bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet http://151.80.33.131 http://151.80.100.50 http://51.38.53.33 http://145.239.1.130 http://79.137.69.216 http://79.137.69.239 http://79.137.69.166; style-src 'self' 'unsafe-inline'; script-src n161adserv.com bongacams.com *.bongacams.com cdn.jsdelivr.net 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' data:; img-src 'self' n161adserv.com bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com data:; 4
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net maps.googleapis.com *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.googleapis.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com maps.googleapis.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com; img-src 'self' data: pixel.advertising.com *.forcepoint.com analyticsssl.forcepoint.com analyticsnossl.forcepoint.com ssl.google-analytics.com *.marinsm.com *.google-analytics.com s.ml-attr.com stats.g.doubleclick.net *.facebook.com *.adroll.com *.yahoo.com *.google.com *.getsmartcontent.com *.pubmatic.com *.adnxs.com t.co attr.ml-api.io pixel.rubiconproject.com trc.taboola.com sync.outbrain.com *.casalemedia.com idsync.rlcdn.com *.bidswitch.net us-u.openx.net bsw.digitru.st ps.eyeota.net cm.g.doubleclick.net match.adsrvr.org sync-tm.everesttech.net dmp.adform.net i.w55c.net d.turn.com tags.w55c.net sync.tidaltv.com sync.mathtag.com in.v12group.com sync.adap.tv eyeota-sync.dotomi.com p.rfihub.com *.demdex.net *.tealiumiq.com *.vidyard.com *.bing.com s3.amazonaws.com *.s3.amazonaws.com *.driftt.com eb2.3lift.com *.gartner.com *.liadm.com *.krxd.net *.pippio.com *.amazon-adsystem.com dev.visualwebsiteoptimizer.com *.cloudfront.net *.cdnwidget.com tags.bluekai.com *.adsymptotic.com cm.everesttech.net pippio.com secure.adnxs.com su.addthis.com lrpush.apxlv.com global.ib-ibi.com bcp.crwdcntrl.net analytics.twitter.com api.bizographics.com sync.placelocal.com segments.company-target.com pixel.tapad.com lrp.mxptint.net match.prod.bidr.io p.univide.com rp.gwallet.com ds.reson8.com dmp.truoptik.com aa.agkn.com bs.serving-sys.com *.entitytag.co.uk token.rubiconproject.com liveramp-eicm-global.dsp.io thrtle.com apolloprogram.io live.rzsync.com idsync.reson8.com; connect-src 'self' dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com analyticsnossl.forcepoint.com bam.nr-data.net analyticsssl.forcepoint.com stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 4
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 4
allow-same-origin 4
img-src 'self' http: https: *.google.com; 4
frame-src 'self' 4
connect-src * 4
upgrade-insecure-requests;block-all-mixed-content; 4
script-src 'self' cdn.polyfill.io cdn.rawgit.com platform.twitter.com *.twimg.com assets.adobedtm.com www.adobetag.com cstatic.weborama.fr mmtro.com secure-player.canal-plus.com www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js recaptcha.net *.dimelochat.com *.dimelo.com *.canal-bis.com media-pass-api.canal-plus.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com cdn-images.mailchimp.com platform.twitter.com *.twimg.com https://tagmanager.google.com 'unsafe-inline' *.canal-bis.com blob:; img-src * data:; connect-src *; font-src 'self' data: fonts.gstatic.com; object-src 'self'; media-src 'self' static.canal-plus.net blob:; child-src * 4
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 4
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 4
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 4
default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com 4
default-src *; font-src * 'self' data:; img-src * 'self' data:; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://search.fwd.com.hk/ *.useinsider.com http://search.fwd.com.hk/ https://fwd.api.useinsider.com/ https://search.fwd.com.ph/ http://search.fwd.com.ph/ https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net cloudfront.net *.mimecast.com  *.adsrvr.org *.facebook.com *.youtube.com *.ytimg.com *.visualwebsiteoptimizer.com bs.serving-sys.com *.taboola.com; connect-src 'self' https://search.fwd.com.hk/ wss://directline.botframework.com *.botframework.com http://search.fwd.com.hk/ https://search.fwd.com.ph/ http://search.fwd.com.ph/ https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.facebook.com *.vimeo.com *.youtube.com *.taboola.com; 4
frame-ancestors https://*.cafepress.com https://*.cafepress.co.uk https://*.cafepress.ca https://*.cafepress.com.au ; 4
frame-ancestors 'self' *.vergic.com 4
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 4
block-all-mixed-content; upgrade-insecure-requests; 4
default-src 'unsafe-inline' data: about: hcom: blob: callback: chrome-error: *; script-src 'unsafe-eval' 'unsafe-inline' data: about: blob: asset: *; report-uri https://525fade5ca1b22e6c3c9f4504b6b3f68.report-uri.com/r/d/csp/enforce 4
default-src https: 'unsafe-inline' 4
default-src https:; base-uri 'self'; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de https://translate.googleapis.com; img-src 'self' data: http: https:; frame-src https:; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; ;frame-ancestors 'self';report-uri /ls/ 4
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 4
frame-ancestors https://app.optimizely.com; 4
frame-ancestors 'self' u-sleep.umbian.com brightree.net *.u-sleep.umbian.com *.brightree.net 4
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 4
default-src blob: *; child-src blob: *; img-src 'self' data: https: blob: https: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' blob: https: *; worker-src 'self' 'unsafe-inline' blob: https: *; 4
default-src 'self'              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com; 4
default-src 'none'; base-uri 'self' *.adform.net *.seadform.net; connect-src 'self' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.pay-read.se; frame-ancestors 'self' http://frame.bloglovin.com https://blogkeen.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 4
style-src 'self' 'unsafe-inline'; 4
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 4
default-src https: ws: 'unsafe-inline' 'unsafe-eval';img-src * data:;font-src * data:; 4
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline';  4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org; 4
default-src http: https: data: blob: mediastream: wss:; script-src http: https: data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: blob: mediastream: 'unsafe-inline'; 4
connect-src 'self'; 4
script-src 'self' 4
object-src 'none'; base-uri 'none'; require-sri-for script style 4
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 4
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 4
frame-ancestors 'self' https://*.moody.edu 4
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 4
script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com 'strict-dynamic' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-VYh+xiSqo4QzOSUckJBCHDIBNNBdxwG2PIIevxRqeh4=' *.googleapis.com; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; base-uri 'none' 4
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 3
default-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; object-src *; font-src * data:; img-src * data:; frame-ancestors 'self' *.ca.com; 3
default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'   3
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://huffintl.report-uri.com/r/d/csp/enforce 3
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3
block-all-mixed-content; report-uri https://allegroapi.io/seclog/csp; 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; worker-src blob:; media-src 'self' https://*.cdw.com https://*.cnetcontent.com media.flixfacts.com www.youtube.com https://*.webcollage.net blob:; 3
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.yandex.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com mc.yandex.ru ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.yandex.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus mc.yandex.ru ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net; report-uri https://livejournal.com/csp_reports; media-src storage.mds.yandex.net http: https: data: 3
font-src * 3
frame-ancestors 'self';upgrade-insecure-requests 3
default-src 'self' https:; frame-src 'self' https: blob:; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net code.org studio.code.org 3
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 3
base-uri ' ' 3
default-src *  'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors *; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;  3
connect-src 'self' https://disqus.com *.disqus.com *.disquscdn *.addthis.com 3
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 3
script-src 'unsafe-inline' 'unsafe-eval' https:; 3
default-src https://ssl.gstatic.com https://www.gstatic.com https://cdnjs.cloudflare.com tagmanager.google.com  https://ion.fiserv.com https://connect.facebook.net www.youtube.com https://players.brightcove.net https://hls.cf.brightcove.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.hypemarks.com www.digitalfileshares.com https://brightcove.hs.llnwd.net www.fiserv.com https://www.fiserv.com https://vjs.zencdn.net https://www.google.ca https://*.addthis.com https://www.google.com https://secure.brightcove.com https://f1.media.brightcove.com data: https://metrics.brightcove.com https://edge.api.brightcove.com blob: https://*.doubleclick.net https://www.google.com https://8174811.fls.doubleclick.net https://www.google-analytics.com https://t.co https://stats.g.doubleclick.net https://vlog.leadformix.com https://www.facebook.com https://secure.adnxs.com https://www.pages05.net https://*.pingdom.net https://*.linkedin.com 'unsafe-inline' 'unsafe-eval'; script-src https://tagmanager.google.com https://ajax.googleapis.com https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://api.keen.io https://www.fiserv.com https://s.ytimg.com https://www.youtube.com https://www.tintup.com https://*.cloudfront.net www.fiserv.com https://www.googletagmanager.com https://*.addthis.com https://m.addthisedge.com https://www.sc.pages05.net https://www.google-analytics.com https://sjs.bizographics.com https://static.ads-twitter.com https://*.pingdom.net https://snap.licdn.com https://vlog.leadformix.com https://*.facebook.com https://*.twitter.com https://www.google.com https://*.facebook.net https://*.linkedin.com https://*.adnxs.com https://players.brightcove.net https://vjs.zencdn.net https://www.fiserv.com blob: https://www.bizographics.com 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 3
frame-ancestors 'self' *.google.de *.google.ch *.google.at *.google.nl *.google.cz *.google.com *.google.se *.optimizely.com 3
default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' 3
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics 3
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://www.youtube.com/embed/ https://server.infinety.hu/;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://maps.googleapis.com/maps/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/  https://fonts.googleapis.com/;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/; 				     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://connect.facebook.net/en_US/fbevents.js blob: 'self'; 				     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/;                                     child-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/; 3
frame-ancestors 'self' https://profiles.onbase.com 3
frame-src 'self' www.affirm.com sandbox.affirm.com www.assayassured.co.uk *.criteo.net *.criteo.com connect.facebook.net lookaside.facebook.com staticxx.facebook.com m.facebook.com web.facebook.com www.facebook.com *.fuel451.com bid.g.doubleclick.net cm.g.doubleclick.net www.google.com www.googletagmanager.com pay.google.com *.jewlr.com assets-jewlr.netdna-ssl.com *.jwl.io *.justuno.com secure.livechatinc.com www.paypalobjects.com www.paypal.com www.sandbox.paypal.com www.resellerratings.com storefront-launcher-cdn.sweettooth.io storefront-panel.sweettooth.io tr.snapchat.com js.stripe.com cdn.tangiblee.com widget.tangiblee.com platform.twitter.com syndication.twitter.com player.vimeo.com www.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' d.adroll.com s.adroll.com *.affirm.com tracker.affirm.com calculator.affirm.com mpsnare.iesnare.com api-cdn.amazon.com d24n15hnbwhuhn.cloudfront.net www.assayassured.co.uk bat.bing.com js.braintreegateway.com *.bronto.com paypalus.cloud-iq.com *.convertexperiments.com *.criteo.net *.criteo.com connect.facebook.net lookaside.facebook.com staticxx.facebook.com web.facebook.com www.facebook.com fb33ac4224ea.cdn4.forter.com 621e092954a3.cdn4.forter.com d35u1vg1q28b3w.cloudfront.net *.forter.com:* cdnjs.cloudflare.com media-akam.licdn.com cdn.fuelx.com pr1.fuel451.com psr.fuel451.com rs.fullstory.com www.fullstory.com fullstory.com www.googletagmanager.com apis.google.com www.google.com *.googleapis.com ssl.google-analytics.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com pippio.com cm.g.doubleclick.net optimize.google.com tagmanager.google.com pay.google.com assets-jewlr.netdna-ssl.com *.jewlr.com builder-jewlr.netdna-ssl.com ca-j4-assets-jewlr.netdna-ssl.com j4-assets-jewlr.netdna-ssl.com jo-assets-jewlr.netdna-ssl.com ps-j4-assets-jewlr.netdna-ssl.com user-uploads-jewlr.netdna-ssl.com render-jewlr.netdna-ssl.com renderb-jewlr.netdna-ssl.com static-jewlr.netdna-ssl.com staticv-jewlr.netdna-ssl.com daga8y6cp8j63.cloudfront.net *.jwl.io *.justuno.com cdn.livechatinc.com secure.livechatinc.com accounts.livechatinc.com www.paypal.com www.paypalobjects.com paypal.adtag.where.com s.pinimg.com cdn.ravenjs.com shopperapproved.com www.shopperapproved.com cdn.siftscience.com d1gzz21cah5pzn.cloudfront.net www.sitejabber.com cdn.sweettooth.io sc-static.net js.stripe.com cdn.tangiblee.com api.tangiblee.com platform.twitter.com player.vimeo.com; frame-ancestors https://*.jewlr.com https://app.convertexperiments.com https://jewlr4.jwl.io https://secure.jwl.io; report-uri /csp_report 3
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 3
frame-ancestors 'self' http://quintiles.lookbookhq.com https://quintiles.lookbookhq.com https://lookbook.solutions.iqvia.com http://lookbook.solutions.iqvia.com 3
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3
default-src * blob:; child-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3
frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://cx.sap.com https://cx.sap.com https://nopreview.ru http://dev-cx.calliduscloud.com https://dev-cx.calliduscloud.com http://stage-cx.calliduscloud.com https://stage-cx.calliduscloud.com https://gigya.staging.wpengine.com https://www.gigya.com https://gigyadev.wpengine.com *.lookbookhq.com https://cloudplatform-qa.sap.com https://cloudplatform.sap.com;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net http://dewdfbcmcps10:1080 http://dewdfbcmcps10 https://bcmcps.enter.sap *.d41.co 3
frame-ancestors https://www.usgacardshop.com http://www.usgacardshop.com http://www.123print.com http://www.brookhollowcards.com http://www.cardsdirect.com https://www.123print.com https://www.brookhollowcards.com https://www.cardsdirect.com http://*.cardsdirect.com; 3
img-src https: data:; child-src https:; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; 3
connect-src 'self' https://*.google-analytics.com https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; report-uri https://www.index-education.com/violationReportCSP.php;report-to http://www.index-education.com/violationReportCSP.php;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://*.vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src *; 3
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; 3
default-src *.google.com *.issuu.com *.biz-up.at www.youtube.com 'self' 'unsafe-inline' m.doris.at maxcdn.bootstrapcdn.com stats.g.doubleclick.net *.gstatic.com *.googleapis.com www.google-analytics.com *.facebook.com cdn.mlwrx.com; script-src malsup.github.io 'self' 'unsafe-inline' 'unsafe-eval' *.issuu.com maxcdn.bootstrapcdn.com *.googleapis.com www.google-analytics.com oss.maxcdn.com connect.facebook.net sys.mailworx.info cdn.mlwrx.com *.jquery.com; base-uri 'self'; img-src * data:; 3
object-src 'self'; 3
frame-ancestors 'self' *.infor.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 3
default-src * 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' data: gap: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com; font-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 3
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com *.demdex.net; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net; media-src 'self' blob: ; report-uri https://system.netsuite.com/app/security/cspreport.nl 3
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 3
frame-ancestors 'self' apps.facebook.com 3
script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.snowleader.com *.snowleader.be *.snowleader.ch *.snowleader.de *.snowleader.at *.snowleader.co.uk *.snowleader.es *.google.com *.googleapis.com googleapis.com www.googlecommerce.com www.google-analytics.com www.googleadservices.com *.gstatic.com www.googletagmanager.com *.zopim.com *.criteo.com static.criteo.net tracker.twenga.fr t.c4tw.net api2.reversoform.com *.bazaarvoice.com use.typekit.net mpsnare.iesnare.com connect.facebook.net *.twitter.com cdn.syndication.twimg.com d31qbv1cthcecs.cloudfront.net https://display.ugc.bazaarvoice.com https://apis.google.com https://d31qbv1cthcecs.cloudfront.net https://stg.api.bazaarvoice.com https://mpsnare.iesnare.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com https://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://maps.googleapis.com https://secure.skypeassets.com www.skypeassets.com https://98t4f62uw1.kameleoon.eu https://ewnxky8h6u.kameleoon.eu https://hht0f37q6v.kameleoon.eu https://mm14aijsxz.kameleoon.eu https://74m0rlm9ta.kameleoon.eu *.kameleoon.eu *.kameleoon.com https://mc.yandex.ru https://yastatic.net https://widgets.trustedshops.com https://js-agent.newrelic.com https://bam.nr-data.net http://widgets.trustedshops.com https://www.eoft.eu/ https://player.vimeo.com https://widget.trustpilot.com https://outdoor-ticket.net https://www.outdoor-ticket.net 3
default-src 'none'; object-src 'none'; worker-src 'none'; base-uri 'self'; media-src https://js.intercomcdn.com; img-src 'self' blob: data: https:; font-src data: https://storage.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; connect-src 'self' https://sentry.io https://app.getsentry.com https://*.facebook.com https://*.segment.io https://*.intercomcdn.com https://*.intercom.io wss://*.intercom.io https://api.mixpanel.com https://*.hotjar.com:* wss://*.hotjar.com https://*.google-analytics.com https://*.clearbit.com https://vimeo.com https://*.vimeo.com https://*.g.doubleclick.net https://*.googleapis.com https://*.layer.com wss://*.layer.com https://*.mxpnl.net; frame-src https://vars.hotjar.com https://connect.facebook.net https://*.facebook.com https://www.youtube.com https://player.vimeo.com; child-src https://vars.hotjar.com; script-src 'unsafe-inline' https: 'self' 'unsafe-eval'; report-uri https://sentry.io/api/670553/security/?sentry_key=3c9b913593da4ea197eae952e4f3d5d9 3
frame-ancestors 'self' https://www.cv.lv https://www.cv.ee https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt; 3
frame-ancestors *.splunk.com *.touchcast.com 3
frame-ancestors 'self' *.vice.com *.viceland.com viceland.com viceland.nl vicesports.nl vicemoney.nl vicebelgique.com 3
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; frame-ancestors * 'self' 3
default-src 'unsafe-inline' https:; img-src data: https: 3
frame-ancestors 'self' tableau.joblocal.de 3
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 3
default-src 'self'; child-src 'self' blob:; img-src 'self' data: blob: *; media-src 'self' blob: *; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; worker-src blob:; connect-src 'self' data: blob: * wss://*; frame-src 'self' *; frame-ancestors 'self' * 3
script-src https: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' charts3.equitystory.com www.google-analytics.com maps.gstatic.com maps.googleapis.com maps.google.com fonts.gstatic.com api.stream24.net hmmh.scnem.com www.w3.org 128.30.52.100; script-src 'self' charts3.equitystory.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com www.google-analytics.com maps.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' charts3.equitystory.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' charts3.equitystory.com maps.gstatic.com maps.googleapis.com maps.google.com khms0.googleapis.com khms1.googleapis.com data: www.w3.org 3
default-src https: 'self'; base-uri 'self' optimize.google.com; block-all-mixed-content; connect-src 'self' *.braintreegateway.com camaloon-web.s3-eu-west-1.amazonaws.com *.camaloon.media *.cloudfront.net *.doubleclick.net *.fullstory.com *.google-analytics.com *.hotjar.com *.mstrlytcs.com *.optmstr.com *.optmnstr.com sentry.io *.typekit.net *.braintree-api.com wss://*.hotjar.com; font-src 'self' data: *.fontawesome.com *.gstatic.com *.typekit.net *.hotjar.com; form-action 'self' connect.facebook.net www.facebook.com; frame-ancestors 'none'; frame-src 'self' *.braintreegateway.com *.criteo.com *.facebook.com *.hotjar.com *.kaptcha.com *.livechatinc.com optimize.google.com *.stripe.com *.youtube.com; img-src data: blob: *; media-src 'self'; object-src 'self'; plugin-types application/pdf; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.bing.com *.cloudflare.com *.criteo.net *.criteo.com *.emsecure.net *.facebook.net fullstory.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.google.com *.googleapis.com *.hotjar.com *.livechatinc.com *.newrelic.com *.nr-data.net *.salesforceliveagent.com *.typekit.net *.stripe.com *.ravenjs.com *.optnmnstr.com *.optmstr.com 1191.xg4ken.com; style-src 'unsafe-inline' 'self' *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.typekit.net; upgrade-insecure-requests 3
frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg 3
object-src 'none' 3
default-src 'self'; frame-src 'none'; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 3
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; 3
frame-ancestors 'self' http://allmed.mdlink.org https://allmed.mdlink.org http://allmedx.com https://allmedx.com https://demo.allmedx.com https://dev.allmedx.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.natfuel.com *.nationalfuelgas.com nationalfuel.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com bs.serving-sys.com player.vimeo.com www.google.com bs.serving-sys.com secure-ds.serving-sys.com us.lkqd.net 8276147.fls.doubleclick.net stats.g.doubleclick.net phx.corporate-ir.net code.jquery.com secure.adnxs.com data: 3
default-src 'self' wss://www.mataharirama.xyz wss://mataharirama.xyz http://www.mataharirama.xyz https://www.mataharirama.xyz http://www.mataharirama.xyz http://www.mataharirama.xyz wss://www.reasedoper.pw wss://nathetsof.com wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://reasedoper.pw https://reasedoper.pw wss://sparnove.com wss://www.sparnove.com https://sparnove.com http://sparnove.com https://pagead2.googlesyndication.com https://api.push.world/ http://banners.mlgame.org https://*.pozvonim.com/ http://api.pozvonim.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self'  blob: ;img-src * data:;media-src *;font-src *;script-src http://vuryua.ru/ https://adservice.google.de/ http://sparnove.com https://sparnove.com http://zstat.org https://zstat.org https://gridiogrid.com/ https://www.gridiogrid.com/ http://www.gridiogrid.com/ https://wwwgridiogrid.com/ http://bstat.org/  http://igrid.org/ http://ogrid.org/ http://code.moviead55.ru http://mataharirama.xyz http://rigaletto.info/ https://cdnjs.cloudflare.com/ http://syndication.exdynsrv.com https://syndication.exdynsrv.com http://vogozaw.ru http://cdn.jsdelivr.net https://cdn.jsdelivr.net http://adcentr.info https://adcentr.info http://listat.org https://listat.org https://static.reasedoper.pw http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com http://static.reasedoper.pw http://polldaddy.com/ https://relap.io/ http://*.poll.fm/ https://relboxru.push.world http://vogorana.ru/ http://vogozaq.ru/ http://videopotok.pro/ http://youtuibes.com http://t.insigit.com/ http://front.facetz.net http://kitbit.net/ http://*.pluso.ru http://*.pinterest.com 'self' http://m.addthis.com/ http://wqogrp.yjgmmpkot.xyz/ http://m.addthisedge.com/ http://myhit.cc http://zdravv.ru/ http://zebroid.tv/ http://*.linkedin.com/ http://api.pinterest.com/ http://feeds.delicious.com/ https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ https://*.pozvonim.com/ http://*.pozvonim.com/ http://rt.intarget.ru/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' https://gridiogrid.com/ wss://gridiogrid.com/ https://ogrid.org wss://www.igrid.org wss://www.mataharirama.xyz https://mataharirama.xyz https://www.mataharirama.xyz wss://mataharirama.xyz http://api.pozvonim.com/ https://api.push.world/ https://static.reasedoper.pw/ http://nathetsof.com https://nathetsof.com wss://nathetsof.com wss://www.nathetsof.com wss://www.reasedoper.pw/ wss://sparnove.com wss://www.sparnove.com http://sparnove.com https://sparnove.com http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 3
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 3
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 3
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com; 3
frame-ancestors 'self'; report-uri /error/csp/ 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st  https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com www.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' *.googlesyndication.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' *.facebook.com https://*.facebook.com  bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 3
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 3
default-src 'self' http://oebb.at https://oebb.at http://*.oebb.at https://*.oebb.at http://*.nightjet.com https://*.nightjet.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.googleapis.com http://*.twitter.com https://*.twitter.com http://*.twimg.com https://*.twimg.com; script-src 'self' 'unsafe-eval' https://apis.google.com https://*.googleapis.com http://connect.facebook.net https://connect.facebook.net http://platform.twitter.com https://platform.twitter.com http://cdn.syndication.twimg.com https://cdn.syndication.twimg.com http://*.oebb.at https://*.oebb.at http://*.nightjet.com https://*.nightjet.com; img-src 'self' http://*.oebb.at https://*.oebb.at http://*.nightjet.com https://*.nightjet.com https://*.gstatic.com https://*.googleapis.com http://*.ytimg.com https://*.ytimg.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com http://*.twimg.com https://*.twimg.com data:; child-src http://*.oebb.at https://*.oebb.at http://*.nightjet.com https://*.nightjet.com https://*.google.com https://*.googleapis.com https://www.youtube-nocookie.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com https://roundme.com https://*.yumpu.com; font-src 'self' http://oebb.at https://oebb.at http://*.oebb.at https://*.oebb.at http://*.nightjet.com https://*.nightjet.com https://*.gstatic.com; 3
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 3
default-src 'none'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 3
frame-ancestors 'self' *.eur.nl 3
frame-ancestors 'self' homedna.com *.homedna.com 3
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com 3
Content-Security-Policy: default-src 'self' *.facebook.com 3
frame-ancestors 'self' https://gattaca-helix.my.salesforce.com/ 3
default-src 'self'; connect-src 'self' https://media.manufactum.de https://*.scene7.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data:  https://*.econda-monitor.de https://manufactum.scene7.com https://media.manufactum.de https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; child-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/; frame-src blob: https://*.econda-monitor.de https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/; worker-src blob:; media-src blob: 'self' https://media.manufactum.de https://*.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://media.manufactum.de https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/  https://*.econda-monitor.de https://www.googletagmanager.com https://www.google-analytics.com 'sha256-24E9spO23svDkTBI3pZ9OBMtJ9sLH2RiAbSkYdi/38c=' 'sha256-RK5gWrwaWY7/F6AUGQ9ZmFFw6206P+y8yxL2hevtowc='; style-src 'self' 'unsafe-inline' https://media.manufactum.de; report-uri /sell/csp-violation; base-uri 'self' 3
default-src *; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://apis.google.com https://*.doubleclick.net https://*.liveperson.net https://*.lpsnmedia.net https://*.liveengage.net https://*.liveengage.com https://*.liveper.sn https://*.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com *.amazonaws.com https://*.googleapis.com https://*.newscred.com https://*.googleadservices.com https://connect.facebook.net https://*.creativevirtual.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://*.newscred.com https://*.googleadservices.com https://*.jwpcdn.com https://*.creativevirtual.com; img-src 'self' data: * https://ssl.google-analytics.com; font-src 'self' fonts.gstatic.com https://*.jwpcdn.com https://*.creativevirtual.com; media-src blob: 'self' https://*.lpsnmedia.net *.speechstream.net https://*.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpsrv-vh.akamaihd.net; child-src blob: 'self' https://*.liveperson.net https://*.lpsnmedia.net https://*.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://*.doubleclick.net; frame-src blob: 'self' https://*.liveperson.net https://*.lpsnmedia.net https://*.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://*.doubleclick.net https://www.google.com https://accounts.google.com https://*.googleapis.com https://www.facebook.com https://*.googletagmanager.com; report-uri https://motability.report-uri.io/r/default/csp/enforce 3
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.proworkflow.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.proworkflow.com; img-src 'self' https://ajax.googleapis.com https://www.proworkflow.com; 3
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: 3
frame-ancestors  'self' *.pnet.ch 3
script-src 'self' 'sha256-u+aCXkZ2XefrjHhNZFWe8P3pdCxdk47Veuswsv04La8=' 'sha256-W5fUfS0ItaZy4hU0XLFC9QUXch2tdEfp4AGMu2rZT/0=' 'sha256-k9KVTHXTtxfGbjnSKNDkS77/VtwJTftbb2Nf35eQDPw=' 'sha256-Q79vKoiPq4dadtPwJP5UZmwV/mKyRrBwguHaZFqgKSw=' *.iubenda.com data: www.google-analytics.com blob: https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://www.googletagmanager.com/gtag/; img-src data: 'self' www.google.de www.google.com www.google-analytics.com stats.g.doubleclick.net 3
default-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com data: 'unsafe-eval' 'unsafe-inline' 3
script-src                     'self'                     *.googleapis.com                     maps.google.de                     *.gstatic.com                     *.google-analytics.com                     *.googletagmanager.com                     test-rdsrv-frd.mehrkanal.com                     rdsrv-frd.mehrkanal.com                     cdn.frd-dws.de 		    frd-dws-piwik.mehrkanal.com                     display.ugc.bazaarvoice.com                     apps.nexus.bazaarvoice.com                     api.bazaarvoice.com                     analytics-static.ugc.bazaarvoice.com                     'unsafe-inline'                     'unsafe-eval' ; object-src 'self' 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src 'self' *.gstatic.com *.embedly.com data:;connect-src 'self' *.reddit.com *.akamaihd.net; media-src * blob: data: 'self'; object-src 'self'; frame-src * ; worker-src 'self' blob: data: ; form-action *; upgrade-insecure-requests; block-all-mixed-content; 3
default-src 'none'; connect-src 'self' *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.twitter.com *.twimg.com freegeoip.net cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.googleapis.com; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com; style-src 'self' *.google.com *.twitter.com *.twimg.com 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3
default-src https: 'unsafe-inline' data: 'unsafe-eval' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googleapis.com bat.bing.com widget.trustpilot.com static.cgb.fr static.pumpup.fr; base-uri 'self'; 3
default-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * ; connect-src * ; 3
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com http://rum-collector-2.pingdom.net data: maps.googleapis.com;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src 'self' data: fonts.gstatic.com;     img-src 'self' data: asset.piraeusbank.gr https://maps.google.com assets.piraeusbank.gr   assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com http://rum-collector.pingdom.net  'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com 3
default-src 'self'; script-src data: https://share.yandex.ru *.marketgid.com static.criteo.net https://www.google-analytics.com https://connect.ok.ru https://www.google.com www.googletagmanager.com https://www.gstatic.com https://*.vk.com https://vk.com https://graph.facebook.com https://connect.mail.ru 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.googleapis.com 'self' 'unsafe-inline'; img-src data: https://img-24x7.com *.marketgid.com *.tovarro.com *.trafmag.com *.mixmarket.biz rtb.com.ru cooster.ru recreativ.ru https://www.google-analytics.com yastatic.net check.googlezip.net https://www.gstatic.com https://vk.com https://www.google.ru 'self'; font-src data: https://fonts.gstatic.com 'self'; connect-src bidder.criteo.com https://graph.facebook.com 'self'; frame-src ybnotification: https://streamstorm.online https://streamguard.cc https://www.youtube.com https://vk.com https://*.vk.com https://*.yandex.ru https://www.google.com 'self' 3
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 3
frame-ancestors 'none' ; 3
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src * data:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com blob: data:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 3
frame-ancestors 'self' http://webvisor.com; 3
default-src 'self' https://www.thevalkyrie.com http://www.thevalkyrie.com 3
default-src 'self' yastatic.net *.yandex.ru *.yandex.net *.googlesyndication.com *.disqus.com; style-src 'unsafe-inline' *;frame-src 'self' yastatic.net *.yastatic.net *.disqus.com *.vimeo.com *.youtube.com *.doubleclick.net *.s2block.com *.tizerlady.biz *.travelpayouts.com *.tizerlady.info *.lcads.ru *.google.com *.directadvert.ru *.yandex.st *.leadiacloud.com *.yandex.ru s3-eu-west-1.amazonaws.com *.googleapis.com *.s1block.com s1block.com *.s1venus.biz *.ladycash.ru vk.com *.facebook.com *.facebook.net *.twitter.com *.googlesyndication.com *.cloudfront.net; img-src * data:;media-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.st *.disqus.com *.yastatic.net *.yandex.net *.s2block.com *.tizerlady.biz *.copyright-law.ru *.tizerlady.info *.str100.ru *.lcads.ru *.google.com *.directadvert.ru *.yandex.st *.leadiacloud.com *.yandex.ru *.googleapis.com *.s1venus.biz *.ladycash.ru vk.com s1block.com *.s1block.com *.facebook.com *.facebook.net *.twitter.com *.googlesyndication.com *.google.ru *.yastatic.net yastatic.net *.cloudfront.net; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru recreativ.ru vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com  https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net *.recreativ.ru *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://wizardmedia.org tor.7x7x.ru https://amigomedia.org advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru videosmor.com *.videosmor.com push-centr.net push-plus.net zserials.me v.zserials.me fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net *.marketgid.com *.tovarro.com et-code.ru etarg.ru etcodes.com threedrive.su block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com https://wizardmedia.org tor.7x7x.ru https://amigomedia.org https://syndication.twitter.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: et-code.ru:8040 etcodes.com:8040 ws://et-code.ru:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' http://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com recreativ.ru et-code.ru https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 3
default-src https: data: 'unsafe-inline';script-src 'self' 'unsafe-inline' https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com  https://maps.googleapis.com https://*.tiles.mapbox.com https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com;img-src 'self' https://*.babysits.com https://www.google-analytics.com https://maps.gstatic.com https://bat.bing.com https://www.facebook.com https://www.facebook.net data: blob: ;connect-src 'self' https://www.google-analytics.com https://api.stripe.com https://*.tiles.mapbox.com https://api.mapbox.com https://places.api.here.com;frame-src 'self' https://js.stripe.com https://www.youtube-nocookie.com/;worker-src blob: ;child-src blob: ; 3
frame-ancestors 'self' m.redbydufry.com red-front-sta.dufry.cloud dufryfront.emakina.ch 3
default-src 'self'; img-src 'self' https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; form-action 'self' https://agilemail.createsend.com/ https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe; frame-src https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/; connect-src 'self' https://start.1password.com/ https://start.1password.ca/ https://start.1password.eu/ https://www.google-analytics.com/ https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://www.googleapis.com/ https://createsend.com/t/getsecuresubscribelink; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; prefetch-src https://a.1password.com/ https://a.1password.ca/ https://a.1password.eu/ 3
frame-ancestors 'none'; default-src https: 'unsafe-inline' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com; 3
frame-ancestors https://*.runescape.com:* https://*.jagex.com:* 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; img-src * 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src * 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' ws://* wss://* https: 3
default-src 'self' 'unsafe-inline' 3
default-src * 'unsafe-inline' 'unsafe-eval' data: https://ajax.aspnetcdn.com http://www.freetrademagazines.com https://pd.gophercentral.com https://pmgi.go2cloud.org https://ptv.gophercentral.com https://magazinebonus.com http://www.inforefinery.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://staffprivileges.com https://magazinevoucher.com; 3
frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 3
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 3
img-src https: data: blob:; child-src https:; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 3
default-src * 'self' 'unsafe-inline';img-src * 'self' data: https:; script-src 'self' https://www.googletagmanager.com https://maps.googleapis.com https://developers.google.com https://www.googleadservices.com https://cdn.optimizely.com https://www.youtube.com https://platform.linkedin.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://js.adsrvr.org https://rum-static.pingdom.net https://googleads.g.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://jobadder.com https://apps.jobadder.com https://s.ytimg.com https://calculators.infochoice.com.au https://www.linkedin.com https://tagmanager.google.com data: 'unsafe-inline' 'unsafe-eval'; connect-src * ; upgrade-insecure-requests; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.googleapis.com https://id.cashbackworld.com; img-src 'self' https: data:; font-src 'self' data: https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.gstatic.com https://maps.googleapis.com 3
default-src 'self' * 'unsafe-inline' 'unsafe-eval'; font-src 'self' * data:; 3
frame-ancestors 'self' orange.com *.orange.com *.cops-prp.multimediabs.com *.cops-prod.multimediabs.com *.multimediabs.com; 3
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 3
frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 3
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 3
default-src https: data: 'self' *.1gamepay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.frankcasino.net frank-auth.com livestatisc.com echo.ecortb.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.playngonetwork.com *.curacao-egaming.com *.google-analytics.com  *.casinomodule.com *.onlinetechsupport24.com *.livestatisc.com *.jsdelivr.net track.adform.net *.aventonv.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com *.playngonetwork.com; img-src https: data: blob: 'self'; font-src data: 'self' fonts.gstatic.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.cloudflare.com; connect-src ws: wss: 'self' *.casinomodule.com *.onlinetechsupport24.com *.gs-arcadia.com *.st01-gs-arcadia.com *.playngonetwork.com; 3
frame-ancestors 'self' https://www.kayak.com https://www.kayak.com.ar https://www.kayak.com.br https://www.kayak.com.co https://www.kayak.cl https://www.kayak.com.pe https://www.kayak.com.mx https://www.es.kayak.com https://www.momondo.com/es/ https://www.momondo.com.br https://www.momondo.mx https://www.mundi.com.br/ http://www.kayak.com http://www.kayak.com.ar http://www.kayak.com.br http://www.kayak.com.co http://www.kayak.cl http://www.kayak.com.pe http://www.kayak.com.mx http://www.es.kayak.com http://www.momondo.com/es/ http://www.momondo.com.br http://www.momondo.mx http://www.mundi.com.br 3
frame-ancestors 'self' https://www.facebook.com/ 3
default-src 'self' data: 'unsafe-inline' *; 3
report-uri /cspreport;frame-ancestors 'self' 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net log.pinterest.com platform.twitter.com assets.pinterest.com cdn.syndication.twimg.com cdnjs.cloudflare.com code.jquery.com ssl.google-analytics.com s.swiftypecdn.com use.fontawesome.com cdnjs.cloudflare.com syndication.twitter.com www.gstatic.com www.google.com www.google-analytics.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com; connect-src 'self' search-api.swiftype.com api.sbif.cl s.swiftypecdn.com; img-src 'self' data: ton.twimg.com platform.twitter.com syndication.twitter.com stats.g.doubleclick.net www.google-analytics.com pbs.twimg.com ssl.google-analytics.com cc.swiftype.com; style-src 'self' 'unsafe-inline' ton.twimg.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com s.swiftypecdn.com; frame-src 'self' www.facebook.com staticxx.facebook.com syndication.twitter.com platform.twitter.com www.google.com www.gstatic.com www.sbif.cl;  3
default-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src https:;                 script-src https: https://optimize.google.com 'unsafe-inline' 'unsafe-eval';                 style-src https: https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';                 img-src https: data: https://optimize.google.com;                 font-src * data:;                 frame-src https: https://optimize.google.com;                 child-src https: 'self' https://optimize.google.com;                 connect-src https: wss: 'self' *.hotjar.com 3
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 3
upgrade-insecure-requests; referrer no-referrer-when-downgrade 3
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; 3
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com; 3
frame-ancestors www.youtube.com www.googletagmanager.com resursbank.se.localhost *.resursbank.se.localhost *.resursbank.se *.resursbank.no *.resursbank.fi *.resursbank.dk 3
script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 3
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data: 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self'; upgrade-insecure-requests; 3
frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 3
child-src 'self' *.google.com *.youtube.com *.facebook.com *.twitter.com *.linkedin.com; frame-ancestors 'self'; report-uri https://sentry.kiosk.tm/api/32/csp-report/?sentry_key=3f3709c15ebe47edaaac0c519e69de9c 3
script-src 'self' maps.googleapis.com; style-src 'self' fonts.googleapis.com; report-uri /v2/csp-violations/report 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 3
default-src *; style-src * 'unsafe-inline'; font-src * data:; img-src * data:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; media-src * blob: 3
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com 3
default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 3
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 3
frame-ancestors http://www.homesinswriversidecounty.com/ 3
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com jsonip.com js.usemessages.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://cdn.decibelinsight.net www.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 3
true 3
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval' 3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.tilehosting.com *.report-uri.com; font-src 'self' *.gstatic.com data:; form-action 'self' *.planetromeo.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net; style-src 'self' 'unsafe-inline' *.googleapis.com; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; report-uri https://planetromeo.report-uri.com/r/t/csp/enforce; 3
frame-ancestors www.globalblue.com www.globalblue.cn www.globalblue.ru secure.globalblue.com 3
upgrade-insecure-requests; report-uri https://feldman.report-uri.com/r/d/csp/enforce 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://common.higcapital.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://pi.pardot.com ; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://*.ivenue.com 3
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 3
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 3
default-src * data: 'unsafe-inline' 'unsafe-eval' ; 3
default-src 'self' data: gap: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://service.maxymiser.net https://*.iesnare.com https://*.netspend.net https://*.paypal.com; connect-src 'self' gap: file: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://*.netspend.net https://*.hockeyapp.net https://*.propay.com https://*.appsflyer.com https://*.onelink.me *.westernunion.com; frame-src gap: https://*.linksynergy.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://service.maxymiser.net https://web.idologylive.com https://*.netspend.net https://*.netspend.com; font-src 'self' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com *.googleapis.com *.gstatic.com https://service.maxymiser.net; img-src 'self' data: blob: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.co.uk *.googletagmanager.com https://stats.g.doubleclick.net https://images.cardlytics.com https://*.linksynergy.com https://service.maxymiser.net https://*.netspend.net https://static.helpjuice.com; object-src https://*.iesnare.com; style-src 'self' 'unsafe-inline' https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com https://tagmanager.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.acebusinessselectcard.com https://*.aceelitecard.com https://*.aceflareaccount.com https://*.brinksprepaidmastercard.com https://*.hebprepaid.com https://*.netspend.com https://*.paypal-prepaid.com https://*.gowithpurpose.com https://*.umb.com https://*.wunetspendprepaid.com https://*.wuallaccess.com https://*.netspendallaccess.com https://*.mileageplusgo.com https://*.mycontrolcard.com https://*.gianteagleprepaid.com https://*.transact711.com https://*.meijerprepaidcard.com https://*.skylightpaycard.com https://*.skylightallaccess.com https://*.mynetspend.com https://*.brinkspaycard.com https://*.brinksmoney.com https://*.everydayselectrewards.com https://*.brinksmoneyallaccess.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.googleadservices.com https://intljs.rmtag.com https://113.xg4ken.com https://*.linksynergy.com https://service.maxymiser.net https://*.netspend.net https://*.hockeyapp.net https://*.acecashexpress.com https://*.force.com https://*.iesnare.com https://*.iovation.com https://*.appsflyer.com https://*.onelink.me *.propay.com *.westernunion.com; report-uri /webapi/v2/csp/report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https:; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 3
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://maps.google.com https://apis.google.com https://www.google-analytics.com https://*.googleapis.com *.gstatic.com ; child-src 'self' https://accounts.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com ;  3
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
frame-ancestors 'self' https://id.unity.com 2
frame-ancestors *.adobe.com 2
frame-ancestors potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com 2
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 2
frame-ancestors 'self' *.commentcamarche.net; 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw 2
script-src * 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' *.adocean.pl *.pl.ing-ad *.ingbank.pl *.ing.pl; font-src 'self' *.ingbank.pl *.ing.pl themes.googleusercontent.com *.googleapis.com *.pl.ing-ad *.gstatic.com tagmanager.google.com data:; style-src 'self' 'unsafe-inline' code.jquery.com *.ingbank.pl *.ing.pl *.googleapis.com www.google.com *.pl.ing-ad *.gstatic.com tagmanager.google.com s.ytimg.com https://www.ytimg.com; img-src 'self' data: clients1.google.com www.google.pl https://www.i1.ytimg.com https://img.youtube.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net *.google-analytics.com *.pl.ing-ad *.gstatic.com tagmanager.google.com *.domy.pl *.hit.gemius.pl *.ggpht.com *.olx.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.ing.pl content.ingbank.pl *.doubleclick.net *.googleapis.com www.google.com *.demdex.net; frame-src 'self' *.ingbank.pl *.ing.pl *.doubleclick.net *.demdex.net www.google.com www.youtube.com *.pl.ing-ad https://www.youtube.com *.hit.gemius.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com assets.adobedtm.com *.adocean.pl https://www.oauth.googleusercontent.com *.google-analytics.com *.pl.ing-ad *.gstatic.com tagmanager.google.com *.hit.gemius.pl ingbankslaski.d3.sc.omtrdc.net code.jquery.com www.googletagmanager.com *.ingbank.pl *.ing.pl *.doubleclick.net *.googleapis.com www.google.com *.demdex.net www.youtube.com https://www.fbstatic-a.akamaihd.net https://www.apis.google.com https://www.youtube.com s.ytimg.com data:; object-src 'self' *.pl.ing-ad *.ingbank.pl *.ing.pl; connect-src 'self' ingbankslaski.d3.sc.omtrdc.net https://*.twilio.com *.ingbank.pl *.ing.pl wss://*.twilio.com *.adocean.pl *.demdex.net ingbankslaski.d2.sc.omtrdc.net *.pl.ing-ad *.hit.gemius.pl; frame-ancestors 'self' *.demdex.net *.pl.ing-ad *.ingbank.pl *.ing.pl;  2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
default-src 'self' *.utraff.com https://tr.kinopoisk.ru https://*.cdn.yandex.net adfill.me *.stickyadstv.com *.streamrail.com; connect-src 'self' kodikapi.com vidozzz.com stat.moevideo.net threedrive.su m-shes.ru loadercdn.com admachina.com *.klcheck.com *.zmctrack.net boostervideo.ru *.piguiqproxy.com *.amgload.net *.smcheck.org *.rcdn.pro trustjs.net https://ad.adriver.ru aj1433.online *.bannersvideo.com vidsummer.com greeentea.ru novbrom.com boogieiwoogie.ru https://ytimgg.com/ level1cdn.com *.adhigh.net vidalak.com *.mediawayss.com *.betweendigital.com *.doubleclick.net *.googlesyndication.com https://fseed.ru/ wss://wsp.marketgid.com/ws wss://bgrndi.com:8041/ wss://et-code.ru:7443 *.cdn.yandex.net *.yandex.ua https://mc.yandex.ru/ http://*.onedmp.com https://xdgeph.ru/ d38dub.ru csp-oz66pp.ru; style-src 'self' 'unsafe-inline' *; frame-src 'self' data: *.youtube.com *.webmoney.ru *.googleapis.com *.google.com *.doubleclick.net *.kinotreiler.com pirateplayer.com duvideo.net blob: *.bannersvideo.com *.advertserve.com serving.adbetclickin.pink bannersvideo.com *.adbetnet.com video-play.ru moevideo.biz playreplay.me playreplay.net thesame.tv m-shes.ru threedrive.su vk.com login.vk.com kodik.cc hdgo.top hdsrch.com vidozzz.com; img-src * data: blob:; object-src 'self' data:; media-src *; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com http://cdn.mirs.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.googlesyndication.com https://mc.yandex.ru http://mc.yandex.ru https://ajax.googleapis.com https://ajax.googleapis.com *.google.com.ua *.google.com *.googleapis.com *.youtube.com an.yandex.ru *.kinotreiler.com vidalak.com apicaller.ru level1cdn.com www.gstatic.com https://yandex.st http://clck.yandex.ru kodik.cc *.hdgo.top hdgo.top hdbaza.com hdsrch.com *.marketgid.com *.tovarro.com *.moatads.com trafmag.com ad.adriver.ru trustjs.net recreativ.ru video-play.ru moevideo.biz m-shes.ru octoclick.net serving.adbetclickin.pink *.bannersvideo.com json.bannersvideo.com adbetnet.advertserve.com *.adbetnet.com utarget.ru threedrive.su vk.com yastatic.net 2
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com http://platform.twitter.com https://platform.twitter.com https://syndication.twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false;; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://platform.twitter.com https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ 'unsafe-eval'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://syndication.twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 2
frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com; 2
default-src 'self'; img-src 'self' data: smetrics.bankaustria.at bs.serving-sys.com track.adform.net img.youtube.com www.facebook.com unicreditgroup.122.2o7.net googleads.g.doubleclick.net www.google.com www.google.at www.google.de f1.eu.readspeaker.com webapps.bankaustria.at maps.gstatic.com maps.googleapis.com www.cashbackonline.at www.gstatic.com f1-eu.readspeaker.com http://www.bankaustria.at http://webapps.bankaustria.at media.readspeaker.com collect.tealiumiq.com cdn.tagcommander.com manager.tagcommander.com manager.commander1.com engage.commander1.com sync.commander1.com bankaustria.commander1.com; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com fonts.googleapis.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bankaustria.at www.googleadservices.com googleads.g.doubleclick.net f1-eu.readspeaker.com connect.facebook.net bs.serving-sys.com secure-ds.serving-sys.com maps.googleapis.com ahc-prod.tetralog-it.de track.adform.net cdn.tagcommander.com bankaustria.commander1.com www.googletagmanager.com; frame-src 'self' www.youtube.com *.bankaustria.at bid.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com service.rs-software.at connect.facebook.net cdn.tagcommander.com; frame-ancestors 'self' *.bankaustria.at; connect-src 'self' webapps.bankaustria.at www.bankaustria.at wss://www.bankaustria.at ahc-prod.tetralog-it.de bs.serving-sys.com www1.emarsys.net; font-src 'self' fonts.gstatic.com data:; media-src 'self' http://www.bankaustria.at rstts-eu.readspeaker.com app-eu.readspeaker.com 2
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' http://*.gobdigital.gba.gob.ar  https://*.gobdigital.gba.gob.ar; 2
frame-ancestors 'self' *.ign.com; 2
connect-src 'self' ru.fp.kaspersky-labs.com *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru https://api.tinkoff.ru https://rci.tinkoff.ru https://cfg.tinkoff.ru https://business.tinkoff.ru https://api.tinkoffinsurance.ru wss://api.tinkoff.ru wss://cobrowsing.tinkoff.ru wss://cobrowsing.tinkoff.ru:443 wss://cobrowsing-dev.tcsbank.ru wss://cobrowsing-dev.tcsbank.ru:443 *.visualwebsiteoptimizer.com;default-src 'self' www.cdn-tinkoff.ru *.webim.ru *.pool.datamind.ru *.tcsbank.ru *.tinkoff.ru;frame-src api-maps.yandex.ru www.youtube.com youtu.be zingaya.com *.omniture.com 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.datamind.ru *.visualwebsiteoptimizer.com app.vwo.com *.demdex.net bid.g.doubleclick.net;img-src data: vk.com *.sravni.ru www.facebook.com/tr/ *.g.doubleclick.net www.googleadservices.com www.google.com www.google.ru www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net www.banki.ru *.yandex.ru *.yandex.net *.bugsnag.com *.2o7.net *.visualwebsiteoptimizer.com api.tinkoff.ru 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru www.cdn-tinkoff.ru *.pool.datamind.ru cm.everesttech.net *.demdex.net statad.ru *.tinkoffjournal.ru;report-uri https://api.tinkoff.ru/v1/log?component=platform&level=error&cspReport;script-src 'unsafe-eval' 'unsafe-inline' *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.visualwebsiteoptimizer.com connect.facebook.net api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru ru.fp.kaspersky-labs.com www.youtube.com/iframe_api s.ytimg.com 'self' *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru app.vwo.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.ru;style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.pool.datamind.ru www.cdn-tinkoff.ru app.vwo.com *.visualwebsiteoptimizer.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com 2
frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; report-uri /json/csp-violation 2
frame-ancestors *.shockwave.com *.addictinggames.com *.smosh.com *.break.com *.thegloss.com *.crushable.com *.gurl.com *.teen.com *.mademan.com *.escapistmagazine.com *.blisstree.com *.thegrindstone.com *.mommyish.com 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net; 2
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 2
frame-ancestors 'self' *.ally.com; 2
frame-ancestors 'self' https://*.etracker.com 2
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 2
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2
frame-ancestors 'self' farmers.marketing.adobe.com 2
report-uri /csp-report.php; default-src 'none'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net; connect-src 'self' https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors 'self' http://dds-simplicit-prod.s3-website-ap-southeast-2.amazonaws.com http://dds-simplicit-v2-prod.s3-website-ap-southeast-2.amazonaws.com https://test.salesforce.com; 2
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.greenwichcompliance.com; 2
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com   ; frame-src 'self' *.indeed.com  https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 2
frame-ancestors https://*.chasepaymentechhostedpay.com https://*.clevelandclinic.org http://*.clevelandclinic.org 2
frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src 'self'; script-src 'self'; 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com *.adp.com; 2
frame-ancestors https://www.psegliny.com;default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ 2
default-src 'self' https://sb.scorecardresearch.com 'unsafe-inline' 'unsafe-eval' data: https: blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; 2
default-src 'self'; img-src * data:; media-src *; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' go.ero-advertising.com juicyads.com *.juicyads.com crate.widgetbot.io *.pantsu.cat * ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; child-src juicyads.com *.juicyads.com widgetbot.io *; connect-src 'self' r.remarketingpixel.com *.urldelivery.com go.ero-advertising.com etahub.com n.pc1ads.com native.propellerads.com syndication.exosrv.com *.exosrv.com *.widgetbot.io pagead2.googlesyndication.com *.googlesyndication.com; 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.googleapis.com *.youtube.com *.ytimg.com *.gstatic.com cse.google.com www.google.com *.googletagmanager.com tagmanager.google.com survey.g.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com www.google.com tagmanager.google.com; report-uri /csp/report/; default-src 'self' *.gstatic.com g-design.storage.googleapis.com storage.googleapis.com; frame-src 'self' www.google.com *.googleusercontent.com www.youtube.com accounts.google.com apis.google.com plus.google.com cse.google.com survey.g.doubleclick.net; img-src 'self' data: s.ytimg.com *.googleusercontent.com *.gstatic.com www.google-analytics.com storage.googleapis.com www.gravatar.com www.googleapis.com www.google.com clients1.google.com stats.g.doubleclick.net survey.g.doubleclick.net *.google.com; connect-src 'self' plus.google.com www.google-analytics.com; font-src 'self' themes.googleusercontent.com *.gstatic.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.facebook.com *.sociomantic.com *.twitter.com *.google-analytics.com *.youtube.com *.googletagmanager.com *.everestjs.net *.googletagservices.com connect.facebook.net s.ytimg.com *.recreativ.ru userapi.com js-agent.newrelic.com t.trafmag.com code.jquery.com *.olark.com cpa.trafmag.com trafmag.utarget.ru trafmag.com *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com recreativ.ru rozetka.com.ua clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com youtube.com everestjs.net googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com *.bootstrapcdn.com j-mirror.com.ua proschet.branderstudio.com market.darovec.com s.go-mpulse.net paypartslimit.privatbank.ua calc.delta.branderstudio.com ua.tronsmart.com *.rozetka.com.ua *.rozetka.ua rozetka.ua; 2
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 2
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; 2
frame-ancestors 'self' blank;object-src 'self' blank; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.trustarc.com connect.facebook.net cdnjs.cloudflare.com www.googletagmanager.com tagmanager.google.com https://remote.captcha.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://code.jquery.com ssl.google-analytics.com https://s3.amazonaws.com/scripts-clickmeter-com/js/go.js https://player.vimeo.com https://www.gstatic.com ajax.googleapis.com www.google-analytics.com munchkin.marketo.net snap.licdn.com https://maxcdn.bootstrapcdn.com consent.truste.com consent.trustarc.com staticxx.facebook.com www.facebook.com googleads.g.doubleclick.net www.googleadservices.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.linkedin.com https://dc.ads.linkedin.com https://ssl-munchkin.marketo.net https://apis.google.com https://platform.twitter.com https://boards.greenhouse.io https://cdn.walkme.com https://d3sbxpiag177w8.cloudfront.net https://translate.google.com https://translate.googleapis.com https://hire.withgoogle.com; img-src 'self' https://www.trustarc.com https://s3-us-west-1.amazonaws.com https://www.truste.com https://info.trustarc.com http://static.truste.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com https://web.facebook.com https://maps.gstatic.com https://privacy-policy.truste.com https://login.truste.com www.facebook.com www.google.com consent.trustarc.com www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://ssl.google-analytics.com https://static.licdn.com data: https://stats.g.doubleclick.net https://www.linkedin.com https://syndication.twitter.com https://ec.walkme.com https://googleads.g.doubleclick.net https://choices.trustarc.com https://translate.googleapis.com https://translate.google.com https://www.google.ca https://secure.gravatar.com; frame-src 'self' https://www.trustarc.com https://player.vimeo.com staticxx.facebook.com https://info.trustarc.com consent-pref.trustarc.com https://www.youtube.com https://www.google.com https://download.trustarc.com https://platform.twitter.com https://www.facebook.com https://platform.linkedin.com https://apis.google.com https://syndication.twitter.com https://accounts.google.com https://boards.greenhouse.io https://cdn.walkme.com consent-pref.truste.com https://hire.withgoogle.com; font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'unsafe-inline' 'self' https://www.trustarc.com fonts.googleapis.com tagmanager.google.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com; connect-src 'self' 846-llz-652.mktoresp.com https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://ec.walkme.com https://translate.googleapis.com https://trackerapi.trustarc.com https://hire.withgoogle.com; frame-ancestors 'self' https://info.trustarc.com https://download.trustarc.com assess.truste.com assess-stage.truste.com gda-dev.truste-svc.net; 2
default-src 'self'; connect-src 'self'; frame-src 'self'; img-src 'self' https://www.google-analytics.com/; font-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ 2
block-all-mixed-content; upgrade-insecure-requests 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com  https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' ; 2
frame-ancestors 'self' tirolversand.it catalogi.ru *.tirolversand.it *.catalogi.ru 2
default-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de ; script-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de data: ; style-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de 'unsafe-inline'; frame-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de https://www.google.com/recaptcha/; font-src 'self' https://myfritz.net https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net *.avm.de data:; 2
frame-src 'self' https://www.terminland.de *.datev.de *.novomind.com 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
frame-ancestors  oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca  *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca 2
frame-ancestors 'self' *.sitecore.net *.sitecore.com 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
frame-ancestors 'self' https://beeem.co; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io 2
frame-ancestors 'self' https://mpv.orcasnet.com/ https://psa.digitalinsight.com/  https://www.elevationsbanking.com 2
default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' data: www.google-analytics.com 2
allow 'self'; options inline-script 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pnc.com assets.adobedtm.com cdn.dashjs.org content.pncmc.com *.mtrcs.samba.tv unpkg.com *.rfihub.com *.googleadservices.com *.en25.com *.lpsnmedia.net *.liveperson.net *.google.com *.pinterest.com ajax.googleapis.com connect.facebook.net *.pncint.net *.assets.adobedtm.com *.content.pncmc.com *.googletagmanager.com www.gstatic.com *.eloqua.com snap.licdn.com staticxx.facebook.com secure.quantserve.com cdn5.userzoom.com www.adobetag.com cdnjs.cloudflare.com analytics.convertlanguage.com *.pinimg.com espncbank.convertlanguage.com bat.bing.com scripts.demandbase.com pncbankpnccom.mpeasylink.com espncbankqa.convertlanguage.com www.bizographics.com *.linkedin.com *.pncsites.com secure.adnxs.com fast.fonts.net pixel.mathtag.com maps.googleapis.com assets.contently.com apps.pnc.com code.jquery.com ajax.aspnetcdn.com platform.twitter.com *.instagram.com *.xg4ken.com googleads.g.doubleclick.net *.quantcount.com blob: *.userzoom.com *.googletagservices.com securepubads.g.doubleclick.net *.pncriverarch.com *.riverarch.com *.riverarchcapital.com *.pncriverarcapital.com *.riverarchcap.com *.pncriverarchcap.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.pnc.com content.pncmc.com *.pncint.net *.content.pncmc.com ajax.googleapis.com espncbank.convertlanguage.com fast.fonts.net *.pncsites.com translate.googleapis.com fonts.googleapis.com code.jquery.com platform.twitter.com *.instagram.com *.xg4ken.com googleads.g.doubleclick.net *.userzoom.com *.pncriverarch.com *.riverarch.com *.riverarchcapital.com *.pncriverarcapital.com *.riverarchcap.com *.pncriverarchcap.com;child-src 'self' *.pnc.com pncbank.demdex.net assets.adobedtm.com *.rfihub.com *.pinterest.com *.doubleclick.net *.lpsnmedia.net *.pncint.net *.pncbank.demdex.net *.assets.adobedtm.com staticxx.facebook.com sales.liveperson.net players.brightcove.net s.amazon-adsystem.com pnc.financialliteracy101.org connect.facebook.net www.google.com/maps *.eloqua.com blob: *.google.com/maps google.com/maps *.leadfusion.com gs.leadfusion.com cmsstg.leadfusion.com platform.twitter.com *.instagram.com *.xg4ken.com googleads.g.doubleclick.net *.userzoom.com *.pncriverarch.com *.riverarch.com *.riverarchcapital.com *.pncriverarcapital.com *.riverarchcap.com *.pncriverarchcap.com;form-action 'self' *.pnc.com *.pncint.net *.pncbank.com *.timetradesystems.com *.timetrade.com staticxx.facebook.com control.akamai.com secure.opinionlab.com *.eloqua.com *.amazon-adsystem.com connect.facebook.net ; frame-ancestors *.pnc.com *.pncint.net pncvoduniversal-a.akamaihd.net pncvoduniversal-vh.akamaihd.net  platform.twitter.com *.instagram.com *.xg4ken.com googleads.g.doubleclick.net *.userzoom.com *.pncriverarch.com *.riverarch.com *.riverarchcapital.com *.pncriverarcapital.com *.riverarchcap.com *.pncriverarchcap.com; 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' wss://driver.ru https://*.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.by https://mc.yandex.uz https://mc.yandex.fr https://mc.yandex.com.tr https://yandex.st https://connect.facebook.net https://facebook.com https://web.facebook.com https://graph.facebook.com https://staticxx.facebook.com https://api-public.addthis.com https://edge.addthis.com https://m.addthis.com https://m.addthisedge.com https://s7.addthis.com https://connect.ok.ru https://vk.com https://login.vk.com https://widgets.pinterest.com https://www.linkedin.com https://www.odnoklassniki.ru https://www.reddit.com https://st.top100.ru https://cdn.ampproject.org https://csi.gstatic.com https://googleads.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://googletagmanager.com https://*.googletagservices.com https://www.gstatic.com https://adservice.google.ad https://adservice.google.ae https://adservice.google.al https://adservice.google.am https://adservice.google.as https://adservice.google.at https://adservice.google.az https://adservice.google.ba https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.bi https://adservice.google.bj https://adservice.google.bs https://adservice.google.bt https://adservice.google.bt https://adservice.google.by https://adservice.google.ca https://adservice.google.cd https://adservice.google.cf https://adservice.google.cf https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.cl https://adservice.google.cm https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.ck https://adservice.google.co.cr https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.kr https://adservice.google.co.ls https://adservice.google.co.ma https://adservice.google.co.mz https://adservice.google.co.nz https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.ve https://adservice.google.co.vi https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw https://adservice.google.com https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.bd https://adservice.google.com.bh https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.com.bz https://adservice.google.com.co https://adservice.google.com.cu https://adservice.google.com.cy https://adservice.google.com.ec https://adservice.google.com.eg https://adservice.google.com.et https://adservice.google.com.fj https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.com.gt https://adservice.google.com.hk https://adservice.google.com.jm https://adservice.google.com.kh https://adservice.google.com.kw https://adservice.google.com.lb https://adservice.google.com.ly https://adservice.google.com.mm https://adservice.google.com.mt https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.com.na https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.com.np https://adservice.google.com.om https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.pg https://adservice.google.com.ph https://adservice.google.com.pk https://adservice.google.com.pr https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.com.sg https://adservice.google.com.sv https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.uy https://adservice.google.com.vc https://adservice.google.com.vn https://adservice.google.cv https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.dz https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gg https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.gy https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.ie https://adservice.google.im https://adservice.google.iq https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.jo https://adservice.google.ki https://adservice.google.kg https://adservice.google.kz https://adservice.google.la https://adservice.google.li https://adservice.google.lk https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.mn https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.ne https://adservice.google.nl https://adservice.google.no https://adservice.google.nr https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.sc https://adservice.google.se https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.sm https://adservice.google.sn https://adservice.google.so https://adservice.google.sr https://adservice.google.st https://adservice.google.td https://adservice.google.tg https://adservice.google.tl https://adservice.google.tm https://adservice.google.tn https://adservice.google.to https://adservice.google.tt https://adservice.google.vg https://adservice.google.vu https://adservice.google.ws https://cdnjs.cloudflare.com https://cdn.ampproject.org;img-src https: data:;frame-src 'self' blob: https://watersoul.com https://www.facebook.com https://web.facebook.com https://m.facebook.com https://staticxx.facebook.com https://mc.yandex.ru https://s7.addthis.com https://edge.addthis.com https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net;connect-src 'self' wss://driver.ru wss://*.driver.ru wss://driverscollection.com wss://*.driverscollection.com https://driverscollection.com https://*.driverscollection.com https://yandex.ru https://*.yandex.ru https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.ua https://kraken.rambler.ru https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://www.google.com https://translate.googleapis.com https://*.google-analytics.com https://csi.gstatic.com https://stats.g.doubleclick.net https://m.addthis.com https://s7.addthis.com; report-uri https://driverscollection.com/csp-track.php; 2
'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org; child-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org; frame-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org; img-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org; script-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org; 2
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' data: https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://www.sovendus.com https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://partnerboerse.parship.de; img-src 'self' data: http: https:; frame-src https:; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; ;frame-ancestors 'self';report-uri /ls/ 2
frame-ancestors 'self' *.ubt.com ubt-beta.wealthcareportal.com ubt.wealthcareportal.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
script-src 'unsafe-inline' 'unsafe-eval' https: 2
default-src 'self' data:; child-src *;connect-src 'self' data: https://*.algolia.net https://*.algolianet.com http://*.algolia.net http://*.algolianet.com https://*.autheos.com https://*.googleapis.com https://pastease.mopinion.com https://*.swogo.com https://uat-beam.hlserve.com https://www.google-analytics.com wss://*.firebaseio.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://collect.mopinion.com https://fonts.mopinion.com https://nextail.mopinion.com https://*.swogo.com https://tagmanager.google.com https://fonts.googleapis.com;font-src 'self' data: 'unsafe-inline' https://collect.mopinion.com https://daks2k3a4ib2z.cloudfront.net https://fonts.gstatic.com https://gstatic.mopinion.com https://nextail.mopinion.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://sslwidget.criteo.com https://static.criteo.net https://connect.facebook.net https://*.firebaseio.com https://*.firebaseapp.com https://www.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://maps.gstatic.com https://collect.mopinion.com https://deploy.mopinion.com https://nextail.mopinion.com https://tdn.r42tag.com https://admin.relay42.com https://*.swogo.com https://7288352.collect.igodigital.com https://www.googletagmanager.com https://tagmanager.google.com;img-src 'self' blob: data: *; 2
frame-ancestors 'self' https://www.tombolaarcade.co.uk; 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ytimg.com https://www.youtube.com https://ajax.googleapis.com https://eu2.thunderhead.com https://connect.facebook.net https://responder.wt-safetag.com https://d1r27qvpjiaqj3.cloudfront.net https://cdn.wbtrk.net https://server.adform.net https://www.googleadservices.com https://tpc.googlesyndication.com https://*.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.de/ads/user-lists/ https://az416426.vo.msecnd.net https://bat.bing.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://ev-web.azurewebsites.net https://code.jquery.com https://w.usabilla.com https://*.cloudfront.net;style-src 'self' 'unsafe-inline' https://eu2.thunderhead.com https://fonts.googleapis.com/css;img-src 'self' data: https://images.contentful.com https://*.ctfassets.net https://www.facebook.com https://web.facebook.com https://eu2.thunderhead.com https://t.enbw.com https://fbc.wcfbc.net https://d6tizftlrpuof.cloudfront.net/ https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.de/ads/user-lists/ https://*.ytimg.com/ https://bat.bing.com www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://ev-web.azurewebsites.net/assets/ https://amplifypixel.outbrain.com https://tr.outbrain.com https://a.twiago.com https://w.usabilla.com;connect-src 'self' https://dc.services.visualstudio.com https://eu2.thunderhead.com https://d1r27qvpjiaqj3.cloudfront.net https://www.google.com/ads/user-lists/ https://www.google.de/ads/user-lists/ https://*.g.doubleclick.net https://www.google-analytics.com https://api.enbw.com/emobility-public/api/v1/;report-uri /fehler/csp 2
frame-ancestors 'self' http://intacct.lookbookhq.com https://intacct.lookbookhq.com http://go.intacct.com https://go.intacct.com http://go.sageintacct.com https://go.sageintacct.com; 2
frame-ancestors 'self' psa.digitalinsight.com; 2
referrer unsafe-url; 2
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 2
frame-ancestors https://*.hearstmags.com:* https://*.condenastdigital.com:*  https://staging.readystate.com:*  https://airbnbmag.com:*  https://hgtvcashsweepstakes.com:*  http://hgtvcashsweepstakes.com:*  https://*.believemagmedia.com:*  http://*.believemagmedia.com:*  http://devaws:*  http://devawsconde:* http://*.seventeen.com:* https://*.seventeen.com:* http://*.cosmopolitan.com:* https://*.cosmopolitan.com:* http://*.countryliving.com:* https://*.countryliving.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.goodhousekeeping.com:* https://*.goodhousekeeping.com:* http://*.harpersbazaar.com:* https://*.harpersbazaar.com:* http://*.housebeautiful.com:* https://*.housebeautiful.com:* http://*.marieclaire.com:* https://*.marieclaire.com:* http://*.oprah.com:* https://*.oprah.com:* http://*.popularmechanics.com:* https://*.popularmechanics.com:* http://*.redbookmag.com:* https://*.redbookmag.com:* http://*.townandcountrymag.com:* https://*.townandcountrymag.com:* http://*.veranda.com:* https://*.veranda.com:* http://*.delish.com:* https://*.delish.com:* http://*.foodnetwork.com:* https://*.foodnetwork.com:* http://*.hgtvmagazine.com:* https://*.hgtvmagazine.com:* http://*.elledecor.com:* https://*.elledecor.com:* http://*.caranddriver.com:* https://*.caranddriver.com:* http://*.elle.com:* https://*.elle.com:* http://*.womansday.com:* https://*.womansday.com:* http://*.roadandtrack.com:* https://*.roadandtrack.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.doctorozmag.com:* https://*.doctorozmag.com:* http://*.airbnbmag.com:* https://*.airbnbmag.com:* http://*.thepioneerwomanmagazine.com:* https://*.thepioneerwomanmagazine.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.womenshealthmag.com:* https://*.womenshealthmag.com:* http://*.menshealth.com:* https://*.menshealth.com:* http://*.bicycling.com:* https://*.bicycling.com:* http://*.runnersworld.com:* https://*.runnersworld.com:* http://*.prevention.com:* https://*.prevention.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.rodalebookazines.com:* https://*.rodalebookazines.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* 2
frame-ancestors   https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'        *.googleapis.com        *.pinimg.com	*.trustpilot.com	sitesearch360.com        *.sitesearch360.com	*.liveperson.net	*.marinsm.com	*.krxd.net	*.facebook.net	*.doubleclick.net	*.yahoo.com	*.bing.com	*.yimg.com	*.hotjar.com	*.adnxs.com	*.jquery.com	pixel-geo.prfct.co	lpcdn.lpsnmedia.net	cdnjs.cloudflare.com	www.googleadservices.com	*.google-analytics.com	*.google.com	tag.perfectaudience.com	cdn.pcdi.edu	dev.cdn.pcdi.edu	www.rtb123.com	*.lpsnmedia.net	*.adroll.com	*.ashworthcollege.edu;child-src 'self'        *.liveperson.net	*.facebook.net	*.trustpilot.com	*.reactionads.com	*.doubleclick.net	*.krxd.net	*.hotjar.com	*.lpsnmedia.net	*.fls.doubleclick.net	pixel-geo.prfct.co	*.ashworthcollege.edu	*.pcdi.edu	*.jmhs.com	*.youtube.com	*.vimeo.com	*.facebook.com	*.google.com;style-src 'unsafe-inline'  *;font-src * data:;connect-src 'self'        *.pinterest.com	*.doubleclick.net	*.hotjar.com	*.sitesearch360.com	*.trustpilot.com    *.google.com;img-src * data:;media-src 'self'       *.lpsnmedia.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2
default-src 'self' https://www.engie.ro;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net;  style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com; reflected-xss block; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src https:; child-src https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /ajax/csp-report/ 2
default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.idmanagedsolutions.com; 2
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://ls.hit.gemius.pl https://ghmpl.hit.gemius.pl https://mbank.hit.gemius.pl https://gde-default.hit.gemius.pl https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://www.snrcdn.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.pl https://tagmanager.google.com https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.snrcdn.net; img-src 'self' 'report-sample' data: https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://ls.hit.gemius.pl https://ghmpl.hit.gemius.pl https://mbank.hit.gemius.pl https://gde-default.hit.gemius.pl https://www.facebook.com https://s.ytimg.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://syndication.twitter.com https://ton.twimg.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.snrcdn.net; font-src 'self' 'report-sample' https://www.mbank.pl https://fonts.gstatic.com; connect-src 'self' 'report-sample' https://www.mbank.pl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://ghmpl.hit.gemius.pl https://mbank.hit.gemius.pl https://form.axaubezpieczenia.pl https://syndication.twitter.com https://search.interconsystems.pl https://synerise.com https://proxy.synerise.com https://tc.synerise.com https://tck.synerise.com https://messenger.synerise.com wss://messenger.synerise.com https://dc.synerise.com; media-src 'self' 'report-sample' https://www.mbank.pl https://www.snrcdn.net; object-src 'self' 'report-sample' https://www.mbank.pl https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://tpc.googlesyndication.com https://ls.hit.gemius.pl https://www.youtube.com https://form.mbank.pl https://platform.twitter.com; child-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://ls.hit.gemius.pl https://www.youtube.com https://form.mbank.pl; form-action 'self' 'report-sample' https://www.mbank.pl https://form.mbank.pl https://form.mbank.com.pl; frame-ancestors 'self' 'report-sample' https://www.mbank.pl;  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2
default-src https: blob: mediastream: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: data: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 2
default-src 'self'; img-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' ads.brasilct.com ads.brasilct.net *.googletagmanager.com *.google-analytics.com *.google.com dnn506yrbagrg.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.amazonaws.com dev.visualwebsiteoptimizer.com *.googleapis.com *.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *.amazonaws.com *.googleapis.com *.jsdelivr.net; frame-src 'self' *.youtube.com viagens.bonusesfera.com.br viagens.pontosesfera.com.br homol.viagens.brasilct.net *.googletagmanager.com https://www.google.com/recaptcha/ 2
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru;  worker-src blob: 'self';  connect-src * wss:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 2
frame-ancestors 'self' *.vpro.nl; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data: 2
default-src  * blob: 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; 2
img-src https: data:; child-src https:; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: 'self' data:; font-src https: 'self' data:; connect-src https: 'self' wss: 2
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 2
default-src 'self';style-src 'unsafe-inline' *;frame-src * data:;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.doubleclick.net apis.google.com vk.com yandex.st binarytheme.com am15.net *.am15.net *.adsrotate.ru; report-uri /csp.php 2
frame-ancestors 'self' https://www-mgr.gov.taipei http://www-mgr.gov.taipei 2
frame-src *.turecibo.com *.turecibo.com.ar *.youtube.com https://comunidad.manpowergroup.com.ar; 2
script-src 'self' https://*.nfb.ca https://*.onf.ca 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com connect.facebook.net *.google-analytics.com sb.scorecardresearch.com widget.surveymonkey.com apis.google.com cdnapisec.kaltura.com widget.surveymonkey.com www.gstatic.com js.adsrvr.org cdnapi.kaltura.com; style-src 'self' https://*.nfb.ca https://*.onf.ca 'unsafe-inline' hello.myfonts.net fonts.googleapis.com; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca; default-src 'none'; frame-src 'self' https://*.google.com https://www.gstatic.com https://www.facebook.com https://insight.adsrvr.org https://esqa.moneris.com https://www3.moneris.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://*.nfb.ca https://*.nfb.ca; worker-src 'self' *.onf.ca *.nfb.ca https://*.kaltura.com blob:; img-src 'self' sb.scorecardresearch.com *.google-analytics.com www.facebook.com http://*.onf.ca http://*.nfb.ca https://*.onf.ca https://*.nfb.ca https://*.kaltura.com stats.g.doubleclick.net data: https://interactive-cms.s3.amazonaws.com b.scorecardresearch.com cfvod.kaltura.com; media-src 'self' https://*.onf.ca https://*.nfb.ca https://*.kaltura.com blob:; object-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://*.kaltura.com https://www.facebook.com https://s3.amazonaws.com; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com cdnapisec.kaltura.com cdnapi.kaltura.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;        script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'        'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'         'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'         'unsafe-inline' 'unsafe-eval'; font-src 'self'                                                          'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://hypothes.is https://cdn.hypothes.is https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://ajax.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.hypothes.is https://platform.twitter.com https://ton.twimg.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.hypothes.is; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.google-analytics.com cdn.optimizely.com *.bugherd.com *.marketo.com *.googletagmanager.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com *.callrail.com content.healthwise.net cdn.merklesearch.com *.rkdms.com cdn.rawgit.com cdnjs.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com; object-src 'self' video.limelight.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com api.northwell.edu content.healthwise.net stage-api.northwell.io *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' *.wistia.dev *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; child-src *; connect-src *; font-src * 'unsafe-inline' data:; frame-ancestors 'self' vwo.com *.vwo.com; img-src * 'unsafe-inline' data:; media-src * 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data: 2
default-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no 'unsafe-inline'; img-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no; frame-src https://domene.shop https://domainname.shop https://domainnameshop.com https://www.domeneshop.no 2
default-src http: https: 'self' data:; base-uri 'self'; child-src *; connect-src *; frame-ancestors https://landing.credit-agricole.it/; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.cloudfront.net http://*.cloudfront.net https://*.cloudfront.net *.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net connect.ekomi.de http://connect.ekomi.de https://connect.ekomi.de widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com *.facebook.net http://*.facebook.net https://*.facebook.net www.google.com http://www.google.com https://www.google.com www.google.it http://www.google.it https://www.google.it *.google-analytics.com http://*.google-analytics.com https://*.google-analytics.com www.googleadservices.com http://www.googleadservices.com https://www.googleadservices.com www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com www.gstatic.com http://www.gstatic.com https://www.gstatic.com script.hotjar.com http://script.hotjar.com https://script.hotjar.com static.hotjar.com http://static.hotjar.com https://static.hotjar.com cdn.jsdelivr.net http://cdn.jsdelivr.net https://cdn.jsdelivr.net maps.ubiest.com http://maps.ubiest.com https://maps.ubiest.com www.youtube.com http://www.youtube.com https://www.youtube.com ajax.googleapis.com http://ajax.googleapis.com https://ajax.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com www.credit-agricole.it http://www.credit-agricole.it https://www.credit-agricole.it cdn.ravenjs.com http://cdn.ravenjs.com https://cdn.ravenjs.com *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de *.mynsystems.com http://*.mynsystems.com https://*.mynsystems.com secure.adnxs.com http://secure.adnxs.com https://secure.adnxs.com ads.avocet.io http://ads.avocet.io https://ads.avocet.io; style-src 'unsafe-inline' 'self' *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com fonts.googleapis.com http://fonts.googleapis.com https://fonts.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com www.credit-agricole.it http://www.credit-agricole.it https://www.credit-agricole.it *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 2
default-src 'self'; script-src 'self' *.episerver.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; connect-src 'self' https://chat.puzzel.com wss:;form-action 'self';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com 'self'; img-src 'self' data: www.google-analytics.com *.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com https://mts.googleapis.com https://dl.episerver.net; object-src 'self'; frame-ancestors 'self'; frame-src https: 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.boldchat.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.boldchat.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net; report-uri /report-csp-violation 2
frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;media-src 'self' blob:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;worker-src 'self' blob: 2
frame-ancestors https://pay.amazon.com 2
frame-ancestors 'self' *.ariba.com                 www.suppliersolutions.com                 login.theinstitutes.org;             report-uri /security-violation-report.php 2
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com 2
default-src 'none'; img-src https://abs.twimg.com https://ssl.google-analytics.com http://www.google-analytics.com; script-src https://abs.twimg.com https://ssl.google-analytics.com https://ajax.googleapis.com http://www.google-analytics.com about:; style-src https://abs.twimg.com https://fonts.googleapis.com 'unsafe-inline'; font-src https://abs.twimg.com https://twitter.com; connect-src 'none'; object-src 'none'; media-src 'none'; frame-src 'none'; report-uri https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false 2
default-src 'self' https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com;     connect-src 'self' https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com *.amazonaws.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.pingdom.net;     font-src 'self' data: https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com *.google.com *.gstatic.com;     frame-src 'self' https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com https://*.falcon.io/ *.google.com *.googletagmanager.com *.vimeo.com *.youtube.com;     img-src * data:;     object-src 'self' https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com;     script-src 'self' 'unsafe-inline' https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.licdn.com *.linkedin.com *.ads.linkedin.com *.pingdom.net *.youtube.com *.ytimg.com;     style-src 'self' 'unsafe-inline' data: https://*.dentsuaegisnetwork.com/ *.dentsuaegisnetwork.com *.googleapis.com *.googletagmanager.com *.gstatic.com; 2
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: 2
default-src 'self' *.persistent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com  https://cookiepro.blob.core.windows.net/ https://code.jquery.com/ https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.google-analytics.com https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' http://www.persistent.com https://cookiepro.blob.core.windows.net  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://fonts.gstatic.com/  https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://cookiepro.blob.core.windows.net https://geolocation.onetrust.com   http://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 2
frame-ancestors 'self' https://*.youranswer.io 2
frame-ancestors *.newrelic.com 2
'self'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com www3staging.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
default-src 'self' http: https: 2
frame-ancestors 'self' *.svd.se; default-src https: data: blob: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://collector.schibsted.io/api/v1/csp/svdse/publishing/pro 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru http://*.youtube.com; report-uri https://lapsha.org/csp-report.php 2
connect-src 'self' wss://*.zopim.com https://*.zendesk.com https://ekr.zdassets.com https://www.storygize.net https://servedby.flashtalking.com https://*.tradedesk.com https://*.crazyegg.com https://api.brightfunnel.com https://*.adroll.com https://api.company-target.com https://cookiee1.veinteractive.com https://appsapi.veinteractive.com https://nuance.tt.omtrdc.net https://nuance.sc.omtrdc.net https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.nuance.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://static.ads-twitter.com https://analytics.webgains.io https://static.zdassets.com https://services.xg4ken.com https://www.rnengage.com https://nuance.widget.custhelp.com https://tag.demandbase.com https://www.gstatic.com https://dc.ads.linkedin.com https://cdn.storygize.net https://www.google.com https://*.zopim.com  https://ad.doubleclick.net https://secure.leadforensics.com https://*.inq.com https://platform.twitter.com https://api.brightfunnel.com https://bpi.briteverify.com https://s3.amazonaws.com https://munchkin.brightfunnel.com https://servedby.flashtalking.com https://*.tradedesk.com https://*.crazyegg.com https://sp.analytics.yahoo.com https://c.evidon.com https://vidassets.terminus.services https://www.storygize.net https://s.yimg.com https://s.ytimg.com https://*.adroll.com https://cc.chango.com https://d3rr3d0n31t48m.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://www.rtb123.com https://c.evidon.com https://www.youtube.com https://googleads.g.doubleclick.net https://secure.quantserve.com  https://connect.facebook.net  https://nuance.sp1.convertro.com/trax2/nuance https://tagmanager.google.com https://scripts.demandbase.com https://addshoppers.s3.amazonaws.com https://api.demandbase.com https://assets.adobedtm.com https://bat.bing.com https://c.betrad.com https://config1.veinteractive.com https://d1ivexoxmp59q7.cloudfront.net https://dis.criteo.com https://gum.criteo.com https://idsync.rlcdn.com https://img.en25.com https://js.adsrvr.org https://maxcdn.bootstrapcdn.com https://nuance.sc.omtrdc.net https://nuance.sp1.convertro.com https://pixel.quantserve.com https://www.linkedin.com https://px.ads.linkedin.com https://rules.quantcount.com https://s274.t.eloqua.com https://scripts.demandbase.com https://secure.adnxs.com https://shop.nuance.com https://shop.pe https://snap.licdn.com https://ssl.google-analytics.com  https://tags.tiqcdn.com https://track.cordial.io https://widget.us.criteo.com https://www.facebook.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://nuance.demdex.net; style-src 'self' 'unsafe-inline' https://nuance.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com https://mediav3.inq.com https://www.gstatic.com https://d3rr3d0n31t48m.cloudfront.net/ https://maxcdn.bootstrapcdn.com https://*.demdex.net; frame-src 'self' https://www.google.com https://assets.adobedtm.com https://connect.facebook.net/ https://www.storygize.net https://enterprisechat.nuance.com https://gum.criteo.com https://chatrouterv3.inq.com https://l3.evidon.com https://*.twitter.com https://www.facebook.com https://nuance.inq.com https://4377577.fls.doubleclick.net https://config1.veinteractive.com https://d3rr3d0n31t48m.cloudfront.net https://static.criteo.net https://dis.us.criteo.com https://match.adsrvr.org https://nuance.demdex.net https://www.youtube.com https://track.cordial.io https://bid.g.doubleclick.net https://insight.adsrvr.org; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.zopim.com https://d3rr3d0n31t48m.cloudfront.net https://maxcdn.bootstrapcdn.com; 2
'unsafe-inline' 2
default-src 'self' http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://*.map2.ssl.hwcdn.net; 2
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.demdex.net *.springcm.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com data.schemaapp.com *.omtrdc.net; report-uri https://sentry.io/api/1300002/security/?sentry_key=d5686f72593f4e2f8ec4c18161c1dd49; 2
frame-ancestors 'self' *.optimizely.com 2
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net 2
frame-ancestors  https://tdameritrade.com.sg https://www.tdameritrade.com.sg https://tdameritrade.com.hk https://www.tdameritrade.com.hk https://thinkorswim.com https://www.tdameritrade.com https://www.thinkorswim.com https://ola.tdameritrade.com 2
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.fedoraproject.org; style-src 'self' 'unsafe-inline' https://apps.fedoraproject.org 2
content='ancestor-source = webstats.surf.nl' 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kalibrr.com *.intercom.io *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com *.hotjar.com connect.facebook.net *.facebook.com cdn.optimizely.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com cdn.mxpnl.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com cdn.heapanalytics.com www.googletagmanager.com heapanalytics.com js.intercomcdn.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 2
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube.de *.ytimg.com *.joomag.com *.surveymonkey.com *.brighttalk.com 2
default-src 'self' 'unsafe-eval' https://*.tgdd.vn https://*.thegioididong.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://vuivuilocal.firebaseapp.com https://embed.24liveblog.com https://node.24live.co https://googleads.g.doubleclick.net https://static.apester.com https://*.doubleclick.net https://*.thegioididong.com https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com; media-src 'self' https://*.tgdd.vn https://*.thegioididong.com https://*.dienmayxanh.com https://*.vuivui.com; connect-src 'self' https://www.facebook.com wss://socket.24live.co wss://connect.24liveplus.com https://stats.qmerce.com https://api.mixpanel.com https://*.dienmayxanh.com https://*.vuivui.com https://*.twitter.com https://renderer.qmerce.com https://*.apester.com https://display.apester.com https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.thegioididong.com wss://*.dienmayxanh.com wss://*.thegioididong.com wss://*.vuivui.com; object-src 'self'; report-uri /csp-violation-report-endpoint/ 2
script-src * 'unsafe-inline' 'unsafe-eval'; object-src * 2
frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 2
default-src 'self'; img-src * blob:; frame-src 'self' www.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' dmaps.daum.net t1.daumcdn.net s1.daumcdn.net maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' s1.daumcdn.net fonts.googleapis.com t1.daumcdn.net; font-src 'self' fonts.gstatic.com; 2
default-src 'self';connect-src 'self' novascotia.ca *.novascotia.ca *.gov.ns.ca *.cnsdev.ca;font-src https://novascotia.ca/clf/fonts/;frame-src https:; img-src https:; media-src https:;object-src 'self';script-src 'self' novascotia.ca *.novascotia.ca *.gov.ns.ca *.cnsdev.ca www.googletagmanager.com www.google-analytics.com 'unsafe-inline';style-src 'self' novascotia.ca *.novascotia.ca 'unsafe-inline';frame-ancestors 'self' novascotia.ca *.novascotia.ca *.gov.ns.ca; 2
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 2
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickio.mgr.consensu.org luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com datastudio.google.com *.dev.luxup.ru 'unsafe-inline' 'unsafe-eval' 2
script-src 'unsafe-inline' 'unsafe-eval' * data: 2
form-action 'self'; 2
default-src 'none';  font-src 'self' *.bobsfa.com.br *.cdn77.org fonts.gstatic.com *.bootstrapcdn.com data:; style-src 'unsafe-inline' 'self' *.bobsfa.com.br *.cdn77.org fonts.googleapis.com *.bootstrapcdn.com *.google.com cdnjs.cloudflare.com; connect-src 'self' *.addthis.com *.hotjar.com wss://*.hotjar.com sentry.io *.facebook.com *.loggly.com *.ipify.org *.netdna-ssl.com; object-src 'self'; child-src 'self' *.google.com rpm.newrelic.com *.addthis.com *.hotjar.com *.facebook.com *.facebook.net  *.reclameaqui.com.br *.googletagmanager.com *.voxus.tv *.doubleclick.net *.uptimerobot.com *.youtube.com; img-src data: 'self' *.bobsfa.com.br *.cdn77.org *.google.com.br *.google.com maps.googleapis.com *.gstatic.com *.twimg.com   *.google-analytics.com *.doubleclick.net *.facebook.com t.co *.adnxs.com; media-src data: 'self' *.bobsfa.com.br *.cdn77.org ; frame-ancestors 'self' *.facebook.com *.hotjar.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.bobsfa.com.br *.bobs.com.br *.cdn77.org *.reclameaqui.com.br *.google-analytics.com  *.googleapis.com *.google.com *.gstatic.com www.googletagmanager.com www.googleadservices.com  cdnjs.cloudflare.com *.ravenjs.com *.addthis.com   *.bootstrapcdn.com *.facebook.net *.facebook.com *.hotjar.com *.twitter.com *.ads-twitter.com *.crazyegg.com  *.newrelic.com *.nr-data.net *.reclameaqui.com.br cdn.smart.voxus.com.br *.netdna-ssl.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.ytimg.com *.vimeo.com *.audioeye.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com https://cdn.knightlab.com; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com *.verisign.com *.norton.com; style-src 'self' 'unsafe-inline' vietcombank.com.vn *.vietcombank.com.vn; img-src * 'self' data: vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com stats.g.doubleclick.net www.gstatic.com *.verisign.com *.norton.com *.longtailvideo.com; font-src 'self' data: vietcombank.com.vn *.vietcombank.com.vn; connect-src 'self' vietcombank.com.vn *.vietcombank.com.vn; frame-src 'self' gsa://onpageload; form-action *; report-uri /CspReport.ashx 2
frame-ancestors optimizely.com *.optimizely.com *.optimizelyedit.com hired.com *.hired.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: * 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://s.ytimg.com https://script.crazyegg.com https://dnn506yrbagrg.cloudfront.net https://planner-widget.goabout.com;style-src 'self' 'unsafe-inline' https://fast.fonts.net;img-src 'self' https://www.google.com https://www.google-analytics.com;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://radboudumc-web.ungerboeck.com https://planner-widget.goabout.com;font-src 'self' data: 2
default-src'self' 2
default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; report-uri /report/content-security-policy 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://www.google-analytics.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 2
script-src 'self' *.githubusercontent.com *.github.com *.googleapis.com *.google.com *.google.com.br *.googletagmanager.com *.googleadservices.com *.doubleclick.net megacubo.tv *.megacubo.tv app.megacubo.net *.twitter.com *.api.twitter.com *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com *.userreport.com *.youtube.com *.ytimg.com *.google-analytics.com *.lingotek.com 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 2
"default-src 'none'; img-src 'self'; script-src 'self'; object-src 'self';" 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data:; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.booking.com *.rentalcars.com *.hotjar.com *.facebook.com *.facebook.net *.criteo.com *.nps.com.ar *.safetypay.com *.vivacolombiaops.co *.vivaairops.com.pe *.online-metrix.net *.2mdn.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.google-analytics.com *.w3.org *.fusion.com *.google.com *.google.com.co *.google.se dev.visualwebsiteoptimizer.com *.facebook.com *.cloudflare.com *.ckeditor.com *.googleapis.com *.hotjar.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.yldr.io *.online-metrix.net *.2mdn.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.fusion.com *.google.com maxcdn.bootstrapcdn.com *.cloudflare.com *.ckeditor.com *.2mdn.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.go-mpulse.net *.googletagservices.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com seal.websecurity.norton.com *.google.com *.google.com.co cdn.jsdelivr.net *.fusion.com *.google-analytics.com *.visualwebsiteoptimizer.com *.scarabresearch.com *.google.se *.googletagmanager.com *.facebook.net *.googleadservices.com *.googleapis.com *.ckeditor.com *.hotjar.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.criteo.net *.criteo.com *.google-analytics.com aff.bstatic.com *.safetypay.com *.gstatic.com *.yldr.io r.254.com *.online-metrix.net js-agent.newrelic.com d1mj578wat5n4o.cloudfront.net *.boxever.com *.2mdn.net; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.booking.com *.rentalcars.com *.hotjar.com *.facebook.com *.facebook.net *.criteo.com *.nps.com.ar *.safetypay.com *.vivacolombiaops.co *.vivaairops.com.pe *.google.com *.youtube.com *.online-metrix.net *.pagoefectivo.pe *.2mdn.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.bootstrapcdn.com *.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.scarabresearch.com *.fusion.com *.hotjar.com *.doubleclick.net *.gstatic.com *.google-analytics.com *.go-mpulse.net; form-action 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaair.com *.vivacolombia.co *.online-metrix.net data: *.facebook.net *.facebook.com *.nps.com.ar *.gcsip.com *.paypal.com;  2
frame-ancestors 'self' *.logo.pt *.tranquilidade.cst *.tranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com recreativ.ru v.actionteaser.ru jwpsrv.com *.jwpcdn.com ads.actionteaser.ru https://ssl.gstatic.com *.gstatic.com *.googleapis.com st.top100.ru  trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru *.marketgid.com *.googletagmanager.com; object-src 'self' www.gstatic.com *.spruto.org *.jwpcdn.com; style-src 'self' 'unsafe-inline' *.googleapis.com recreativ.ru; img-src * data:; media-src *; frame-src 'self' www.youtube.com 37.220.36.15 hdgo.cc moonwalk.cc embed.publicvideohost.org video.meta.ua hdgo.cx trailerclub.me streamguard.cc; child-src 'self'; font-src * data:; connect-src 'self' *.gstatic.com www.youtube.com data: kraken.rambler.ru trustjs.net *.rcdn.pro cdnjs-aws.ru uncorejs.ru 2
script-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.zdassets.com *.googletagmanager.com; object-src 'self'; frame-src 'self' 'unsafe-inline' *.google.com; frame-ancestors 'self' 'unsafe-inline' *.google.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 2
img-src https: data:; child-src https:; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
frame-ancestors 'none'; sandbox allow-scripts allow-same-origin; default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; base-uri 'none'; form-action 'none'; media-src 'self' 2
default-src blob: data: *; connect-src 'self' ws: wss: api.jublo.net *.concours-advance.fr *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.ionis-group.com ionis.io l.sharethis.com www.linkedin.com onesignal.com performance.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.typekit.net maxcdn.bootstrapcdn.com use.typekit.net; form-action 'self' *.cic-banques.fr *.emv2.com *.facebook.com *.google.com *.ionis-group.com *.paybox.com https://*.sogenactif.com http://*.sogenactif.com *.twitter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.abtasty.com cdnjs.cloudflare.com cdn.lightwidget.com cdn.tinymce.com *.concours-advance.fr *.doubleclick.net dpm.zebestof.com e.issuu.com *.facebook.com *.facebook.net *.google.com *.google.fr *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com ib.adnxs.com *.ionis-group.com *.ionis-group.pro lightwidget.com maxcdn.bootstrapcdn.com onesignal.com *.onesignal.com platform.linkedin.com platform.twitter.com tag.aticdn.net *.tradelab.fr *.twimg.com *.twitter.com use.typekit.net *.sharethis.com *.vine.co wufoo.com *.wufoo.com *.wufoo.eu *.youtube.com *.ytimg.com; style-src data: blob: 'unsafe-inline' *; report-uri https://ionis.report-uri.com/r/d/csp/enforce 2
default-src: https: 2
default-src 'self' *.transunion.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com *.cibil.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.transunioncibil.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com *.cibil.com *.transunioncibil.com fonts.gstatic.com api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2
default-src 'self'; script-src 'self' 'unsafe-eval' data: 'unsafe-inline' https://service.liveperson.net https://lptag.liveperson.net https://www.google-analytics.com https://js.locatorsearch.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com; media-src 'self' https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://lpcdn.lpsnmedia.net https://tucson.locatorsearch.com https://www.youtube.com https://player.vimeo.com; child-src 'self' https://tucson.locatorsearch.com https://www.youtube.com https://player.vimeo.com; report-uri https://tucsonfcu.report-uri.io/r/default/csp/enforce; 2
child-src *; frame-ancestors 'self' http://*.naukri.com http://*.naukimg.com https://*.facebook.com https://*.naukri.com https://*.naukimg.com https://*.referralrecruit.com https://*.twitter.com; media-src 'self' blob:; default-src 'unsafe-eval' 'unsafe-inline' 'self' http://*.naukimg.com http://*.naukri.com https://*.akamaihd.net https://*.doubleclick.net https://*.dropbox.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.google-analytics.com https://*.google.co.in https://*.google.co.us https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.jquery.com https://*.naukimg.com https://*.equest.com https://*.naukri.com https://*.scorecardresearch.com https://*.vizury.com https://*.referralrecruit.com https://*.twitter.com https://*.youtube.com https://*.zedo.com https://*.liveperson.net https://*.lpsnmedia.net https://media.licdn.com https://*.inspectlet.com http://*.inspectlet.com https://*.layer.com https://*.zopim.com https://*.zopim.io wss://*.zopim.com wss://*.layer.com wss://ws.inspectlet.com https://*.linkedin.com data:; report-uri https://lg.naukri.com/cspLogger/ 2
frame-ancestors 'self' http://misaludapp.com https://misaludapp.com http://www.lifesenssei.com https://www.lifesenssei.com  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com; img-src 'self' data: https://cdn.syndication.twimg.com https://syndication.twitter.com http://www.google-analytics.com https://www.google-analytics.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com; frame-src 'self' https://syndication.twitter.com https://platform.twitter.com http://maps.google.com https://www.google.com; 2
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://img.youtube.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; child-src https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/; connect-src 'self' https://assets.planethoster.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chat.snaping.net https://statique.snaping.net https://statique-ca.snaping.net https://static-fr.snaping.net https://static-ca.snaping.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.jwpcdn.com https://ads.exosrv.com https://securionpay.com https://optimize.google.com https://js.dplads.com https://a.dplads.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' mediastream: data: blob: https:; worker-src 'self' blob:; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com  *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:; 2
default-src http://hsquizbowl.org http://www.hsquizbowl.org 'self'; script-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; style-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; img-src http://hsquizbowl.org http://www.hsquizbowl.org 'self' ; 2
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 2
script-src 'unsafe-inline' 'unsafe-eval' www.magister.nl www.google-analytics.com ajax.googleapis.com npmcdn.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.cloudflare.com https://cdn.jsdelivr.net/ace/1.1.8/min/ace.js https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pefelie.org https://*.postimg.org https://*.gstatic.com; frame-src 'self' https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://pefelie.org; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self'; object-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 2
script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'self';base-uri 'self';report-uri /cspreport 2
default-src 'self' n161adserv.com bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet http://87.98.166.151 http://151.80.100.50 http://51.38.53.33 http://145.239.1.130 http://79.137.69.216 http://79.137.69.239 http://79.137.69.166; style-src 'self' 'unsafe-inline'; script-src n161adserv.com bongacams.com *.bongacams.com cdn.jsdelivr.net 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' data:; img-src 'self' n161adserv.com bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com data:; 2
script-src * 'self' https://*.googleapis.com http://*.googleapis.com https://*.google-analytics.com http://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://apis.google.com http://apis.google.com https://google-maps-utility-library-v3.googlecode.com http://google-maps-utility-library-v3.googlecode.com https://*.google.com http://*.google.com 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 2
frame-ancestors *.aiyellow.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru *.exist.ru *.exist.parts telegram.org; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru https://tc.exist.ru:4433 yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru oauth.telegram.org; 2
frame-ancestors 'self' *.maritzcx.com *.allegiancetech.com *.mcxplatform.com.au *.mcxplatform.com *.mcxplatform.de; 2
default-src http: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.allianz.co.id 2
frame-ancestors https://www.crashplan.com https://www.code42.com https://store.code42.com; 2
frame-ancestors 'self' https://yritys.tunnistus.fi https://htesti.katso.tunnistus.fi 2
frame-ancestors https://viewtripnextgen-api.travelport.com 2
frame-ancestors 'self' https://*.elastic.co; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'  http://1c-bitrix-cdn.ru https://1c-bitrix-cdn.ru http://*.1c-bitrix-cdn.ru https://*.1c-bitrix-cdn.ru http://aidata.io https://aidata.io http://*.aidata.io https://*.aidata.io http://bestssp.com https://bestssp.com http://*.bestssp.com https://*.bestssp.com http://bitrix.info https://bitrix.info http://*.bitrix.info https://*.bitrix.info http://calltouch.ru https://calltouch.ru http://*.calltouch.ru https://*.calltouch.ru http://clicktex.com https://clicktex.com http://*.clicktex.com https://*.clicktex.com http://criteo.com https://criteo.com http://*.criteo.com https://*.criteo.com http://criteo.net https://criteo.net http://*.criteo.net https://*.criteo.net http://doubleclick.net https://doubleclick.net http://*.doubleclick.net https://*.doubleclick.net http://eyenewton.ru https://eyenewton.ru http://*.eyenewton.ru https://*.eyenewton.ru http://facebook.com https://facebook.com http://*.facebook.com https://*.facebook.com http://facebook.net https://facebook.net http://*.facebook.net https://*.facebook.net http://goo.gl https://goo.gl http://*.goo.gl https://*.goo.gl http://googletagservices.com https://googletagservices.com http://*.googletagservices.com https://*.googletagservices.com http://googleapis.com https://googleapis.com http://*.googleapis.com https://*.googleapis.com http://googlesyndication.com https://googlesyndication.com http://*.googlesyndication.com https://*.googlesyndication.com http://googletagmanager.com https://googletagmanager.com http://*.googletagmanager.com https://*.googletagmanager.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com http://google.am https://google.am http://*.google.am https://*.google.am http://google.az https://google.az http://*.google.az https://*.google.az http://google.by https://google.by http://*.google.by https://*.google.by http://google.com https://google.com http://*.google.com https://*.google.com http://google.com.ua https://google.com.ua http://*.google.com.ua https://*.google.com.ua http://google.de https://google.de http://*.google.de https://*.google.de http://google.fr https://google.fr http://*.google.fr https://*.google.fr http://google.ge https://google.ge http://*.google.ge https://*.google.ge http://google.kz https://google.kz http://*.google.kz https://*.google.kz http://google.ru https://google.ru http://*.google.ru https://*.google.ru http://gstatic.com https://gstatic.com http://*.gstatic.com https://*.gstatic.com http://hybrid.ai https://hybrid.ai http://*.hybrid.ai https://*.hybrid.ai http://jquerylib.net https://jquerylib.net http://*.jquerylib.net https://*.jquerylib.net http://jquery.com https://jquery.com http://*.jquery.com https://*.jquery.com http://kelnik.pro https://kelnik.pro http://*.kelnik.pro https://*.kelnik.pro http://1dmp.io https://1dmp.io http://*.1dmp.io https://*.1dmp.io http://mail.ru https://mail.ru http://*.mail.ru https://*.mail.ru http://rbi.ru https://rbi.ru http://*.rbi.ru https://*.rbi.ru http://rutarget.ru https://rutarget.ru http://*.rutarget.ru https://*.rutarget.ru http://sevgorod.ru https://sevgorod.ru http://*.sevgorod.ru https://*.sevgorod.ru http://sg-bitrix.kelnik.pro https://sg-bitrix.kelnik.pro http://*.sg-bitrix.kelnik.pro https://*.sg-bitrix.kelnik.pro http://sociomantic.com https://sociomantic.com http://*.sociomantic.com https://*.sociomantic.com http://theviewer.co https://theviewer.co http://*.theviewer.co https://*.theviewer.co http://vk.com https://vk.com http://*.vk.com https://*.vk.com http://yandex.net https://yandex.net http://*.yandex.net https://*.yandex.net http://yandex.ru https://yandex.ru http://*.yandex.ru https://*.yandex.ru http://yastatic.net https://yastatic.net http://*.yastatic.net https://*.yastatic.net http://youtube.com https://youtube.com http://*.youtube.com https://*.youtube.com http://ytimg.com https://ytimg.com http://*.ytimg.com https://*.ytimg.com http://googleadservices.com https://googleadservices.com http://*.googleadservices.com https://*.googleadservices.com http://*.planoplan.com https://*.planoplan.com http://*.*.planoplan.com https://*.*.planoplan.com http://placehold.it https://placehold.it http://*.placehold.it https://*.placehold.it ws://rbi.ru ws://*.rbi.ru ws://sevgorod.ru ws://*.sevgorod.ru; report-uri /local/php_interface/csp/csp_reporter.php 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' blob:; worker-src blob: 2
frame-ancestors self https://*.nytm.org https://*.nytm.org 2
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
style-src 'self' 'unsafe-inline' *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.bing.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ajax.aspnetcdn.com https://ajax.googleapis.com https://ak1s.abmr.net https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://mathid.mathtag.com https://pixel.mathtag.com https://platform.twitter.com https://script.crazyegg.com https://service.maxymiser.net https://st1.dialogtech.com https://tags.srv.stackadapt.com https://walkscore.com https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.rentpathcode.com;object-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.avalonprop.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://cf.kampyle.com;img-src 'self' data: http://image.email.avalonbay.com http://avaloncommunities.com http://static.avalonbay.com https://*.avalonbay.com https://*.avaloncommunities.com https://bat.bing.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://pixel.mathtag.com https://stats.g.doubleclick.net https://st2.dialogtech.com https://rt.spongecell.com https://walkscore.com https://ws.sessioncam.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com;media-src 'none';frame-src https://*.doubleclick.net https://*.merchante-solutions.com https://connect.facebook.net https://pixel.mathtag.com https://service.maxymiser.net https://syndication.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com;font-src 'self' data: https://fonts.gstatic.com;connect-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.avalonprop.com https://*.merchante-solutions.com https://identity.rentpathservices.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com;base-uri 'self';form-action 'self' https://connect.facebook.net https://www.facebook.com 2
script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com  http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://*.google.com.co https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com wss://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
script-src 'unsafe-inline' 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  'unsafe-eval' dev.visualwebsiteoptimizer.com www.googletagmanager.com i.kissmetrics.com cdn.inspectlet.com maps.gstatic.com s3.amazonaws.com code.jquery.com doug1izaerwt3.cloudfront.net maps.googleapis.com fonts.googleapis.com mt1.googleapis.com mt0.googleapis.com www.googleapis.com ad.doubleclick.net www.google-analytics.com clients1.google.com mts0.googleapis.com mts1.googleapis.com cbks0.googleapis.com; img-src * data:; style-src 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  'unsafe-inline' fonts.googleapis.com www.google.com 2
frame-ancestors https://www.facebook.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.visualwebsiteoptimizer.com *.googletagmanager.com tagmanager.google.com; frame-src 'self' *.facebook.com s-static.ak.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com; object-src 'self' 2
frame-ancestors 'self' http://www.mobility-room.com:3000 http://mobility-room.com:3000; 2
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com; 2
connect-src 'self' *.akamaihd.net *.cloudflare.com *.davebestdeals.com *.delti.com *.optimizely.com *.veinteractive.com ajax.googleapis.com ws://*.autoteile-meile.at wss://*.autoteile-meile.at; default-src 'self' *.delti.com wss://*.autoteile-meile.at; font-src 'self' *.bootstrapcdn.com *.delti.com *.gstatic.com *.trustedshops.com data; frame-ancestors *; frame-src 'self' *.akamaihd.net *.awin1.com *.criteo.com *.criteo.net *.davebestdeals.com *.delti.com *.doubleclick.net *.everestjs.net *.everesttech.net *.optimizely.com *.surfbuyermac.com *.veinteractive.com; img-src 'self' *.123spareparts.co.uk *.alcar-wheels.com *.autoteile-meile.at *.autoteile-meile.de *.awin1.com *.bing.com *.delti.com *.doubleclick.net *.everesttech.net *.fagms.net *.google.at *.google.ba *.google.be *.google.ch *.google.com *.google.com.ua *.google.de *.google.es *.google.fr *.google.hu *.google.it *.google.lu *.google.mk *.google.nl *.google.pl *.google.ro *.google.rs *.googleapis.com *.gstatic.com *.jfnet.de *.marinsm.com *.optimizely.com *.reifendirekt.de data data: netcheckcdn.xyz; object-src 'self' *.delti.com; report-uri https://ssl.delti.com/cgi-bin/csp_report.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.akamaihd.net *.autoteile-meile.at *.awin1.com *.bing.com *.bootstrapcdn.com *.criteo.com *.criteo.net *.davebestdeals.com *.delti.com *.demdex.net *.digitaloptout.com *.doubleclick.net *.dwin1.com *.everestjs.net *.fagms.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.optimizely.com *.pmddby.com *.similardeals.net *.surfbuyermac.com *.trustedshops.com *.veinteractive.com 1672606776.rsc.cdn77.org d2xvc2nqkduarq.cloudfront.net data: loadingpaqes.info maps.googleapis.com netcheckcdn.xyz; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.delti.com *.googleapis.com *.trustedshops.com; 2
frame-ancestors 'self' *; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/ 2
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' wixsite.com nanjinglions.wixsite.com app.air-matters.com; 2
default-src *; script-src 'unsafe-eval' 'unsafe-inline' http: https:; style-src 'unsafe-inline' http: https:; img-src * data: https: http: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.jotformeu.com; object-src 'self' 2
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 2
default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 2
frame-ancestors 'self' https://*.ohio.edu http://*.ohio.edu http://*.ohiou.edu https://*.ohiou.edu; 2
default-src 'self' data:; script-src * data: 'unsafe-inline' 'unsafe-eval' ; object-src 'self' data:; style-src * 'self' data: 'unsafe-inline'; img-src * 'self' data:; media-src * 'self' data:; frame-src *; font-src *; connect-src * 'self' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' dev.webkommunikation24.de *.googleapis.com *.google-analytics.com *.gstatic.com *.google.com;; report-uri https://projekt2012.webkommunikation24.de/mods/bewerten/csp-log.php 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bvaweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de bvaweb-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 2
default-src data://* http://* https://* wss://* 'self' 'unsafe-inline' 'unsafe-eval'; 2
script-src                     'self'                     *.googleapis.com                     maps.google.de                     *.gstatic.com                     *.google-analytics.com                     *.googletagmanager.com                     www.youtube.com                     kia-oz.kia-aktionen.de                     rum-static.pingdom.net                     cdn.kia-dws.de                     kiapartner.s80252109208.mehrkanal.com                     *.kiapartner.s80252109208.mehrkanal.com                     kia-piwik.mehrkanal.com                     'unsafe-inline'                     'unsafe-eval' ; object-src 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self';img-src * 'self' data: https:; 2
default-src https: 'unsafe-eval' 'unsafe-inline' data:; 2
upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline' data: about: gsa://onpageload 2
frame-ancestors *.xda-developers.com; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src data: https://* 2
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au 2
frame-ancestors 'self' https://eshop.scio.cz https://eshop.scio.sk 2
upgrade-insecure-request 2
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 2
upgrade-insecure-requests; frame-ancestors 'none'; 2
script-src https: 'unsafe-eval' 'unsafe-inline' 2
frame-src https: 2
object-src 'self' *.acellusacademy.com *.authorize.net *.acellus.com 2
unsafe-inline 2
frame-ancestors 'self' newsroom.edison.com; 2
frame-ancestors https://*.scif.com:* https://*.statefundca.com:* 2
frame-ancestors https://www.2checkout.com; upgrade-insecure-requests 2
default-src https: 'unsafe-eval' 'unsafe-inline' data: 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: blob:; media-src *; frame-src *; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src *; font-src * data:; connect-src *; report-uri /nl/report-csp-violation 2
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2
default-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com; frame-ancestors https://*.aexp.com https://*.americanexpress.com; img-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com data: omn.americanexpress.com https://amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad4.adfarm1.adition.com p.adbrn.com secure.adnxs.com 20743471p.rfihub.com 20795861p.rfihub.com insight.adsrvr.org aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sslwidget.criteo.com www.facebook.com ad.atdmt.com cnt.fout.jp googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net www.googleadservices.com/pagead/conversion/1029721533 www.googleadservices.com/pagead/conversion/979960899 dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ pixel.mathtag.com s1933033461.t.eloqua.com prf.hn farm.plista.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ servedby.flashtalking.com elb.flashtalking.com https://pt.ispot.tv https://rs.gwallet.com; script-src 'unsafe-inline' 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-cdn.dynatrace.com; style-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com 'unsafe-inline'; frame-src 'self' dstatic.dev.ipc.us.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com https://*.idfy.io https://*.idfy.no reportaproblem.apple.com/receipts/ squareup.com/receipt/american-express-only/ https://androidpay.google.com https://pay.sandbox.google.com https://www.youtube.com https://www.google.com/recaptcha/; report-uri https://consumer-travel.americanexpress.com/home/report/security/csp-violation; block-all-mixed-content 2
default-src https: 'unsafe-eval' 'unsafe-inline'; 2
script-src 'self' 'unsafe-eval' *.gstatic.com 'nonce-2000c7f20c' https://www.google-analytics.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.mobgen.com *.interactievetv.nl *.itvonline.nl *.theoplayer.com *.kpnstreaming.nl *.kpndrm.nl time.akamai.com https://www.google-analytics.com; img-src 'self' data: res.cloudinary.com *.itvonline.nl *.theoplayer.com https://www.google-analytics.com; media-src 'self' blob: https://kpnvideovod.download.kpnstreaming.nl *.kpnstreaming.nl; worker-src 'self' blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.disquscdn.com https://disqus.com https://m.addthisedge.com https://m.addthis.com https://kielikello.disqus.com https://sprakbruk.disqus.com https://s7.addthis.com https://www.google-analytics.com ; object-src 'self' 2
frame-ancestors cms.pptvthailand.com *.pptvhd36.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com/ https://*.xpressreg.net/ https://*.xpressleadpro.com/ https://*.xpressleadpro.net/ https://*.xpresspaymentservice.com/ https://xpresspaymentservice.com/ https://*.exhibitoremails.com/ https://*.cdsdatasense.Com/ *.digicert.com/ https://*.twimg.com/ https://*.adroll.com/ https://*.ingo.me/ https://ingo.me/ https://*.facebook.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.ads-twitter.com/ https://*.olark.com/ https://*.google.com/ https://*.twitter.com/ https://*.googleadservices.com/ https://*.googletagmanager.com/ https://*.feathr.co/ https://ads.yahoo.com/ https://*.adsrvr.org/ https://*.cloudfront.net/ https://*.lytics.io/ https://hotel-widget-files.s3.amazonaws.com/ https://abm-assets.s3.amazonaws.com/ https://s3.amazonaws.com/ https://settings.luckyorange.net/ https://*.onpeak.com/ https://assets.adobedtm.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.melissadata.net/ https://*.acs.org/ https://js.hs-scripts.com/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://forms.hubspot.com/ https://*.xpressreg.local/ https://*.hscollectedforms.net/ https://*.marketo.net/ https://*.gstatic.com/ https://*.addthis.com/ https://app.webreg.me/ https://dpm.demdex.net/ https://acswso.tt.omtrdc.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.linkedin.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://pixel-a.basis.net/ https://pixel.sitescout.com/ https://*.bing.com/ https://*.simplymeasured.com/ https://*.walkme.com/ https://*.dpmsrv.com/ https://*.marinsm.com/ https://*.prfct.co/ https://*.adnxs.com/ https://*.rlcdn.com/ https://*.youtube.com/ https://tags.tiqcdn.com/ https://*.informz.net/; img-src * data:; 2
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' cdn.ecare.nl; img-src *; font-src cdn.ecare.nl idp.ecare.nl;frame-src 'self' *.ecare.nl *.buurtzorgweb.nl; report-uri https://idp.ecare.nl/identity/csp/report 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com https://assets.ubembed.com/universalscript/releases/ 58e5a3210d414cce95ed4e030c3af1b7.js.ubembed.com/ siteimproveanalytics.com *.google-analytics.com https://*.mookie1.com http://ib.adnxs.com https://secure.adnxs.com www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sample.crazyegg.com tb.de17a.com https://s3.amazonaws.com/trk.cetrk.com dnn506yrbagrg.cloudfront.net *.hotjar.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' * data:;frame-src 'self' *.youtube.com *.vimeo.com *.morningstar.com *.portalbank.no https://id.eika.no *;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://*.google-analytics.com https://www.facebook.com/tr/ *.doubleclick.net *.hotjar.com *.events.ubembed.com;report-uri /WebResource.axd?cspReport=true 2
default-src 'self' *.braathe.no *.gstatic.com *.google.com * www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org *.zopim.com https://www.google.com/ gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.braathe.no wss: wss://*.zopim.com *.zopim.com 'unsafe-inline' 'unsafe-eval' https://ssl.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com stats.g.doubleclick.net; img-src 'self' *.braathe.no https://v2.zopim.com *.zopim.io data: 'unsafe-inline' *.zopim.io https://v2.zopim.com 'unsafe-eval' https://v2.zopim.com *.zopim.io www.googletagmanager.com data: *.braathe.no umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org www.gravatar.com content: www.google-analytics.com stats.g.doubleclick.net; font-src 'self' *.braathe.no data: *.zopim.com;style-src 'self' 'unsafe-inline';script-src 'self' *.braathe.no *.zopim.com 'unsafe-inline' 'unsafe-eval'  https://www.gstatic.com https://www.google.com https://storage.googleapis.com data: gap: www.google-analytics.com ajax.googleapis.com www.googletagmanager.com 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:;  img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:;  style-src 'unsafe-inline' https:; 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' px.ads.linkedin.com sjs.bizographics.com protect-us.mimecast.com e.infogr.am js-agent.newrelic.com www.youtube.com *.ytimg.com googlesyndication.com maps.google.com�*.googleapis.com�https://maps.gstatic.com gmodules.com ssl.google-analytics.com https://www.google-analytics.com player.vimeo.com fast.wistia.com https://www.gstatic.com https://bam.nr-data.net m.addthisedge.com m.addthis.com *.t.eloqua.com s7.addthis.com img06.en25.com https://www.google.com https://informa.122.2o7.net https://w.soundcloud.com https://s3.amazonaws.com https://e.infogram.com https://html5-player.libsyn.com https://stats.g.doubleclick.net https://igm-novus-production-uploads.s3.amazonaws.com https://fs8.formsite.com https://quiz.leadquizzes.com https://www.googletagmanager.com *.hotjar.com *.formsite.com https://optimize.google.com https://tagmanager.google.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' gstatic.com *.google.com  *.hotjar.com;font-src 'unsafe-inline' 'unsafe-eval' 'self'  fonts.gstatic.com https://s3.amazonaws.com https://e.infogram.com https://html5-player.libsyn.com https://stats.g.doubleclick.net https://fs8.formsite.com https://quiz.leadquizzes.com *.hotjar.com *.formsite.com googlesyndication.com maps.google.com�*.googleapis.com�https://maps.gstatic.com gmodules.com *.google.com https://optimize.google.com https://tagmanager.google.com data: font/opentype; img-src 'unsafe-inline'  'unsafe-eval' 'self' blob: *.informa.com*  data: *.t.eloqua.com  http://*.twimg.com  https://*.twimg.com googlesyndication.com maps.google.com�*.googleapis.com�https://maps.gstatic.com gmodules.com gstatic.com  player.vimeo.com fast.wistia.com https://www.gstatic.com m.addthisedge.com m.addthis.com s7.addthis.com img06.en25.com https://www.google.com http://informa.122.2o7.net https://informa.122.2o7.net *.t.eloqua.com https://w.soundcloud.com https://s3.amazonaws.com https://e.infogram.com https://html5-player.libsyn.com https://stats.g.doubleclick.net https://igm-novus-production-uploads.s3.amazonaws.com https://fs8.formsite.com https://quiz.leadquizzes.com  *.hotjar.com googlesyndication.com maps.google.com�*.googleapis.com�https://maps.gstatic.com gmodules.com ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.co.in https://www.google.co.uk https://optimize.google.com https://tagmanager.google.com *.formsite.com; object-src 'self'; child-src 'self' albumizr.com time.graphics vimeo.com https://www.youtube.com app.wistia.com fast.wistia.net www.google.com s7.addthis.com player.vimeo.com www.slideshare.net informapharmaindex.mobedia.net e.infogr.am https://w.soundcloud.com https://s3.amazonaws.com https://e.infogram.com https://html5-player.libsyn.com https://stats.g.doubleclick.net https://igm-novus-production-uploads.s3.amazonaws.com https://www.googletagmanager.com https://fs8.formsite.com https://quiz.leadquizzes.com *.hotjar.com googlesyndication.com maps.google.com�*.googleapis.com�https://maps.gstatic.com gmodules.com *.formsite.com https://optimize.google.com https://tagmanager.google.com 2
frame-ancestors https://*.marincounty.org http://*.marinpublic.com https://*.mcera.org https://*.marinmap.org https://*.marinfair.org https://*.marincultural.org 2
default-src 'self' *;script-src 'self' 'unsafe-eval' 'unsafe-inline' *;style-src 'self' 'unsafe-inline' *;font-src 'self' *; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval' 2
frame-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootcss.com *.staticfile.org *.bdstatic.com https://ssl.hyhzy.cn:8004 *.users.51.la *.raonie.com *.97rp.com *.9xiazaiqi.com https://vol.txdwc.cn:8136 http://106.75.65.90 *.hyhzy.cn https://ssl.hyhzy.cn:8004 *.baidustatic.com *.85wa.cn *.qhimg.com *.qihucdn.com *.bdimg.com *.97bike.com *.shuajuzu.com *.amazeui.org *.xcdzsw.com *.niuxgame77.com *.kl-toys.com *.keydot.net *.ctsywy.com *.ge95.com:8008 *.tudown.com *.js.org  *.nszmz.com *.baidu.com *.meikanguo.com *.appzhu.com *.shuajuzu.com *.xunlei.com https://www.cra36.cn *.0377shujuhuifu.top *.360.cn *.jointreport-switch.com *.qirexiaoshuo.com *.qiremanhua.com *.hen360.com *.cnzz.com *.115155.com http://cdn.97rp.com *.ycyixin.cn *.hen360.com *.juxiangyou.com  *.duapp.com *.cibntv.net *.hgo7r.cn *.il8r.com *.mall044.com *.symac.cn *.wgewj.cn *.qhres.com *.feitian001.com *.30pan.com *.168ey.com *.gxghtx.com lib.baomitu.com cdnjs.cloudflare.com *.tequanma.com *.shuavr.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com;               frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com; img-src 'self' https: data: http:; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/optimize/ https://dev.visualwebsiteoptimizer.com https://*.googleapis.com https://*.gstatic.com https://*.vo.msecnd.net https://www.googletagmanager.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://bam.nr-data.net https://js-agent.newrelic.com https://tagmanager.google.com/debug https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js https://tagmanager.google.com/debug/api/templates; 2
frame-ancestors 'self' apply.v12finance.com 2
default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 2
: default-src 'self' 2
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com kpn-reload.liquix.eu dwin1.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.vanadwfh.nl rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com api.api.ai tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com; object-src 'self' 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com ; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com https://fonts.gstatic.com https://sxt.cdn.skype.com ; frame-src https: ; report-uri /cspreport.htm 2
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com; connect-src 'self'; img-src 'self' maps.googleapis.com maps.gstatic.com csi.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; 2
frame-ancestors 'self' https://sdesk.adeo.pro/ http://sdesk.adeo.pro/ https://sdesk.krsk.adeo.pro/ http://sdesk.krsk.adeo.pro/ 2
default-src 'self'  'unsafe-inline'  'unsafe-eval' i.4see.mobi ; script-src https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com http://tags.srv.stackadapt.com https://tags.srv.stackadapt.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com/ https://code.jquery.com/ http://assets.adobedtm.com https://assets.adobedtm.com http://cdn.optimizely.com https://cdn.optimizely.com http://use.typekit.net https://use.typekit.net http://fast.fonts.net/ https://fast.fonts.net/ http://gateway.answerscloud.com/ https://gateway.answerscloud.com/ http://*.foresee.com https://*.foresee.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://js.clickequations.net https://js.clickequations.net http://connect.facebook.net https://connect.facebook.net http://az416426.vo.msecnd.net/ https://az416426.vo.msecnd.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://localhost https://localhost http://localhost:* https://localhost:* http://*.googleapis.com https://*.googleapis.com http://*.inspectlet.com https://*.inspectlet.com http://*.openweathermap.org https://*.openweathermap.org http://*.sharethis.com https://*.sharethis.com http://*.sharethis.com https://*.sharethis.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.xg4ken.com https://*.xg4ken.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.ytimg.com https://*.ytimg.com http://*.bing.com https://*.bing.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.instagram.com  http://banfield-assets.azureedge.net https://banfield-assets.azureedge.net  http://banfield-images.azureedge.net https://banfield-images.azureedge.net  http://banfield-scripts.azureedge.net https://banfield-scripts.azureedge.net  https://remote.vroptimal-3dx-assets.com/ https://gateway.foresee.com/ i.4see.mobi https://cdn.schemaapp.com/ ; connect-src blob: 'self' 'unsafe-inline' 'unsafe-eval' http://logx.optimizely.com/log/event https://logx.optimizely.com/log/event http://*.visualstudio.com https://*.visualstudio.com http://localhost https://localhost http://*.inspectlet.com https://*.inspectlet.com http://*.typekit.net https://*.typekit.net http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com http://*.sharethis.com https://*.sharethis.com http://*.optimizely.com https://*.optimizely.com https://analytics.foresee.com https://brain.foresee.com https://4seeresults.com https://foreseeresults.com https://www.google-analytics.com https://ssl.google-analytics.com/ i.4see.mobi https://device.4seeresults.com https://srv.stackadapt.com/ https://tags.srv.stackadapt.com https://ssl.google-analytics.com/ https://www.google.com/ https://data.schemaapp.com/ https://c.sharethis.mgr.consensu.org/ http://*.foresee.com https://*.foresee.com ; frame-src https://prd01.launch.banfield.com/ https://checkout.globalgatewaye4.firstdata.com/payment 'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://www.google.com/ https://www.google.com/ http://www.youtube.com https://www.youtube.com http://gateway.answerscloud.com https://gateway.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.facebook.com https://*.facebook.com http://*.adobedtm.com https://*.adobedtm.com http://*.doubleclick.net https://*.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net http://*.sharethis.com https://*.sharethis.com http://*.rallybound.org https://*.rallybound.org http://*.cdn.optimizely.com https://*.cdn.optimizely.com http://sketchfab.com/ https://sketchfab.com/ http://*.cloudfront.net/ https://*.cloudfront.net/ https://demo.globalgatewaye4.firstdata.com/ https://www.vroptimal-3dx-assets.com/ https://static.vroptimal-3dx-assets.com/ https://connect.facebook.net/ i.4see.mobi ; img-src https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval' http://*.cloudflare.com https://*.cloudflare.com blob: http://*.iatspayments.com https://*.iatspayments.com http://*.bidswitch.net https://*.bidswitch.net http://*.adnxs.com https://*.adnxs.com http://*.stackadapt.com https://*.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://centro.pixel.ad https://centro.pixel.ad http://beacon.clickequations.net/ https://beacon.clickequations.net/ http://www.google.com https://www.google.com http://*.banfield.com https://*.banfield.com http://www.facebook.com https://www.facebook.com http://maps.googleapis.com https://maps.googleapis.com http://*.gstatic.com https://*.gstatic.com http://pixel.sitescout.com/ https://pixel.sitescout.com/ http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://media.banfield.com https://media.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://media-staging.banfield.com https://media-staging.banfield.com http://*.doubleclick.net https://*.doubleclick.net http://*.typekit.net https://*.typekit.net http://*.4seeresults.com https://*.4seeresults.com http://*.foreseeresults.com https://*.foreseeresults.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.truste.com https://*.truste.com http://*.googleadservices.com https://*.googleadservices.com http://*.xg4ken.com https://*.xg4ken.com http://*.sharethis.com https://*.sharethis.com http://*.bing.com https://*.bing.com http://*.azureedge.net https://*.azureedge.net http://sb.scorecardresearch.com/ https://sb.scorecardresearch.com/ https://foresee.mobi https://static.foresee.com/ https://gateway.foresee.com/ i.4see.mobi https://i.liadm.com/ https://pixel.rubiconproject.com/ https://pixel.advertising.com/ https://simage2.pubmatic.com/ ; style-src http://*.fonts.net/ https://*.fonts.net/ 'self' http://*.iatspayments.com https://*.iatspayments.com 'unsafe-inline' 'unsafe-eval' http://*.fonts.net https://*.fonts.net http://fast.fonts.net https://fast.fonts.net http://*.banfield.com https://*.banfield.com http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://*.answerscloud.com https://*.answerscloud.com http://*.foresee.com https://*.foresee.com http://*.sharethis.com https://*.sharethis.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net http://*.azureedge.net https://*.azureedge.net https://gateway.foresee.com i.4see.mobi https://cdn.jsdelivr.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.net https://fast.fonts.net http://*.gstatic.com https://*.gstatic.com http://use.typekit.net https://use.typekit.net http://images.banfield.com https://images.banfield.com http://scripts.banfield.com https://scripts.banfield.com http://assets.banfield.com https://assets.banfield.com http://images-staging.banfield.com https://images-staging.banfield.com http://scripts-staging.banfield.com https://scripts-staging.banfield.com http://assets-staging.banfield.com https://assets-staging.banfield.com http://*.azureedge.net https://*.azureedge.net http://*.optimizely.com https://*.optimizely.com https://assets-staging.azureedge.net/ i.4see.mobi https://cdnjs.cloudflare.com https://scripts-staging.banfield.com http://*.foresee.com https://*.foresee.com ;   2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.verticalscreen.com https://maps.googleapis.com  https://*.newrelic.com https://pi.pardot.com https://ssl.google-analytics.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.verticalscreen.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://*.googleapis.com https://ssl.google-analytics.com 2
frame-ancestors 'self' https://www.facebook.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.powr.io https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://maps.googleapis.com https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com http://fast.fonts.net https://fast.fonts.net http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net http://www.googleadservices.com https://www.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ https://cdn.segment.com http://cdn.segment.com https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com;style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://fonts.googleapis.com http://fast.fonts.net http://cdn.datatables.net https://cdn-images.mailchimp.com;img-src 'self' data: track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com;media-src 'self' https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com;font-src 'self' https://cdn.lightwidget.com https://cdn.joinhoney.com data: https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net;connect-src 'self' https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net;report-uri /WebResource.axd?cspReport=true 2
script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' static2.mybonuscenter.com static4.mybonuscenter.com static6.mybonuscenter.com www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2
default-src * 'self' data: 'unsafe-inline'; 2
frame-ancestors 'self' http://www.1ch.us https://little.lolicatgirls.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com https://vk.com mc.yandex.ru clck.yandex.ru yandex.st www.google-analytics.com https://www.google-analytics.com www.gstatic.com pagead2.googlesyndication.com https://pagead2.googlesyndication.com; frame-src 'self' vk.com https://vk.com https://login.vk.com apis.google.com platform.twitter.com tpc.googlesyndication.com googleusercontent.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net mc.yandex.ru www.youtube.com; connect-src 'self' mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; 2
frame-ancestors 'self' apps.blms.co.il www.leumitech.com hb2.bankleumi.co.il  hb3.bankleumi.co.il trade.bankleumi.co.il mortgage.blms.co.il hb.unionbank.co.il ; 2
block-all-mixed-content; frame-ancestors 'self' 2
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.io/r/default/csp/enforce 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eigroup.co.uk maps.googleapis.com *.google-analytics.com az416426.vo.msecnd.net dc.services.visualstudio.com cdn.ampproject.org use.fontawesome.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' *.eigroup.co.uk *.eigpropertyauctions.co.uk *.gstatic.com maps.googleapis.com *.google-analytics.com dc.services.visualstudio.com data:;media-src 'self';frame-src 'self' *.youtube.com *.youtube-nocookie.com;font-src 'self' fonts.gstatic.com data:;connect-src 'self' *.eigroup.co.uk wss://*.eigroup.co.uk maps.googleapis.com nikkomsgchannel *.google-analytics.com dc.services.visualstudio.com cdn.ampproject.org;child-src 'self' *.youtube.com *.youtube-nocookie.com;form-action 'self';frame-ancestors 'self';manifest-src 'self';upgrade-insecure-requests;report-uri /WebResource.axd?cspReport=true 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline';font-src * data: ; 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
default-src data: 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
frame-ancestors 'self' avatarionmobiliar.ibex.dienstleistungen.ws 2
frame-ancestors 'self' ricardo.ch *.ricardo.ch 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com ymetrica1.com https://ymetrica1.com yastatic.net https://yastatic.net www.google-analytics.com https://www.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com code.jquery.com https://code.jquery.com ads.exosrv.com https://ads.exosrv.com; img-src 'self' data: mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com ymetrica1.com https://ymetrica1.com yastatic.net https://yastatic.net mc.webvisor.org https://mc.webvisor.org www.google-analytics.com https://www.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.bongacams.com https://*.bongacams.com *.bimbolive.com https://*.bimbolive.com counter.yadro.ru https://counter.yadro.ru static.exosrv.com https://static.exosrv.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.googleapis.com; font-src 'self' data: *.gstatic.com https://*.gstatic.com; media-src 'self' mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com ssl-promo.bongacams.com https://ssl-promo.bongacams.com static.exosrv.com https://static.exosrv.com; connect-src 'self' mc.yandex.ru https://mc.yandex.ru cdn.jsdelivr.net https://cdn.jsdelivr.net ymetrica.com https://ymetrica.com wss://mirsexy.net:2345 syndication.exosrv.com https://syndication.exosrv.com; frame-src 'self' mirsexyembed.com https://mirsexyembed.com chat.mirsexy.com https://chat.mirsexy.com; object-src 'self' mirsexy.net https://mirsexy.net s2.mirsexy.com https://s2.mirsexy.com s3.mirsexy.com https://s3.mirsexy.com s4.mirsexy.com https://s4.mirsexy.com s5.mirsexy.com https://s5.mirsexy.com; 2
frame-ancestors 'self' *.chefkoch.de 2
upgrade-insecure-requests; frame-ancestors 'self' https://*; 2
frame-ancestors 'self' *.GETPAIDTOSHOP.US *.CASHBACKASSOCIATES.COM *.CASHBACKDONATIONS.ORG *.INTEGRION.US *.integrion.com; 2
frame-ancestors 'self' http://jobcloud.ch http://*.jobcloud.ch http://jobs.ch http://*.jobs.ch http://jobup.ch http://*.jobup.ch http://ingjobs.ch http://ictcareer.ch http://jobs4sales.ch http://financejobs.ch http://medtalents.ch http://jobwinner.ch http://alpha.ch http://topjobs.ch http://*.jobscout24.ch http://impieghi.ch http://*.impieghi.ch http://*.stellenmarkt.ch 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: * 2
frame-ancestors 'self' https://*.googletagmanager.com https://themes.googleusercontent.com https://*.cloudfront.net https://www.google-analytics.com https://www.googleadservices.com https://bat.bing.com https://*.sumome.com https://*.doubleclick.net https://*.msn.com https://*.google.com https://*.twitter.com https://t.co https://*.google.be https://*.facebook.com https://*.newrelic.com https://bam.nr-data.net https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://i.ytimg.com https://cdncache-a.akamaihd.net https://*.youtube.com https://s.ytimg.com https://*.googlevideo.com https://*.addthis.com https://pbs.twimg.com 2
script-src https: http: 2
frame-src www.mediavacances.com www.mediavacanze.com www.mediavacaciones.com www.mediaferias.com www.mediaferienportal.com www.mediavakanties.com www.mediahols.com www.mediavacationrentals.com https://rmg.li http://www.facebook.com/plugins/like.php https://www.google.com/recaptcha/ https://www.google.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' xiti.com http://www.mediavacances.com https://www.mediavacances.com http://www.mediaferienportal.com https://www.mediaferienportal.com http://www.mediahols.com https://www.mediahols.com http://www.mediavacationrentals.com https://www.mediavacationrentals.com http://www.mediavakanties.com https://www.mediavakanties.com http://www.mediavacanze.com https://www.mediavacanze.com http://www.mediavacaciones.com https://www.mediavacaciones.com http://www.mediaferias.com https://www.mediaferias.com http://static.mediavacances.com https://static.mediavacances.com http://static.mediaferienportal.com https://static.mediaferienportal.com http://static.mediahols.com https://static.mediahols.com http://static.mediavacationrentals.com https://static.mediavacationrentals.com http://static.mediavakanties.com https://static.mediavakanties.com http://static.mediavacanze.com https://static.mediavacanze.com http://static.mediavacaciones.com https://static.mediavacaciones.com http://static.mediaferias.com https://static.mediaferias.com http://widget.sunz.com https://www.googletagmanager.com https://api.mapbox.com *.openstreetmap.org  *.proskilab.fr *.google-analytics.com *.apis.google.com https://ajax.googleapis.com http://ajax.googleapis.com *.googleapis.com http://maps.gstatic.com http://maps.google.com https://maps.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com http://www.google.com http://connect.facebook.net https://connect.facebook.net *.facebook.com https://tpeweb.paybox.com https://tpeweb1.paybox.com *.xiti.com http://csi.gstatic.com *.sports-hiver.com cse.google.com pagead2.googlesyndication.com www.hometogo.de tc.hometogo.com www.hometogo.com www.meteofrance.com static.criteo.net widget.criteo.com https://www.google.com https://www.gstatic.com data: 2
object-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypal.com https://www.paypalobjects.com https://www.google.com https://www.gstatic.com; 2
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ *.optimizely.com www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; frame-src 'self' *.adform.net *.optimizely.com *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; object-src 'self'; 2
frame-ancestors 'self' https://www.veinteractive.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self'; object-src 'self' blob:; 2
script-src 'unsafe-inline' 'unsafe-eval' http: https:; child-src http: https:; frame-ancestors http: https:; object-src http: https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.insureon.com https://*.homecoverage.com https://*.forsureon.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.techinsurance.local https://cdn.tinymce.com https://*.wistia.com https://www.google.com https://*.litix.io https://cdnjs.cloudflare.com https://*.akamaihd.net https://*.pingdom.net; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://xselltechchat.appspot.com https://*.cloudfront.net https://secure.quantserve.com https://*.quantcount.com https://*.twimg.com https://*.twitter.com https://*.insureon.com  https://*.cetrk.com https://*.aspnetcdn.com https://*.pingdom.net https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://*.doubleclick.net  https://*.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.googleadservices.com https://*.adroll.com https://aspnet-scripts.telerikstatic.com https://cdn.tinymce.com https://*.cloudfront.net https://*.gstatic.com https://widgets.jobscore.com https://fast.wistia.net https://fast.wistia.com https://src.litix.io https://cdnjs.cloudflare.com https://*.google.com https://storage.googleapis.com https://*.impactradius-event.com https://ajax.cloudflare.com https://secure.leadforensics.com https://cdn.heapanalytics.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twimg.com https://*.twitter.com http://*.insureon.com https://*.insureon.com https://*.cetrk.com https://*.aspnetcdn.com https://*.pingdom.net https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://*.doubleclick.net https://fonts.googleapis.com https://*.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.googleadservices.com https://*.adroll.com https://aspnet-scripts.telerikstatic.com https://cdn.tinymce.com https://*.cloudfront.net https://*.gstatic.com https://widgets.jobscore.com https://fast.wistia.net https://fast.wistia.com https://src.litix.io https://cdnjs.cloudflare.com https://*.google.com https://*.impactradius-event.com https://ajax.cloudflare.com https://secure.leadforensics.com https://cdn.heapanalytics.com; style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.gstatic.com https://cdn.tinymce.com https://*.twitter.com https://*.twimg.com  https://*.aspnetcdn.com https://*.google.com; child-src 'self' https://*.agentinsure.com https://*.doubleclick.net https://www.facebook.com https://maps.google.com https://dev.visualwebsiteoptimizer.com https://widgets.jobscore.com https://www.google.com https://*.insureon.com https://*.techinsurance.local https://*.wistia.com https://*.twitter.com https://*.google.com https://www.youtube.com https://www.youtube.com; frame-src 'self' https://*.agentinsure.com https://*.doubleclick.net https://www.facebook.com https://maps.google.com https://dev.visualwebsiteoptimizer.com https://widgets.jobscore.com https://www.google.com https://*.insureon.com https://*.techinsurance.local https://*.wistia.com https://*.twitter.com https://*.google.com  https://www.youtube.com https://www.youtube.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://steamcommunity.com/; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 2
script-src 'self' https://static.hotjar.com https://script.hotjar.com https://sample.crazyegg.com https://script.crazyegg.com http://script.crazyegg.com https://ajax.googleapis.com https://nrpc.olark.com https://api.olark.com https://static.olark.com http://static.olark.com http://ajax.googleapis.com https://seal.alphassl.com https://cdn.netlawman.com https://secure.comodo.com http://www.googleadservices.com http://www.google.com.pk https://www.google.com.pk https://www.google.com http://www.google.com https://www.googleadservices.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://www.trustlogo.com http://trustlogo.com http://flex.atdmt.com https://flex.atdmt.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://cdn.netlawman.com http://fonts.googleapis.com https://static.olark.com http://static.olark.com 'unsafe-inline' 'unsafe-eval';base-uri 'self'; 2
default-src 'self' *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net mycliplister.com; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: bosch.mi4biz.net www.boschthermolife.com; frame-ancestors 'self' https: bosch.mi4biz.net http://fs52-buderus-dev.kittelberger.net 2
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/; report-uri /admin/config/system/seckit/csp-report 2
default-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval';connect-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; font-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; child-src http: https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self';base-uri 'none';object-src 'none' 2
upgrade-insecure-requests; default-src https: data: filesystem: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 2
script-src 'self' https://dqnp8bdp95f7m.cloudfront.net https://www.google.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com  https://api.userlike.com https://userlike-cdn-client.s3-eu-west-1.amazonaws.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://dq4irj27fs462.cloudfront.net; base-uri 'self'; 2
frame-ancestors *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 2
default-src * data: blob:;script-src 'self' static4.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.gstatic.com maps.gstatic.com maps.googleapis.com static.whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net;style-src 'self' static4.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' www.gstatic.com static.whatshelp.io;connect-src 'self' www.google-analytics.com whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net staticxx.facebook.com graph.facebook.com;object-src 'self'; 2
default-src 'self' blob:;  img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com;  media-src 'self' blob: *.streaming.mediaservices.windows.net;  script-src 'self' data: optimize.google.com *.google-analytics.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com az416426.vo.msecnd.net *.googletagmanager.com;  style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org;  font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com;  connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net;  frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr;  2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com; img-src 'self' www.google-analytics.com stats.g.doubleclick.net 2
default-src 'self'; img-src *; media-src *; style-src * 'unsafe-inline'; font-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.myappro.com:* *.personalcard.net:* ; frame-src 'self' *.personalcard.net:* *.google.com:*; connect-src gw.oribi.io 'self'; 2
frame-ancestors 'self' dsg.marketing.adobe.com 2
default-src *.chowhound.com *.cbsinteractive.com cbsinteractive.com blob: *.chowhound.com https: 'unsafe-inline' 'unsafe-eval'; script-src blob: *.chowhound.com https: data: 'unsafe-inline' 'unsafe-eval'; media-src http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com http://canhls.cbs.com cbs-hls.akamaized.net blob: *.chowhound.com data: video https:; connect-src http://canhls.cbs.com http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com cbs-hls.akamaized.net https:; img-src https: data: http://thumbnails.cbsig.net; frame-src https:; frame-ancestors *.chowhound.com *.google.com *.ampproject.org; form-action https: http://*.chow.com http://*.chowhound.com; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://datamineuat.cmegroup.com www.kgieworld.sg; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; 2
frame-ancestors 'self' https://*.backstreetmerch.com https://*.livenationmerch.com https://www.joestrummer.com https://eustore.rogerwaters.com https://www.trailerparkboysmerch.com https://store.niallhoran.com https://shop.thebodycoach.com https://merchandise.footballmanager.com https://shop.little-mix.com https://shop.shanefilan.com https://merch.bulletformyvalentine.com https://merch.raksu-official.com 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.powr.io https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://maps.googleapis.com https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com http://fast.fonts.net https://fast.fonts.net http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net http://www.googleadservices.com https://www.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ https://cdn.segment.com http://cdn.segment.com https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com;style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://fonts.googleapis.com http://fast.fonts.net http://cdn.datatables.net https://cdn-images.mailchimp.com;img-src 'self' data: track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com;media-src 'self' https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com;font-src 'self' https://cdn.lightwidget.com https://cdn.joinhoney.com data: https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;connect-src 'self' https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net;report-uri /WebResource.axd?cspReport=true 2
default-src 'none'; connect-src 'self' http: https: wss:; font-src 'self' http: https:; form-action 'self' http: https:; frame-src 'self' http: https:; frame-ancestors 'self' http: https:; img-src 'self' 'unsafe-inline' http: https: data:; media-src 'self' http: https:; object-src 'self' http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; worker-src 'self' http: https:; child-src 'self' http: https 2
connect-src 'self' wss://*.zopim.com  https://*.zendesk.com https://ekr.zdassets.com https://www.storygize.net https://servedby.flashtalking.com https://*.tradedesk.com https://*.crazyegg.com https://api.brightfunnel.com https://*.adroll.com https://api.company-target.com https://cookiee1.veinteractive.com https://appsapi.veinteractive.com https://nuance.tt.omtrdc.net https://nuance.sc.omtrdc.net https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.nuance.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://static.ads-twitter.com https://analytics.webgains.io https://static.zdassets.com https://services.xg4ken.com https://www.rnengage.com https://nuance.widget.custhelp.com https://tag.demandbase.com https://www.gstatic.com https://dc.ads.linkedin.com https://bpi.briteverify.com https://cdn.storygize.net https://www.google.com https://*.zopim.com  https://ad.doubleclick.net https://secure.leadforensics.com https://*.inq.com https://platform.twitter.com https://api.brightfunnel.com https://s3.amazonaws.com https://munchkin.brightfunnel.com https://servedby.flashtalking.com https://*.tradedesk.com https://*.crazyegg.com https://sp.analytics.yahoo.com https://c.evidon.com https://vidassets.terminus.services https://www.storygize.net https://s.yimg.com https://s.ytimg.com https://*.adroll.com https://cc.chango.com https://d3rr3d0n31t48m.cloudfront.net https://static.criteo.net https://sslwidget.criteo.com https://www.rtb123.com https://c.evidon.com https://www.youtube.com https://googleads.g.doubleclick.net https://secure.quantserve.com  https://connect.facebook.net  https://nuance.sp1.convertro.com/trax2/nuance https://tagmanager.google.com https://scripts.demandbase.com https://addshoppers.s3.amazonaws.com https://api.demandbase.com https://assets.adobedtm.com https://bat.bing.com https://c.betrad.com https://config1.veinteractive.com https://d1ivexoxmp59q7.cloudfront.net https://dis.criteo.com https://gum.criteo.com https://idsync.rlcdn.com https://img.en25.com https://js.adsrvr.org https://maxcdn.bootstrapcdn.com https://nuance.sc.omtrdc.net https://nuance.sp1.convertro.com https://pixel.quantserve.com https://www.linkedin.com https://px.ads.linkedin.com https://rules.quantcount.com https://s274.t.eloqua.com https://scripts.demandbase.com https://secure.adnxs.com https://shop.nuance.com https://shop.pe https://snap.licdn.com https://ssl.google-analytics.com  https://tags.tiqcdn.com https://track.cordial.io https://widget.us.criteo.com https://www.facebook.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://nuance.demdex.net; style-src 'self' 'unsafe-inline' https://nuance.widget.custhelp.com https://tagmanager.google.com https://fonts.googleapis.com https://mediav3.inq.com https://www.gstatic.com https://d3rr3d0n31t48m.cloudfront.net/ https://maxcdn.bootstrapcdn.com https://*.demdex.net; frame-src 'self' https://www.google.com https://assets.adobedtm.com https://connect.facebook.net/ https://www.storygize.net https://enterprisechat.nuance.com https://gum.criteo.com https://chatrouterv3.inq.com https://l3.evidon.com https://*.twitter.com https://www.facebook.com https://nuance.inq.com https://4377577.fls.doubleclick.net https://config1.veinteractive.com https://d3rr3d0n31t48m.cloudfront.net https://static.criteo.net https://dis.us.criteo.com https://match.adsrvr.org https://nuance.demdex.net https://www.youtube.com https://track.cordial.io https://bid.g.doubleclick.net https://insight.adsrvr.org; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.zopim.com https://d3rr3d0n31t48m.cloudfront.net https://maxcdn.bootstrapcdn.com; 2
frame-ancestors 'self' *.sciquest.com *.ariba.com *.nova.edu *.coupahost.com *.covestro.com *.intellecat.com *.bmc.com *.vinimaya.com *.oraclecloud.com *.equallevel.com *.terracon.com *.eplus.com *.pacificorp.us *.punchout2go.com *.STATE.PA.US *.equallevel.com *.macewan.ca p2p.caci.com *.verian.com *.aquiire.net *.nvenergy.com *.sherwin.com *.fwisd.org *.cchmc.org *.esmsolutions.com *.ocps.* *.pacificorp.us *.oracleoutsourcing.com *.ocps.k12.fl.us *.ivalua.us *.vroozi.com *.varstreet.com 2
default-src 'self' * data: 'unsafe-inline' 'unsafe-eval'; 2
default-src https: data: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' umprow.com alopoy.com tuniaf.com coollcloud.com *.yandex.ru *.yandex.net yastatic.net *.yastatic.net; img-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' yastatic.net www.youtube.com; media-src 'self' mediastream:; connect-src 'self' https://mc.yandex.ru; report-uri: https://android-vzlom.ru/csp.php; 2
default-src 'self' data: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.oepay.com.hk *.octopus-cards.com 'unsafe-inline' 'unsafe-eval'; 2
report-uri https://sentry.foodfox.ru/api/2/csp-report/?sentry_key=8a72c4c3a449488cb6463c35c4ff2c6b; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:3101 *.google.com *.google.ru *.google.de *.google.co.uk *.google.com.ua *.google.fr *.google.nl *.google.ie *.google.by *.google.lt *.google.pl *.googletagmanager.com *.google-analytics.com *.googleadservices.com yandex.ru yastatic.net *.yandex.ru *.yandex.net *.jivosite.com *.ravenjs.com *.nr-data.net *.newrelic.com *.g.doubleclick.net *.criteo.net *.criteo.com; style-src blob: data: 'self' 'unsafe-inline' yandex.ru yastatic.net *.yandex.ru *.yandex.net *.foodfox.ru *.cloudflare.com; font-src 'self' fonts.gstatic.com yastatic.net *.yandex.net; frame-src *; img-src data: *; connect-src wss: 'self' localhost:3101 *.foodfox.ru *.jivosite.com *.yandex.ru *.yandex.net *.googlesyndication.com www.google-analytics.com *.nr-data.net 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' consulplan.net www.consulplan.net consulplan.com www.consulplan.com www.google-analytics.com ajax.googleapis.com; img-src 'self' www.google-analytics.com consulplan.s3.amazonaws.com; style-src 'unsafe-inline' consulplan.net www.consulplan.net consulplan.com www.consulplan.com; 2
policy 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 2
default-src 'self' http: https:;img-src http: https: data:;font-src http: https: data:;script-src 'unsafe-inline' 'unsafe-eval' 'self' http: https:;style-src 'unsafe-inline' http: https:; frame-ancestors http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info 2
frame-ancestors http://webvisor.com 2
default-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self'; block-all-mixed-content 2
report-uri https://cspreport.bol.com/report/b/12200  ; default-src https://tpc.googlesyndication.com https://www.bol.com ; connect-src https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://query.autheos.com https://www.bol.com ; font-src data: https://*.s-bol.com https://fonts.gstatic.com https://secure.ogone.com https://www.bol.com ; frame-src https://*.2mdn.net https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.youtube-nocookie.com https://bolfelicitatie.b05-apps.nl https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://player.autheos.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://view.publitas.com https://www.bol.com https://www.facebook.com https://www.google.com ; img-src blob: data: https://*.2mdn.net https://*.akstat.io https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://img.youtube.com https://jwpltx.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://static2.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.ups.com ; media-src https://*.cloudfront.net https://*.phononet.de https://*.s-bol.com https://bolfelicitatie.b05-apps.nl https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com ; object-src https://bolfelicitatie.b05-apps.nl https://st1.streamzilla.jet-stream.nl https://view.publitas.com https://www.bol.com ; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.s-bol.com https://*.youtube-nocookie.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://bolcom.tu-vms.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://d31qbv1cthcecs.cloudfront.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://live.adyen.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://s.ytimg.com https://secure.ogone.com https://ssl.p.jwpcdn.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://tu.tu-vms.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com ; style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://view.publitas.com https://www.bol.com 2
style-src 'self' 'unsafe-inline' 2
default-src https:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; 2
default-src 'self' data: https://www.ccv.cz  https://www.ccvis.sk  *.youtube.com *.hotjar.com *.addthis.com https://smartsupp-files-161959.c.cdn77.org; img-src 'self' data: *.ccv.cz *.gstatic.com maps.googleapis.com ifirmy.cz *.google.cz *.google.com *.doubleclick.net *.smartsupp.co *.google-analytics.com pbs.twimg.com *.salesmanago.pl *.facebook.com *.youtube.com *.twitter.com *.leady.com *.imedia.cz https://smartsupp-files-161959.c.cdn77.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' ifirmy.cz pagead2.googlesyndication.com *.gstatic.com *.google.com *.google.cz cdnjs.cloudflare.com maps.google.com cdn.syndication.twimg.com *.twimg.com *.googleapis.com smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.getsmartlook.com *.hotjar.com *.salesmanago.pl *.leady.cz *.leady.com *.googleadservices.com *.googletagmanager.com *.smartsuppchat.com *.twitter.com *.facebook.net *.addthisedge.com *.google-analytics.com *.addthis.com *.facebook.com *.jsdelivr.net *.imedia.cz/ *.doubleclick.net; child-src 'self' *.imedia.cz/ *.youtube.com *.facebook.com https://googleads.g.doubleclick.net *.facebook.net *.addthis.com *.twitter.com *.google.com *.google.cz *.hotjar.com *.doubleclick.net; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com smartsupp-widget-161959.c.cdn77.org s3.amazonaws.com *.jsdelivr.net *.doubleclick.net; connect-src 'self' ws://*.hotjar.com *.hotjar.com wss://s1.smartsupp.com https://pagead2.googlesyndication.com *.smartlook.com ws://s1.smartsupp.com ws://s1.getsmartlook.com ws://s2.getsmartlook.com ws://ins9.hotjar.com *.smartsupp.com *.youtube.com *.getsmartlook.com *.addthis.com wss://s3.smartsupp.com https://*.leady.com; font-src 'self' themes.googleusercontent.com smartsupp-widget-161959.c.cdn77.org fonts.gstatic.com s3.amazonaws.com/icomoon.io/; 2
frame-ancestors staging.firebrand.training firebrand.training cms.firebrandtraining.com 2
default-src 'self' *.skat.dk skat.dk ;  script-src 'unsafe-eval' 'unsafe-inline' *.skat.dk skat.dk *.ccta.dk *.readspeaker.com code.jquery.com  netdna.bootstrapcdn.com s.webtrends.com statse.webtrendslive.com cdnjs.cloudflare.com siteimproveanalytics.com ajax.aspnetcdn.com dawa.aws.dk map.krak.dk map.eniro.no maps.googleapis.com cdn.datatables.net content-b.vergic.com https://map.eniro.no https://map.krak.dk https://account.psplugin.com https://policy.cookieinformation.com https://policy.app.cookieinformation.com https://commsrv-b.vergic.com https://www.googleapis.com customer.cludo.com customer.cludo.com.cdn.cloudflare.net dmcqaqmkk1tj3.cloudfront.net https://ecefinesse.skat.dk https://p99eceweb.voip.nd.local https://www.gstatic.com d3js.org https://ssl.survey.webstatus.v2.userneeds.dk https://tjektolden.dk https://www.tjektolden.dk ;  style-src 'unsafe-inline'  *.skat.dk skat.dk *.ccta.dk *.googleapis.com *.readspeaker.com code.jquery.com  netdna.bootstrapcdn.com www.google.com cdnjs.cloudflare.com content-b.vergic.com customer.cludo.com customer.cludo.com.cdn.cloudflare.net https://p99eceweb.voip.nd.local https://www.gstatic.com https://tjektolden.dk https://www.tjektolden.dk ;  img-src 'self' data: blob: *.skat.dk skat.dk http://www.skat.dk *.readspeaker.com *.gstatic.com *.googleapis.com *.google.com *.cloudfront.net code.jquery.com  hm.webtrends.com statse.webtrendslive.com customer.cludo.com customer.cludo.com.cdn.cloudflare.net https://content.psplugin.com https://www.google.com https://www.googleapis.com *.ontame.io eur-lex.europa.eu https://ssl.survey.webstatus.v2.userneeds.dk ;  font-src 'self' data: *.skat.dk skat.dk *.googleapis.com  fonts.gstatic.com netdna.bootstrapcdn.com content.psplugin.com ;  connect-src 'self' *.skat.dk skat.dk *.ccta.dk dawa.aws.dk api.hr-manager.net latana.se *.vergic.com api-eu1.cludo.com api.cludo.com https://account.psplugin.com https://consent.app.cookieinformation.com ;  child-src 'self' skat.dk *.skat.dk http://skat.dk http://www.skat.dk *.ccta.dk *.readspeaker.com http://media.videotool.dk https://media.videotool.dk https://cse.google.com https://app-eu.readspeaker.com https://skatig.wilkeonline.com https://p99eceweb.voip.nd.local https://befordringsbot.skat.dk https://skatigtest.wilkeonline.com http://www.vurdering.skat.dk https://ssl.survey.webstatus.v2.userneeds.dk https://survey.euro.confirmit.com https://policy.app.cookieinformation.com ;  media-src 'self' blob: skat.dk *.skat.dk www.skat.dk https://skat.dk https://www.skat.dk *.readspeaker.com https://media.videotool.dk ;  object-src 'self' blob: ;  report-uri  https://skat.dk/websrv/contentsecurity.ashx 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' https://www.youtube.com http://lymocommy.com http://mastarti.com http://onedrive.su http://videomore.ru http://twodrive.su http://www.mrelko.com http://mrelko.com http://smilered.com http://uniontraff.com http://winvideo.org http://cdn.servkino.ru http://mxtads.com http://rmbn.net http://sv1.servkino.ru https://yastatic.net http://kp.cdn.yandex.net http://urls.api.twitter.com https://connect.ok.ru http://www.odnoklassniki.ru http://graph.facebook.com http://vkontakte.ru https://vkontakte.ru http://*.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru http://mc.yandex.ru http://google.com http://*.google.com http://ajax.googleapis.com https://ajax.googleapis.com http://kinogo-net-2015.ru http://onfilms.org http://newfilmz.ru http://moonwalk.cc https://vidroll.ru http://vidroll.ru http://*.vidroll.ru http://vk.com http://*.vk.com https://vk.com https://*.vk.com http://*.googleapis.com http://*.yadro.ru http://*.yastatic.net http://yastatic.net http://*.mail.ru http://*.yandex.ru http://*.yadro.ru http://yadro.ru http://yandex.st http://*.yandex.st;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' http://recreativ.ru http://onedrive.su http://smilered.com http://twodrive.su http://jfduv7.com http://retarget.ssl-services.com http://cdn.hgdat.com http://hghit.com http://t.et-code.ru http://trafmag.com http://cdn7.rocks http://brokeloy.com http://deenomo.com http://hgbn.rocks http://etcodes.com http://mrelko.com http://www.mxttrf.com https://informer.yandex.ru http://www.google-analytics.com http://api.yandex.ru http://clck.yandex.ru https://share.yandex.net http://kp.cdn.yandex.net https://vidroll.ru http://vidroll.ru http://*.vidroll.ru http://urls.api.twitter.com https://connect.ok.ru http://www.odnoklassniki.ru http://vk.com http://*.vk.com https://vk.com https://*.vk.com http://vkontakte.ru https://vkontakte.ru http://graph.facebook.com http://ajax.googleapis.com https://ajax.googleapis.com http://*.googleapis.com http://*.yadro.ru http://*.yastatic.net http://yastatic.net https://yastatic.net http://*.mail.ru http://*.yandex.ru http://yandex.st http://*.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru http://mc.yandex.ru http://*.yadro.ru http://yadro.ru http://*.yandex.st http://onfilms.org http://newfilmz.ru http://kinogo-net-2015.ru http://google.com http://*.google.com http://googleapis.com; object-src 'self' http://mrelko.com http://mixtraff.silvercdn.com http://onfilms.org http://newfilmz.ru http://kinogo-net-2015.ru https://vidroll.ru http://vidroll.ru http://*.vidroll.ru https://yastatic.net http://kp.cdn.yandex.net http://*.cdn.yandex.net https://*.cdn.yandex.net http://kinogo.co;connect-src 'self' https://yastatic.net http://*.cdn.yandex.net https://*.cdn.yandex.net http://kp.cdn.yandex.net http://*.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru http://mc.yandex.ru http://newfilmz.ru;report-uri /csputik.php 2
default-src 'self' https://www.google-analytics.com www.youtube.com fonts.gstatic.com https://storage.googleapis.com fonts.googleapis.com lh3.googleusercontent.com; base-uri 'none'; object-src 'none'; img-src 'unsafe-inline' 'self' https://storage.googleapis.com lh3.googleusercontent.com https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://s.ytimg.com https://www.google-analytics.com/analytics.js https://www.youtube.com/iframe_api https://www.googletagmanager.com/gtag/js ajax.googleapis.com www.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; 2
default-src http: https: 'unsafe-inline' 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net *.google-analytics.com beacon.errorception.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://cdn.overheat.it https://track.overheat.it https://www.googletagmanager.com https://googleads.g.doubleclick.net; object-src 'self' *.vxcdn.org *.inethoster.org https://vjs.zencdn.net; style-src 'self' 'unsafe-inline' https://optimize.google.com fonts.googleapis.com https://*.disquscdn.com https://*.wowza.com https://track.overheat.it; img-src 'self' *.visit-x.net *.vxcdn.org *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.de https://*.google.ch https://*.google.at data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://track.overheat.it; media-src 'self' *.vxcdn.org *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net; frame-src 'self' https://optimize.google.com https://*.visit-x.net http://*.visit-x.net *.campoints.net https://*.vxcdn.org https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com; child-src 'self' https://*.visit-x.net http://*.visit-x.net *.campoints.net blob:; font-src 'self' *.visit-x.net fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net https://*.visit-x.net https://*.visit-x.tv *.errorception.com *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://s.overheat.it https://track.overheat.it https://latencytimer.azurewebsites.net/api/HttpTriggerJS1; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2
default-src 'self' 'unsafe-inline' s3-eu-west-2.amazonaws.com; connect-src 'self' 'unsafe-inline' search.sainsburys.jobs www.google-analytics.com stats.g.doubleclick.net yoast.com; font-src 'self' 'unsafe-inline' data: https:;frame-src player.vimeo.com; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com doubleclick.net stage-tmp-search.clients.uk.funnelback.com search.sainsburys.jobs maps.googleapis.com; style-src 'self' 'unsafe-inline' f.vimeocdn.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com ajax.googleapis.com secure.quantserve.com www.google-analytics.com platform.twitter.com platform.instagram.com syndication.twitter.com player.ooyala.com linkhelp.clients.google.com cdn.syndication.twimg.com js.gleam.io rules.quantcount.com www.instagram.com ; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com platform.twitter.com ajax.googleapis.com www.teamliquid.net; img-src * data:; media-src *; child-src 'self' www.google.com www.twitch.tv player.twitch.tv clips.twitch.tv www.youtube.com player.ooyala.com giphy.com plays.tv *.twitter.com www.instagram.com gleam.io www.teamliquid.net viewer.autodesk.com open.spotify.com; frame-ancestors 'self'; font-src fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.teamliquid.net; block-all-mixed-content; 2
default-src * https:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; connect-src https: wss://ws5.hotjar.com/; media-src * blob:; 2
default-src 'none'; script-src https: 'self' 'sha256-unawk8oxMjxPG04UXJudRjZPb/aQ/CshgfawzK+tomg='; frame-src 'self' https://player.vimeo.com https://*.pages.infusionsoft.net https://kx344.infusionsoft.com https://3rdmilclassrooms.atlassian.net https://www.facebook.com/; child-src 'self'; connect-src https: 'self'; img-src https: 'self' data:; style-src https: 'self' 'sha256-yKMq2BEzhfBooGspd/gUZ8dgfNc0ImWRRdTP4NLg4Sk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Y6ai26KOs6jiBfB2W6Ib5hdojTZB0+Dc5/pa9UyE+Cg=' 'sha256-AtkzPTuPDnHpL8H5SmAf+64ROXOzJFh/4aXFHMy039I=' 'sha256-dn9ugA46c5czZ7eQEv3ju7W8wJ95gWvqY5eMzzM0I54=' 'sha256-rL5t2ALSOY3ZEc2CqtmOt8izZMqgIbPhKR3RAvKtbNY=' 'sha256-P6P16G2OjZAmvzedPcPaxPG6PVVhCdvW2FWlryoooDU=' 'sha256-MqaZNk7XcsEzgxHS1EmbKVyvTZCt0upYAz/ChRnw434=' 'sha256-QS6hqxR7OTerpDd/4L00/9AjvZdcIyMaG6EYZxzag2g=' 'sha256-qUqV2P6/nDN49TFtx7/+L8n9DkmO7/0Efi4T7bBIN2Y=' 'sha256-7e7JS33BxKUR1zX3YApQdT/HaolhNAuxel9N2G5i4Q8=' 'sha256-uhSL4byw5ai27z2pG0rycp0/iIqxIRJP5VmGXim65ZY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-wCu9EA0cTPVqhm91EuVe/y2Xp3kg0L0kg8UzYtQcZOQ=' 'sha256-CZr12+HDAScA2Lw6+dONsS2zuzu0xqMT42UgrDohGII=' 'sha256-GtAcDfNMtAK5L3ZL1hWm0tKjLLOtAEkl60PvJsVdPpc=' 'sha256-0qAqv94y09xSFsaHfRcSClvV6D1hJSLzTn2gGGUJ5SQ=' 'sha256-0qAqv94y09xSFsaHfRcSClvV6D1hJSLzTn2gGGUJ5SQ=' 'sha256-AJwuK6dCZjyhpNbFsOf0nzNjfVSeoWIITp60TTdd+fE=' 'sha256-RayO1Qclzbx5Q0ItHlQPOF0aEAFq7oBN25tzbjYPdp8='; font-src https: 'self' 2
frame-ancestors https://myota.tradingacademy.com http://myota.tradingacademy.com 2
block-all-mixed-content; report-uri /v1/csplog 2
default-src https: 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com/analytics.js js.stripe.com/v2/ dev-auth.frontstream.com/bundles/FSCookies; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css dev-auth.frontstream.com/bundles/css/fscookies.css 2
form-action 'self' 2
default-src 'self' *.bdasites.com bdasites.com; font-src 'self' *.bdasites.com bdasites.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.bdasites.com bdasites.com ajax.aspnetcdn.com *.google.com fonts.googleapis.com *.sharethis.com; connect-src 'self' *.doubleclick.net www.google-analytics.com *.sharethis.com; img-src * data:; media-src *; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bdasites.com bdasites.com *.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.aspnetcdn.com *.google.com *.googlecode.com *.newrelic.com *.bootstrapcdn.com *.googleapis.com *.sharethis.com invitebox.com urltag.net bam.nr-data.net connect.facebook.net www.gstatic.com 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; frame-ancestors 'self'; form-action *; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer strict-origin-when-cross-origin; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; style-src https: 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' https: data:;frame-ancestors 'self'; 2
default-src 'self'; connect-src 'self' https://forms.foxfilm.com/reg/ https://foxnet.demdex.net; img-src 'self' https://lh3.googleusercontent.com https://www.google.com https://www.google-analytics.com https://*.krxd.net https://rtd.tubemogul.com https://idsync.rlcdn.com https://*.doubleclick.net https://sync-tm.everesttech.net https://www.facebook.com; base-uri 'self'; form-action 'self'; frame-ancestors http://www.foxdigitalhd.com http://www.foxmovies.com https://www.foxmovies.com; object-src 'none'; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com/recaptcha/ https://foxnet.demdex.net https://*.krxd.net; child-src https://www.google.com/recaptcha/ https://foxnet.demdex.net https://*.krxd.net; script-src 'self' 'unsafe-inline' https://www.foxprivacy.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com www.google-analytics.com https://*.krxd.net https://foxnet.demdex.net https://connect.facebook.net https://cdn.segment.com https://tagmanager.google.com; 2
frame-ancestors http://*.bestbuy.com https://*.bestbuy.com http://*.bestbuy.ca https://*.bestbuy.ca https://*.google.com https://*.gstatic.com https://*.adobemc.com https://*.adobe.com 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
default-src *  ;report-uri /xp/CSPReport.ashx  ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:  ;style-src * 'unsafe-inline'  ;connect-src * blob:  ;font-src * data:  ;object-src *  ;img-src * data: blob:  ;media-src * blob:  ;frame-src * data: gsa: ajaxhandler:  ;child-src * blob:  ;worker-src * blob:  ;form-action * javascript:  ;frame-ancestors * 2
frame-ancestors myiuhealth.org myunionhealthportal.org; 2
frame-ancestors 'self' * 2
connect-src 'self' *.racingpost.com wss://*.racingpost.com *.rp-assets.com *.attheraces.com *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.facebook.com *.twitter.com *.youtube.com *.instagram.com *.cdninstagram.com *.tumblr.com *.scribblelive.com *.mppglobal.com *.segment.io *.mixpanel.com *.optimizely.com *.cloudfront.net *.akamaihd.net https://api.swiftype.com https://api.ladbrokes.com https://appcues.firebaseio.com https://securepubads.g.doubleclick.net https://capture.trackjs.com https://app.satismeter.com *.zdassets.com *.zendesk.com https://static.criteo.net https://sslwidget.criteo.com https://racingpost.zendesk.com *.secure.footprint.net https://storify.com https://static.chartbeat.com https://mab.chartbeat.com *.appcues.com *.ytimg.com *.oembed.com *.fyre.co wss://api.appcues.net https://app.getsentry.com;default-src 'self' blob: *.googlesyndication.com;font-src 'self' *.racingpost.com *.rp-assets.com *.gstatic.com *.fontawesome.com *.facebook.com *.youtube.com *.tumblr.com *.instagram.com *.cdninstagram.com *.ytimg.com *.oembed.com;frame-ancestors *.rp-assets.com *.racingpost.com;frame-src 'self' *.racingpost.com *.rp-assets.com https://www.stallionbook.co.uk https://mickchannon.tv *.facebook.com *.twitter.com *.youtube.com *.soundcloud.com *.audioboom.com *.mppglobal.com *.scribblelive.com *.qzzr.com *.bluekai.com *.cookiebot.com https://dis.eu.criteo.com *.paddypower.com *.paddypower.mobi *.coral.co.uk *.ladbrokescoral.com *.ladbrokes.com *.bet365.com *.williamhill.com *.googlesyndication.com *.doubleclick.net *.filepicker.io https://s0.2mdn.net https://secure.safecharge.com https://static.chartbeat.com https://assets.zendesk.com https://my.appcues.com https://publisherconsole.appspot.com https://ssum-sec.casalemedia.com/;img-src 'self' data: blob: *.racingpost.com *.rp-assets.com *.google.com *.google.co.uk *.google.bg *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.gstatic.com *.googleapis.com *.trackjs.com *.facebook.com *.twitter.com *.youtube.com *.instagram.com *.cdninstagram.com *.tumblr.com *.amazonaws.com *.cloudfront.net *.lytics.io *.ladbrokes.com https://cc.swiftype.com https://www.stallionbook.co.uk https://secure.gravatar.com *.scribblelive.com https://pixel.advertising.com https://match.adsrvr.org *.adroll.com *.bidswitch.net *.rfihub.com *.ytimg.com *.oembed.com *.twimg.com *.wp.com *.2mdn.net https://storify.com *.myvisualiq.net https://trck.spoteffects.net https://pixel.quantserve.com https://reva.miss.imgeng.in https://ping.chartbeat.net *.crazyegg.com/ https://vulpix.appcues.com https://res.cloudinary.com http://image.racingpost-email.com https://racingpost.zendesk.com https://atpixel.alephd.com/post_adtech https://ib.adnxs.com/getuid https://sync-tm.everesttech.net https://adserver.adtech.de https://*.adnxs.com https://*.criteo.com https://*.adtechus.com https://*.alephd.com;media-src 'self' blob: *.scribblelive.com *.tumblr.com *.facebook.com *.youtube.com *.ytimg.com *.oembed.com *.instagram.com *.cdninstagram.com *.amazonaws.com *.attheraces.com *.secure.footprint.net *.akamaihd.net;object-src 'self' *.googlesyndication.com *.facebook.com *.youtube.com *.instagram.com *.cdninstagram.com *.tumblr.com *.ytimg.com *.oembed.com;prefetch-src *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.racingpost.com *.rp-assets.com https://www.stallionbook.co.uk *.google.com *.google.co.uk *.google.bg *.googleadservices.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com https://cdn.ampproject.org *.segment.io *.segment.com https://cdn.mxpnl.com *.lytics.io *.akamaihd.net *.cookiebot.com *.scribblelive.com https://cdn.trackjs.com https://s.swiftypecdn.com *.zdassets.com *.facebook.net *.facebook.com *.tumblr.com *.twitter.com *.youtube.com *.instagram.com *.cdninstagram.com *.oembed.com *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com *.doubleclick.net https://q.adrta.com/aa.js https://tags.adzip.co *.adtech.de *.adroll.com https://devcms.bgt.ag https://js-agent.newrelic.com https://s0.2mdn.net https://bam.nr-data.net https://fast.appcues.com https://assets.zendesk.com https://cdnjs.cloudflare.com https://api.appcues.net https://static.chartbeat.com https://api.filepicker.io https://publisherconsole.appspot.com https://trck.spoteffects.net https://fresh8.co *.crazyegg.com https://c.lytics.io https://s3.amazonaws.com/scripts.hellobar.com/ https://tags.bkrtx.com/js/bk-coretag.js https://app.satismeter.com/satismeter.js https://adserver-eu.adtech.advertising.com https://*.adnxs.com https://*.criteo.com https://*.adtechus.com https://*.alephd.com https://*.betrad.com https://*.moatads.com;style-src 'self' 'unsafe-inline' blob: *.rp-assets.com https://www.stallionbook.co.uk *.facebook.com *.twitter.com *.youtube.com *.instagram.com *.cdninstagram.com *.tumblr.com *.fontawesome.com *.scribblelive.com *.google.com *.googleapis.com *.cloudfront.net https://c.lytics.io *.twimg.com *.oembed.com *.ytimg.com *.appcues.com https://fast.appcues.com https://s3.amazonaws.com/preview-ui/ 2
base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src *; frame-ancestors 'self' 2
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' share.pluso.ru *.popol.ru *.adonweb.ru *.smaclick.com faggrim.com *.pay-click.ru jsc.dt00.net *.marketgid.com *.ok.ru vk.com https://vk.com mc.yandex.ru clck.yandex.ru yandex.st www.google-analytics.com https://www.google-analytics.com www.gstatic.com pagead2.googlesyndication.com https://pagead2.googlesyndication.com; frame-src 'self' *.ok.ru vk.com https://vk.com https://login.vk.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net mc.yandex.ru www.youtube.com; connect-src 'self' jsc.dt00.net *.marketgid.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com; report-uri /csp.php; 2
script-src 'unsafe-inline' 'self' ajax.googleapis.com apis.google.com cdnjs.cloudflare.com; object-src 'self' 2
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 2
default-src https: http: 'unsafe-inline' 'unsafe-eval' 2
child-src * blob: 2
default-src * data: blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.g.doubleclick.net *.marketo.com *.marketo.net *.wistia.com *.sendsafely.com *.livechatinc.com *.instagram.com *.facebook.net sc-static.net *.mktoresp.com *.serving-sys.com snapwidget.com *.youtube.com *.ytimg.com *.licdn.com *.bizographics.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.marketo.com *.fontawesome.com; img-src * data:; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.marketo.com *.wistia.com *.akamaihd.net *.litix.io *.mktoresp.com *.facebook.net *.g.doubleclick.net; upgrade-insecure-requests; 2
default-src 'unsafe-eval' 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; connect-src *; font-src * data: 2
default-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca; style-src 'self' 'unsafe-inline' www.baindepot.com www.bathdepot.com www.bathdepot.ca maxcdn.bootstrapcdn.com fonts.googleapis.com *.heatmap.it; script-src 'self' 'unsafe-inline' www.baindepot.com www.bathdepot.com www.bathdepot.ca 'unsafe-eval' www.googleadservices.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com t.trackedlink.net www.google-analytics.com maps.googleapis.com s7.addthis.com m.addthisedge.com m.addthis.com widgets.pinterest.com assets.pinterest.com graph.facebook.com *.signifyd.com *.trackedlink.net *.heatmap.it; font-src 'self' data: www.baindepot.com www.bathdepot.com www.bathdepot.ca maxcdn.bootstrapcdn.com fonts.gstatic.com *.heatmap.it; img-src 'self' data: blob: www.baindepot.com www.bathdepot.com www.bathdepot.ca www.google.com www.google.ca www.facebook.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.googletagmanager.com googleads.g.doubleclick.net imgs.signifyd.com *.addthis.com *.pinterest.com *.online-metrix.net *.abmr.net m.addthis.com *.paypalobjects.com www.paypalobjects.com r1-t.trackedlink.net online.swagger.io *.heatmap.it *.trackedlink.net; frame-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca bid.g.doubleclick.net s7.addthis.com www.houzz.com www.facebook.com connect.facebook.net imgs.signifyd.com *.moneris.com assets.pinterest.com tpc.googlesyndication.com www.google.ca googleads.g.doubleclick.net www.google.com www3.moneris.com *.youtube.com *.heatmap.it heatmap.it *.trackedlink.net; connect-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca www.google-analytics.com www.googleadservices.com www.google.com www.google.ca stats.g.doubleclick.net s7.addthis.com m.addthis.com *.facebook.com; report-uri /csp-test.php; 2
frame-ancestors 'self' https://*.eluniverso.com http://*.eluniverso.com https://*.ampproject.net http://*.2mdn.net https://*.2mdn.net 2
img-src 'self'; 2
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 2
default-src http: https: data 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.jobs.cz https://my.teamio.com https://*.facebook.com https://*.kurzy.cz; 2
default-src * data: blob:; script-src 'self' data: http: https: *.honlapbirodalom.hu *.twitter.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.googleadservices.com *.getsmartlook.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: *.honlapbirodalom.hu *.gstatic.com *.googleapis.com *.google.com *.cdn.mozilla.net 'unsafe-inline' data: blob:; connect-src 'self' *; 2
script-src: 'self' 2
default-src https: 'unsafe-inline' images.zmaildirect.com data: 'unsafe-eval' 2
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 2
default-src 'none'; img-src * data:; media-src * mp4:; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2zkrhcchwordv.cloudfront.net *.typekit.net code.jquery.com connect.facebook.net *.addthis.com *.google-analytics.com google-analytics.com *.google.com *.gstatic.com *.addthisedge.com; style-src 'self' 'unsafe-inline' d2zkrhcchwordv.cloudfront.net *.typekit.net fonts.googleapis.com; object-src *.flowplayer.org; frame-src 'self' d2zkrhcchwordv.cloudfront.net *.facebook.com *.facebook.net *.google.com *.addthis.com *.linkedin.com static.licdn.com; connect-src 'self' *.addthis.com *.typekit.net *.google-analytics.com google-analytics.com stats.g.doubleclick.net; font-src 'self' *.typekit.net d2zkrhcchwordv.cloudfront.net fonts.gstatic.com fonts.googleapis.com 2
frame-ancestors 'self' http://www.roedl.de/ http://www.roedl.com/ https://www.roedl.de/ https://www.roedl.com/ https://test-sp.roedl.com/ https://test-sp.roedl.de/ http://archive.erikdreyer.de/  http://www.roedl.de:10006/ https://www.roedl.de:10006/; 2
base-uri 'self';  connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google.com http://*.baidu.com https://*.bdstatic.com; media-src 'self' data: about:;  report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com https://*.google.com https://*.googleapis.com https://*.baidu.com https://*.bdstatic.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googleapis.com https://*.googleapis.com https://api.map.baidu.com; 2
default-src * 'unsafe-inline' 'unsafe-eval' data: *.floro.nl; frame-ancestors 'self' *.floro.nl 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src http: https: intellyexplorer:; img-src * data:; 2
frame-ancestors 'none'; object-src 'none' 2
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' http: https:; connect-src 'self'; img-src 'self' http://www.ceodelhi.nic.in http://ceodelhi.nic.in/ceodelhi/; style-src 'self' 'unsafe-inline';frame-src 'self';object-src 'self';  base-uri 'self' 2
frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 2
script-src https: 'self' 'unsafe-inline' 'unsafe-eval' www.google.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com www.gstatic.com fonts.gstatic.com www.google-analytics.com docs.google.com www.googletagmanager.com www.googleadservices.com ajax.cloudflare.com connect.facebook.net 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ 2
report-uri /csp-violation-reporting-endpoint; report-to /csp-violation-reporting-endpoint; upgrade-insecure-requests 2
frame-ancestors *.qionline.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
default-src 'self' dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self'  2
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 2
default-src 'self' https://cdn.zp.ru https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.zarplata.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru  data: https://i.giphy.com https://media.giphy.com  https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com  https://gum.criteo.com  https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://supportzarplata.zendesk.com  avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net ; child-src 'self' *.zarplata.ru *.zarplata.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://yastatic.net https://www.youtube.com https://reklama.ngs.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.ngs.ru; script-src 'self' https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.ngs.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net  https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com https://cdn.onesignal.com https://onesignal.com https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://connect.facebook.net https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data: https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src  'self' https://www.zarplata.ru https://auth.zarplata.ru https://www.zarplata.ru https://auth.zarplata.ru https://top-fwz1.mail.ru https://pay.zarplata.ru https://api.zp.ru https://stat.zp.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://ngsrabota.kz ws://kek.zp.ru https://sentry.zp.ru/ https://vk.com/rtrg  https://onesignal.com https://supportzarplata.zendesk.com  https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com an.yandex.ru mc.yandex.ru yandex.st yastatic.net ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; report-uri https://publiczpru.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 2
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 2
frame-ancestors 'self' weleda.sabio.de 2
default-src 'self' *.adsrvr.org *.vmmpxl.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com fast.fonts.net *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.lobbytools.com *.boldchat.com code.jquery.com nextpatient.co www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com maps.googleapis.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com *.cloudfront.net www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com i.simpli.fi secure.adnxs.com e.issuu.com storify.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish bbox.blackbaudhosting.com bbox.blackbaudhosting.com *.adroll.com *.optimizely.com bbox.blackbaudhosting.com bbox.blackbaudhosting.com widget.surveymonkey.com widget.surveymonkey.com www.google.com www.gstatic.com *.instagram.com ajax.googleapis.com *.yelp.com *.yelpcdn.com *.twitter.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com www.tintup.com *.twitter.com *.npgvan.com *.tintup.com *.twimg.com *.ngpvan.com *.gstatic.com *.sitomobile.com *.vmmpxl.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co nextpatient.co *.luckyorange.com *.luckyorange.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish *.optimizely.com *.everyaction.com *.myngp.com; img-src 'self' 'unsafe-inline' data: *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com *.doubleclick.net l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net *.doubleclick.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.paypalobjects.com *.phreesia.com *.userzoom.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.cloudfront.net *.sitomobile.com *.adsrvr.org *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; frame-src 'self' *.adsrvr.org *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com storify.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com bbox.blackbaudhosting.com *.optimizely.com *.optimizely.com *.optimizely.com surveymonkey.com *.surveymonkey.com *.nomotraplaws.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *.yandex.net *.yandex.ru https://*.yandex.net https://*.yandex.ru; frame-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-eval' *.yandex.ru https://*.yandex.ru; connect-src 'self' *.yandex.ru https://*.yandex.ru; 2
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://vmeste.eu https://ulogin.ru/js/ulogin.js 2
default-src 'self' https://www.rulla-vidare.se https://*.rulla-vidare.se https://www.fordforsakring.se https://www.isuzuforsakring.se https://*.isuzuforsakring.se https://www.subaruforsakring.se https://*.subaruforsakring.se https://*.fordforsakring.se https://www.opelforsakring.se https://*.opelforsakring.se https://www.nissanforsakring.se https://*.nissanforsakring.se https://www.saabforsakring.se https://*.saabforsakring.se; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ifhelp2015.azurewebsites.net http://js.revsci.net https://st.if.eu https://*.bravi.if.eu https://ifhelp2015eu.herokuapp.com https://volviasverige.fbinhouse.se https://cdn.jsdelivr.net https://*.fls.doubleclick.net https://cdn.datatables.net https://az416426.vo.msecnd.net https://claims-chat-bot-web.azurewebsites.net https://claims-chat-bot-web-test.azurewebsites.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://st-test.if.eu https://skodabilforsakring.se https://*.skodabilforsakring.se https://www.renaultforsakring.se https://*.renaultforsakring.se http://bmworiginalforsakring.se http://*.bmworiginalforsakring.se https://volvia.se https://audibilforsakring.se https://*.audibilforsakring.se https://seatbilforsakring.se https://*.seatbilforsakring.se https://*.volvia.se https://www.minioriginalforsakring.se https://*.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://*.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://*.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://*.daciaforsakring.se https://www.porschebilforsakring.se https://*.porschebilforsakring.se https://www.mercedes-benzforsakring.se https://*.mercedes-benzforsakring.se https://www.kiabilforsakring.com https://*.kiabilforsakring.com https://bravi-cdn-itest.azureedge.net https://bravi-cdn-atest.azureedge.net https://bravi-cdn-stest.azureedge.net https://bravi-cdn.azureedge.net http://dev.visualwebsiteoptimizer.com; connect-src https://*.bravi.if.eu https://www.rulla-vidare.se https://www.saabforsakring.se https://www.nissanforsakring.se https://www.opelforsakring.se https://www.fordforsakring.se https://www.isuzuforsakring.se https://www.subaruforsakring.se https://ifhelp2015.azurewebsites.net https://st.if.eu https://*.azurewebsites.net http://js.revsci.net https://volviasverige.fbinhouse.se https://cdn.jsdelivr.net https://ifhelp2015eu.herokuapp.com https://chat.puzzel.com wss://directline.botframework.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://directline.botframework.com https://*.api.if.eu https://*.prod.bravi.if.eu https://*.itest.bravi.if.eu https://*.stest.bravi.if.eu https://*.atest.bravi.if.eu wss://*.prod.bravi.if.eu wss://*.itest.bravi.if.eu wss://*.stest.bravi.if.eu wss://*.atest.bravi.if.eu https://bravi-cms-itest-edit.azurewebsites.net wss://bravi-cms-itest-edit.azurewebsites.net https://maxcdn.bootstrapcdn.com https://st-test.if.eu https://skodabilforsakring.se https://*.skodabilforsakring.se https://www.renaultforsakring.se https://*.renaultforsakring.se http://bmworiginalforsakring.se http://*.bmworiginalforsakring.se https://volvia.se https://*.volvia.se https://audibilforsakring.se https://*.audibilforsakring.se https://seatbilforsakring.se https://*.seatbilforsakring.se https://www.minioriginalforsakring.se https://*.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://*.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://*.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://*.daciaforsakring.se https://www.porschebilforsakring.se https://*.porschebilforsakring.se https://www.mercedes-benzforsakring.se https://*.mercedes-benzforsakring.se https://www.kiabilforsakring.com https://*.kiabilforsakring.com http://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bravi.if.eu https://ifhelp2015.azurewebsites.net https://ifhelp2015eu.herokuapp.com https://fonts.googleapis.com https://volviasverige.fbinhouse.se https://cdn.datatables.net https://*.azurewebsites.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://skodabilforsakring.se https://*.skodabilforsakring.se https://www.renaultforsakring.se https://*.renaultforsakring.se https://code.jquery.com http://bmworiginalforsakring.se http://*.bmworiginalforsakring.se https://volvia.se https://*.volvia.se https://audibilforsakring.se https://*.audibilforsakring.se https://seatbilforsakring.se https://*.seatbilforsakring.se https://www.minioriginalforsakring.se https://*.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://*.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://*.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://*.daciaforsakring.se https://www.porschebilforsakring.se https://*.porschebilforsakring.se https://www.mercedes-benzforsakring.se https://*.mercedes-benzforsakring.se https://www.kiabilforsakring.com https://*.kiabilforsakring.com https://bravi-cdn-itest.azureedge.net https://bravi-cdn-stest.azureedge.net https://bravi-cdn-atest.azureedge.net https://bravi-cdn.azureedge.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bravi.if.eu https://ifhelp2015.azurewebsites.net https://claims-chat-bot-web.azurewebsites.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.datatables.net https://*.azurewebsites.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://skodabilforsakring.se https://*.skodabilforsakring.se https://www.renaultforsakring.se https://*.renaultforsakring.se http://bmworiginalforsakring.se http://*.bmworiginalforsakring.se https://volvia.se https://*.volvia.se https://audibilforsakring.se https://*.audibilforsakring.se https://seatbilforsakring.se https://*.seatbilforsakring.se https://www.minioriginalforsakring.se https://*.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://*.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://*.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://*.daciaforsakring.se https://www.porschebilforsakring.se https://*.porschebilforsakring.se https://*.fbinhouse.se https://www.mercedes-benzforsakring.se https://*.mercedes-benzforsakring.se https://www.kiabilforsakring.com https://*.kiabilforsakring.com https://bravi-cdn-itest.azureedge.net https://bravi-cdn-atest.azureedge.net https://bravi-cdn-stest.azureedge.net https://bravi-cdn.azureedge.net; img-src 'self' https://*.bravi.if.eu https://ifhelp2015eu.herokuapp.com https://ifhelp2015.azurewebsites.net https://static.fbinhouse.se https://volviasverige.fbinhouse.se https://skodabilforsakring.se https://www.renaultforsakring.se https://*.azurewebsites.net https://*.skodabilforsakring.se https://*.renaultforsakring.se http://bmworiginalforsakring.se http://*.bmworiginalforsakring.se https://audibilforsakring.se https://*.audibilforsakring.se https://seatbilforsakring.se https://*.seatbilforsakring.se https://volvia.se https://*.volvia.se https://www.minioriginalforsakring.se https://*.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://*.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://*.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://*.daciaforsakring.se https://www.porschebilforsakring.se https://*.porschebilforsakring.se https://www.mercedes-benzforsakring.se https://*.mercedes-benzforsakring.se https://www.kiabilforsakring.com https://*.kiabilforsakring.com https://bravi-cdn-itest.azureedge.net https://bravi-cdn-atest.azureedge.net https://bravi-cdn-stest.azureedge.net https://bravi-cdn.azureedge.net http://dev.visualwebsiteoptimizer.com data:; frame-src 'unsafe-inline' 'unsafe-eval' https://*.fls.doubleclick.net https://ifhelp2015.azurewebsites.net https://*.bravi.if.eu https://*.youtube.com https://www.renaultforsakring.se https://www.skodabilforsakring.se http://bmworiginalforsakring.se https://volvia.se https://audibilforsakring.se https://seatbilforsakring.se https://www.minioriginalforsakring.se https://www.volkswagenbilforsakring.se https://www.volkswagentransportbilarforsakring.se https://www.daciaforsakring.se https://www.porschebilforsakring.se https://www.mercedes-benzforsakring.se https://www.kiabilforsakring.com 2
frame-ancestors 'self' https://*.facebook.com https://*.ups.com, frame-ancestors 'self' https://*.facebook.com https://*.ups.com 2
default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'  data:;style-src  'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com;frame-src *.youtube.com app.readspeaker.com  rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 2
frame-ancestors ad.admitad.com webvisor.com 2
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src *;connect-src *;media-src * blob:;worker-src * blob:; 2
default-src 'self'; img-src 'self' http omronhealthcare.la  https www.google-analytics.com https stats.g.doubleclick.net https *.smartsupp.co https *.facebook.com https *.twitter.com https *.gstatic.com https: *.googleapis.com; style-src 'self' 'unsafe-inline' https smartsupp-widget-161959.c.cdn77.org https: *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: maps.googleapis.com https: *.googletagmanager.com https: *.doubleclick.net https: *.smartsuppchat.com; frame-src 'self' https: youtube.com *.smartsuppchat.com; connect-src 'self'  https: wss: *.smartsupp.com; font-src 'self' https: smartsupp-widget-161959.c.cdn77.org; media-src 'self' https: smartsupp-widget-161959.c.cdn77.org; frame-ancestors 'self' https://*.facebook.com 2
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com; report-uri /report-csp-violation 2
frame-ancestors 'self' webvisor.com; 2
default-src 'self'; child-src 'self' https://www.youtube.com https://player.vimeo.com; connect-src 'self' https://www.ocimf-mtis.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.ocimf-ovid.org https://www.youtube.com https://player.vimeo.com;  img-src 'self' data: lib.ocimf.org https://csi.gstatic.com https://gallery.mailchimp.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://code.jquery.com/ https://*.list-manage.com https://maps.googleapis.com https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 2
frame-src 'self' https://www.google.com https://widget.cloudpayments.ru; 2
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com 2
default-src https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval';
 script-src https://connect.facebook.net https://googleadservices.com https://api-maps.yandex.ru https://mc.yandex.ru https://top-fwz1.mail.ru https://www.googleadservices.com https://www.google-analytics.com https://*.maps.yandex.net https://*.yandex.ru https://vk.com https://connect.facebook.net https://web.chat2desk.com https://*.chat2desk.com https://top-fwz1.mail.ru https://cdn.jsdelivr.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.carrotquest.io https://tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval';
 style-src data: https://livechat.chat2desk.com https://yandex.ru https://tagmanager.google.com https://fonts.googleapis.com https://web.chat2desk.com https://cdn.jsdelivr.net 'self' 'unsafe-inline';
 img-src data: https://www.google.co.uk https://login.vk.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://*.yandex.ru https://*.yandex.net https://stats.g.doubleclick.net https://*.facebook.com https://*.mail.ru https://*.chat2desk.com https://vk.com https://*.vk.ru https://*.google.com https://*.google.ru 'self';
 worker-src https://*.yandex.ru https://3d.sviaz-bank.ru https://*.doubleclick.net https://*.facebook.net https: 'self';
 frame-src https://3d.sviaz-bank.ru https://ibtst.sviaz-bank.ru http://ibtst.sviaz-bank.ru https: 'self';
 frame-ancestors https://3d.sviaz-bank.ru https://ibtst.sviaz-bank.ru http://ibtst.sviaz-bank.ru https: 'self';
 font-src https://cdn.carrotquest.io https://*.gstatic.com https://*.mail.ru https://*.chat2desk.com 'self';
 connect-src https://api.carrotquest.io https://*.yandex.ru https://yandex.ru https://*.chat2desk.com https://*.mail.ru https://go.mail.ru https://googleads.g.doubleclick.net https://www.google.com https://www.google.ru https://suggestions.dadata.ru wss://livechat.chat2desk.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self';
 object-src 'self';
 media-src 'self';
 report-uri /csp/report.php; 2
default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 2
script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 2
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; frame-src www.youtube-nocookie.com; 2
frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; connect-src https: wss:; font-src https: data:; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: blob: ; base-uri 'self'; 2
frame-ancestors 'self' *.riddell.com; 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2
frame-ancestors 'self' http://hied.com http://*.hied.com http://journeyed.com http://*.journeyed.com http://store.hied.com store.hied.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
default-src 'self'  data: blob:;                                                                     img-src 'self' 'unsafe-inline' data: blob:                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.youtube.com/                          https://youtube.com/                      https://t.ssl.ak.dynamic.tiles.virtualearth.net/                                                                             https://syndication.twitter.com/                                                                             https://platform.twitter.com/css/                                                                             https://abs.twimg.com/emoji/                                                                             https://pbs.twimg.com/profile_images/                                                                             https://pbs.twimg.com/media/                                                                             ;                                                                      script-src 'self' 'unsafe-inline' 'unsafe-eval'                                                                              https://www.google.com/recaptcha/                                                                              https://www.gstatic.com/recaptcha/                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                                              https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                           https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://platform.twitter.com/widgets.js                                                                             https://platform.twitter.com/js/                                                                             https://cdn.syndication.twimg.com/timeline/                                                                             ;                                                                     child-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                                                                              ;                                                                     frame-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://dev.virtualearth.net/webservices/                                                                             https://t.ssl.ak.dynamic.tiles.virtualearth.net/comp/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                                                                             ;                                                                     style-src 'self' 'unsafe-inline'                                                                              https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                                                                             https://platform.twitter.com/css/                                                                             ;                                                                     connect-src 'self'                                                                             https://www.bing.com/maps/                                                                             https://www.bing.com/fd/ls/                                                                          2
upgrade-insecure-requests; default-src * data: 'unsafe-eval' 'unsafe-inline' 2
frame-ancestors 'self' *.alamode.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://orders.mccrev.com https://www.googletagmanager.com https://ajax.googleapis.com https://ajax.aspnetcdn.com https://www.statcounter.com https://www.google-analytics.com https://player.vimeo.com https://connect.facebook.net 2
frame-ancestors webvisor.com 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
frame-ancestors 'self' *.mrsfields.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com pym.nprapps.org *.marketo.com *.cloudflare.com www.google-analytics.com cdn.optimizely.com www.bugherd.com sjrtp4-cdn.marketo.com www.googletagmanager.com cdn.callrail.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.marketo.com app.callrail.com p.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com maps.googleapis.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu video.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.bootstrapcdn.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.google.com; object-src 'self' assets.delvenetworks.com *.delvenetworks.com video.limelight.com assets.delvenetworks.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.ajax.googleapis.com ajax.googleapis.com *.marketo.com rtp-static.marketo.com *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.google.com; img-src 'self' media.npr.org data: *.google-analytics.com *.g.doubleclick.net *.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com; frame-src 'self' *.marketo.com cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com googleads.g.doubleclick.net *.google.com; font-src 'self' data: *.joinhoney.com themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' *.serving-sys.com 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.googleadservices.com *.clickdimensions.com *.facebook.net *.tctm.co cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com 2
upgrade-insecure-requests; default-src 'self'; media-src 'self' android-webview-video-poster js.intercomcdn.com; child-src 'self' data: *.nodecraft.com piwik.nodecraft.com accounts.google.com content.googleapis.com drive.google.com docs.google.com www.youtube.com youtube.com platform.twitter.com syndication.twitter.com staticxx.facebook.com connect.facebook.net www.facebook.com web.facebook.com js.stripe.com www.google.com widget.trustpilot.com disqus.com/embed/comments/ disqus.com/home/ share.intercom.io intercom-sheets.com player.vimeo.com widget.canny.io; script-src 'self' 'nonce-tracking' *.nodecraft.com:* piwik.nodecraft.com ajax.cloudflare.com apis.google.com www.google-analytics.com js.live.net www.dropbox.com ajax.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ platform.twitter.com cdn.syndication.twimg.com js.stripe.com connect.facebook.net static.filestackapi.com *.sentry.io widget.trustpilot.com nodecraft.disqus.com c.disquscdn.com disqus.com/next/ cdn.ringcaptcha.com app.intercom.io widget.intercom.io js.intercomcdn.com nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io canny.io cdn.ampproject.org; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com www.gstatic.com static.filestackapi.com platform.twitter.com ton.twimg.com cdn.ringcaptcha.com a.disquscdn.com c.disquscdn.com; font-src 'self' themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com cdn.ringcaptcha.com js.intercomcdn.com; connect-src 'self' blob: wss://nodecraft.com wss://*.nodecraft.com:* *.nodecraft.com:* www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com graph.microsoft.com api.stripe.com *.sentry.io sentry.io app.getsentry.com nodecraft.report-uri.com *.filestackapi.com cdn.filestackcontent.com s3.amazonaws.com cdn.ringcaptcha.com api.ringcaptcha.com api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com js.intercomcdn.com wss://realtime.services.disqus.com; img-src 'self' data: blob: data: blob: filesystem android-webview-video-poster www.google-analytics.com ssl.google-analytics.com s3.nodecraft.com filepicker.nodecraft.com s3.amazonaws.com/filepicker.nodecraft.com/* piwik.nodecraft.com crafatar.com csi.gstatic.com maps.gstatic.com www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com syndication.twitter.com platform.twitter.com pbs.twimg.com ton.twimg.com www.facebook.com web.facebook.com/ maps.googleapis.com *.sentry.io sentry.io cloud.filestackapi.com static.filestackapi.com cdn.filestackcontent.com a.disquscdn.com c.disquscdn.com referrer.disqus.com/juggler/stat.gif i.ytimg.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com uploads.intercom-mail-200.com cdn.ringcaptcha.com; object-src 'self' www.youtube.com; base-uri 'self'; report-uri https://nodecraft.report-uri.com/r/d/csp/enforce 2
default-src 'self' https://fp-temp.atlasnetworks.com https://fast.fonts.net https://www.youtube.com https://sunera-stage.largeinc.com http://focal-point.com https://focal-point.com https://sunera.com https://www.sunera.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://t.hs-growth-metrics.com https://www.linkedin.com https://www.googleapis.com https://px.ads.linkedin.com https://sjs.bizographics.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://static.ads-twitter.com https://js.usemessages.com https://js.usemessages.com https://www.googleadservices.com https://forms.hsforms.com https://forms.hubspot.com https://js.hsforms.net https://api.usemessages.com https://cdn2.hubspot.net https://e.infogr.am https://js.hsleadflows.net https://js.hscollectedforms.net https://cta-service-cms2.hubspot.com https://js.hscta.net https://js.leadin.com https://js.hs-analytics.net https://js.hs-scripts.com https://s.ytimg.com https://fast.fonts.net https://www.youtube.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googletagmanager.com; img-src 'self' data: https://fp-temp.atlasnetworks.com https://www.google.com https://t.co https://track.hubspot.com https://cdn2.hubspot.net https://no-cache.hubspot.com https://fast.fonts.net https://www.youtube.com http://sunera-stage.largeinc.com http://focal-point.com https://focal-point.com https://scontent.cdninstagram.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://sunera-stage.largeinc.com/ https://syndication.twitter.com/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fast.fonts.net https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com https://fonts.gstatic.com  https://themes.googleusercontent.com https://assets.zendesk.com; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://themes.googleusercontent.com https://fonts.gstatic.com data: ; child-src 'self' https://syndication.twitter.com https://platform.twitter.com https://forms.hsforms.com https://app.hubspot.com https://forms.hubspot.com https://bid.g.doubleclick.net https://e.infogr.am https://careers-focalpoint.icims.com https://www.youtube.com https://player.vimeo.com/ https://suneracareers-sunera.icims.com/; object-src 'self' https://sunera-stage.largeinc.com http://focal-point.com https://focal-point.com https://sunera.com/; connect-src https://focal-point.com/_ajax_dispatch/instagram_posts https://focal-point.com/_ajax_dispatch/latest_tweets https://api.hubspot.com https://forms.hubspot.com https://js.leadin.com https://fast.fonts.net https://www.youtube.com http://focal-point.com https://focal-point.com https://sunera-stage.largeinc.com https://sunera.com https://www.sunera.com; 2
default-src 'self' data:       https://*.greendot.com       https://*.typekit.net       https://*.typekit.com       https://*.vimeo.com       https://vimeo.com         https://*.tt.omtrdc.net       https://fast.wistia.com       https://distillery.wistia.com       https://pipedream.wistia.com       https://fg8vvsvnieiv3ej16jby.litix.io       https://embedwistia-a.akamaihd.net       https://s19750.pcdn.co       https://ds.reson8.com       https://19750-presscdn-0-90-pagely.net       https://*.netdna-ssl.com       https://*.pressdns.com       blob: https://*.greendot.com;           img-src 'self' data:       https://*.google-analytics.com       https://*.typekit.net       https://*.greendot.com       https://ds.reson8.com       https://*.facebook.net       https://*.facebook.com         https://a.mediashower.com       https://fast.wistia.com       https://embedwistia-a.akamaihd.net       https://s17451.pcdn.co       https://s19750.pcdn.co       https://19750-presscdn-0-90-pagely.net       https://*.netdna-ssl.com       https://*.doubleclick.net;           child-src 'self'       https://*.google.com       https://*.cdn-gdc.com       https://player.vimeo.com       https://*.facebook.net         https://s7.addthis.com       https://fast.wistia.com       https://ds.reson8.com;           style-src 'self' 'unsafe-inline' 'unsafe-eval'       https://*.greendot.com       https://*.typekit.com       https://*.typekit.net         https://mediashower.com       https://s17451.pcdn.co       https://s19750.pcdn.co       https://19750-presscdn-0-90-pagely.net       https://*.netdna-ssl.com       https://*.ionicframework.com       https://*.googleapis.com;           script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://*.greendot.com       https://*.typekit.com       https://*.typekit.net       https://*.google-analytics.com       https://*.googleapis.com       https://*.googleadservices.com       https://*.tt.omtrdc.net       https://*.vimeo.com       https://*.facebook.net         https://graph.facebook.com       https://a.mediashower.com       https://mediashower.com       https://fast.wistia.com       https://s17451.pcdn.co       https://s19750.pcdn.co       https://19750-presscdn-0-90-pagely.net       https://*.netdna-ssl.com       https://*.addthis.com       https://*.adobedtm.com;           font-src 'self' data:       https://*.typekit.com       https://*.typekit.net         https://go.greendot.com       https://s17451.pcdn.co       https://s19750.pcdn.co       https://*.gstatic.com       https://*.ionicframework.com       https://19750-presscdn-0-90-pagely.netdna-ssl.com; 2
default-src 'self' gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com data:; script-src 'self' https://assets.adobedtm.com https://*.gsam.com https://*.gs.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline' data:; object-src 'self'; child-src gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self' https://t2.jiji.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' * data:; style-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline'; 2
font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 2
base-uri  'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' data: 'unsafe-inline' https: *; 2
default-src https: 'unsafe-eval' 'unsafe-inline';img-src data: https:;font-src data: https: 2
frame-ancestors 'self' http://www.thetrumpet.co.uk 2
default-src 'self'; script-src www.gstatic.com/recaptcha/ 'self'; style-src fonts.googleapis.com 'self' 'sha256-iMbfIl026a3hU9JB6saaN3uk/3Rx9gs0L6Tz4YqwB/U=' 'sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI=' 'sha256-2LsQpejoyTLfBAE8bzIvpZiyalNp3uIriW3eZ05/XRc=' 'sha256-z13xZFicl6R9QRHojSOYCaiZ0cPoryx64eTOYVxDJcc=' 'sha256-Dw+nEIMo6ZxQ5ANFTlziuwIazETJSR93dlLhc/ZmdFM=' 'sha256-KyXOXU+mAYnno10L2y3up3gcjEVEyOE5kRhyYkHzAN4=' 'sha256-iaUijXtQB6aw66a0r6T/S9fCcl+9m1qubq5IPzcjNEc=' 'sha256-1AHI/uCdFfZHniVm3G62gJi0tTa6YM9LeT0JFa85qKw='; font-src fonts.gstatic.com 'self' data:; report-uri /csp.php; report-to lbsc; 2
default-src 'self' *.learningtree.com *.learningtree.ca *.learningtree.co.uk *.learningtree.se js.calltrk.com     *.hotjar.com www.facebook.com prezi.com www.youtube.com *.reembed.com privacyportal.onetrust.com www.google-analytics.com www.google.com www.google.se;          font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.reembed.com;          frame-ancestors 'none';      img-src 'self' data: ltre-web.azureedge.net www.googletagmanager.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com ltre-web-img.azureedge.net img.youtube.com i.ytimg.com cdn.cookielaw.org;      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.calltrk.com *.hotjar.com *.incontact.com s.reembed.com www.googletagmanager.com www.google-analytics.com connect.facebook.net s.ytimg.com *.reembed.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net;      style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.reembed.com cdn.cookielaw.org; 2
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net https://*.cloudfront.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 2
script-src 'self' https: 'unsafe-inline' 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src 'unsafe-inline' 'unsafe-eval' * *.customersaas.com *.emsecure.net *.customersaas.com  *.orange.be optimize.google.com *.netdna-ssl.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be optimize.google.com fonts.googleapis.com *.netdna-ssl.com; img-src * data: optimize.google.com; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be *.optimzely.com optimize.google.com; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com fonts.gstatic.com *.netdna-ssl.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.log.optimizely.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://*.krxd.net; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com https://*.krxd.net; child-src https://www.google.com https://*.krxd.net; script-src 'self' 'unsafe-inline' https://a.mdeo.co https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.krxd.net; connect-src 'self' https://a.mdeo.co; 2
frame-ancestors 'self' *.elanfinancialservices.com mediaserver-elan.qa.clockfour.net; 2
frame-ancestors https://*.facebook.com https://*.residentportal.com 2
frame-ancestors https://*.authorize.net 'self' 2
frame-ancestors psa.digitalinsight.com *.vaultsol.com 2
default-src *   ;report-uri /xp/CSPReport.ashx   ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:   ;style-src * 'unsafe-inline'   ;connect-src * blob:   ;font-src * data:   ;object-src *   ;img-src * data: blob:   ;media-src * blob:   ;frame-src * data: gsa: ajaxhandler:   ;child-src * blob:   ;worker-src * blob:   ;form-action * javascript:   ;frame-ancestors * 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
frame-ancestors 'self' *.northshorecare.com http://www.northshorecare.com *.authorize.net *.youtube.com *.peerius.com *.episerver.net 2
frame-ancestors 'self' https://*.salesforce.com https://*.force.com 2
script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com http://localhost:8080 https://ssl.google-analytics.com/ga.js https://survey.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net ; base-uri 'self'; object-src 'none'; report-uri /csp 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 2
script-src https://ssl.google-analytics.com https://twitter.com 'unsafe-eval' https://*.twimg.com https://api.twitter.com https://analytics.twitter.com https://publish.twitter.com https://ton.twitter.com https://syndication.twitter.com 'nonce-9h7wzMgshnH2a+lXvCG0+A==' https://www.google.com https://platform.twitter.com https://www.google-analytics.com blob: 'self'; frame-ancestors 'self'; font-src https://twitter.com https://*.twimg.com data: https://ton.twitter.com 'self'; media-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://v.cdn.vine.co https://dwo3ckksxlb0v.cloudfront.net https://twitter.com https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://amp.twimg.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://prod-video-us-west-1.pscp.tv https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://ton.twitter.com https://prod-video-eu-west-3.pscp.tv https://rmdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://mtc.cdn.vine.co https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; connect-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://*.giphy.com https://dwo3ckksxlb0v.cloudfront.net https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://vmaprel.snappytv.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://embed.pscp.tv https://api.twitter.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://pay.twitter.com https://prod-video-us-west-1.pscp.tv https://analytics.twitter.com https://vmap.snappytv.com https://*.twprobe.net https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://prod-video-eu-west-3.pscp.tv https://syndication.twitter.com https://sentry.io https://rmdhdsnappytv-vh.akamaihd.net https://media.riffsy.com https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://embed.periscope.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://vmapstage.snappytv.com https://upload.twitter.com https://proxsee.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://vmap.grabyo.com https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; style-src https://fonts.googleapis.com https://twitter.com https://*.twimg.com https://translate.googleapis.com https://ton.twitter.com 'unsafe-inline' https://platform.twitter.com 'self'; object-src https://twitter.com https://pbs.twimg.com; default-src 'self' blob:; frame-src https://twitter.com https://*.twimg.com https://player.vimeo.com https://pay.twitter.com https://ton.twitter.com https://syndication.twitter.com https://vine.co twitter: https://www.youtube.com https://platform.twitter.com https://upload.twitter.com 'self'; img-src https://*.giphy.com https://*.pscp.tv https://twitter.com https://*.twimg.com data: https://clips-media-assets.twitch.tv https://lumiere-a.akamaihd.net https://ton.twitter.com https://syndication.twitter.com https://media.riffsy.com https://www.google.com https://platform.twitter.com https://api.mapbox.com https://www.google-analytics.com blob: https://*.periscope.tv 'self'; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://ok.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.ru&showid=1544317491.97882.122303.707060&h=man1-4794-man-portal-morda-29675&csp=old&date=20181209&yandexuid=8053648331544317491; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
default-src mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.moatads.com *.doubleverify.com *.adsafeprotected.com; script-src 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.odnoklassniki.ru ok.ru *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com; img-src data: blob: *; style-src 'unsafe-inline' 'unsafe-eval' blob: *.mail.ru *.imgsmail.ru *.mradx.net; font-src data: blob: https: *.mail.ru *.imgsmail.ru *.mradx.net; frame-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; child-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; report-uri https://cspreport.mail.ru/splash; 1
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.whatsapp.com *.whatsapp.net *.twitter.com;style-src data: blob: 'unsafe-inline' * *.whatsapp.com *.whatsapp.net;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.whatsapp.com *.whatsapp.net *.google-analytics.com;font-src *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net data:;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.google-analytics.com *.fbcdn.net static.xx.fbcdn.net; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.pub.247-inc.net https://www.wootag.com; script-src 'nonce-Eu+kK+RXmK36BfeXbFBjwPi7hdUZPvim/LlVlvakTzVodKIA' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com https://*.google-analytics.com https://fc.yahoo.com https://s.yimg.com https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.cedexis.com https://*.cedexis-test.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-cZ0kr8fq57eRGcIp9PLcGrWL0' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
frame-ancestors 'self' https://*.spotify.com https://*.spotify.net 1
default-src * blob:; img-src * data: blob:; connect-src * wss: blob:; frame-src 'self' *.zhihu.com weixin: *.vzuu.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 zhihujs: captcha.guard.qcloud.com; script-src 'self' blob: *.zhihu.com res.wx.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com i.hao61.net 'nonce-ba14fc27-2c18-4203-9d88-f468d5286f64'; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com captcha.gtimg.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-IrMByKnHES' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-NBhbVwhQ257KqFhhSYlY' 'nonce-a6pClAfthY8Fhk2qR6BV' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.taboola.com https://*.ads-twitter.com https://*.outbrain.com https://*.dwin1.com https://static.criteo.net https://sslwidget.criteo.com https://widget.criteo.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net https://*.taboola.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1
script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com 'nonce-11128192804682656709'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://www.payzippy.com https://tnc.phonepe.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://www.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-11128192804682656709'; child-src 'self' https://*.flipkart.com 'nonce-11128192804682656709'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://csp.flipkart.com/csp 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 'unsafe-inline' 'nonce-NDMsNDcsMTA4LDIyNSwyNDcsMTI4LDI0MSwyMjI='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://cdn.discordapp.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://api.greenhouse.io https://api.github.com https://sentry.io ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/; 1
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com; object-src 'none'; connect-src 'self' https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com; 1
block-all-mixed-content; base-uri 'self' https://optimize.google.com/optimize/; frame-ancestors 'self' teams.microsoft.com 1
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com static.xx.fbcdn.net data:; 1
frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=58775000-f080-419d-9b9c-824a6d56683f 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1
frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 1
frame-ancestors 'self' https://*.gamer.com.tw; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-bcc92e0ef93eeea7b1ab53d5f12a61' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=68d3f2d5-6dc6-4fec-84aa-dfce8d08716f&version=abdcaa3df793750c2e75b294132b15b38b8f8b08 1
style-src 'unsafe-inline' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://fc.yahoo.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; default-src https://*.flickr.com https://*.staticflickr.com; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://s.yimg.com https://geo.yahoo.com https://de.adserver.yahoo.com https://sb.scorecardresearch.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com http://*.static-alpha.flickr.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://hexagon-analytics.com https://*.flickrpro.com; media-src https://*.flickr.com https://*.staticflickr.com https://s.yimg.com https://*.http.atlas.cdn.yimg.com http://*.static-alpha.flickr.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-9fcf41474136d851f44d70319c7c8f97' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://fc.yahoo.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; connect-src https://*.flickr.com https://s.yimg.com https://geo.query.yahoo.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://geo.yahoo.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com; frame-src https://y-flickr.yahoo.com https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com; child-src https://y-flickr.yahoo.com https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com; font-src https://s.yimg.com https://*.flickr.com data:; worker-src blob:; report-uri https://www.flickr.com/csp_report.gne?src=adsecflickr; 1
default-src 'none'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.apple-cloudkit.com *.apple-livephotoskit.com; style-src 'self' data: 'unsafe-inline' *.apple.com *.cdn-apple.com *.icloud.com; img-src 'self' blob: data: *.apple.com *.cdn-apple.com *.icloud.com icloud.com *.icloud-content.com *.apple-mapkit.com; media-src 'self' blob: data: *.apple.com *.cdn-apple.com *.icloud.com *.icloud-content.com; font-src 'self' blob: data: *.apple.com *.cdn-apple.com; connect-src 'self' *.apple.com *.cdn-apple.com *.icloud.com *.icloud-content.com *.apple-mapkit.com; frame-src 'self' blob: *.apple.com *.icloud.com *.icloud-sandbox.com *.icloud-content.com mailto: tel:; frame-ancestors 'self' *.apple.com *.icloud.com; form-action 'self' *.icloud.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw; 1
frame-ancestors 'self' *.grammarly.com 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://*.ouedkniss.com http://*.ouedkniss.com https://*.criteo.com https://*.criteo.net https://*.googletagservices.com https://*.google-analytics.com https://*.cloudfront.net https://*.doubleclick.net https://*.google.dz https://*.alexametrics.com https://*.google.com https://*.googlesyndication.com https://*.autobip.com https://*.facebook.com https://*.facebook.net https://*.jquery.com https://*.gstatic.com https://*.tripadvisor.com https://*.googleapis.com https://*.tripadvisor.fr 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.kz https://*.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.kz *.yandex.kz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://ok.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.kz https://passport.yandex.kz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.kz *.yandex.kz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.kz https://*.yandex.kz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.kz *.yandex.kz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.kz&showid=1544328160.03337.139693.794774&h=sas2-5538-133-sas-portal-morda-17154&csp=old&date=20181209&yandexuid=5767982941544328159; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.kz https://www.yandex.kz https://pass.yandex.kz https://mc.yandex.kz zen.yandex.kz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.kz www.yandex.kz suggest.yandex.kz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com 1
upgrade-insecure-requests; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src 'nonce-c/FZslFlCj9o3Ag55GY8Sg==' 'unsafe-inline' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; style-src 'unsafe-inline' https://yastatic.net; img-src 'self' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; font-src yastatic.net; connect-src yandex.ru mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru; report-uri https://csp.yandex.net/csp?from=ufo-auth&yandex_login=&yandexuid=5857419891544330630; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.investopedia.com *.qa.aws.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com https://*.google-analytics.com https://fc.yahoo.com https://s.yimg.com https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.cedexis.com https://*.cedexis-test.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-H6kPxCQmxQQHHUTjbc1qJz8hbv4' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts 1
block-all-mixed-content; frame-ancestors 'self'; 1
frame-ancestors 'self' www.stumbleupon.com stumbleupon.com; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com.tr https://*.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com.tr *.yandex.com.tr; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com.tr https://passport.yandex.com.tr wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com.tr *.yandex.com.tr; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com.tr https://*.yandex.com.tr awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.com.tr *.yandex.com.tr avatars-fast.yandex.net favicon.yandex.net; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=comtr.com.tr&showid=1544333007.37517.122258.771222&h=man1-1466-man-portal-morda-29675&csp=old&date=20181209&yandexuid=9684695331544333007; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com.tr https://www.yandex.com.tr https://pass.yandex.com.tr https://mc.yandex.com.tr an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com.tr www.yandex.com.tr suggest.yandex.com.tr; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
frame-ancestors 'self' *.wildberries.ru; 1
script-src 'self' 'unsafe-eval' *.thehill.com 'nonce-iXohng2hoh' 1
frame-ancestors 'self' *.nasa.gov 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.lifewire.com *.qa.aws.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.by https://*.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.by *.yandex.by; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://ok.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.by https://passport.yandex.by wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.by *.yandex.by; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.by https://*.yandex.by awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.by *.yandex.by; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.by&showid=1544337109.74903.140305.722125&h=vla1-8308-c28-vla-portal-morda-31387&csp=old&date=20181209&yandexuid=3813825811544337109; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.by https://www.yandex.by https://pass.yandex.by https://mc.yandex.by zen.yandex.by an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.by www.yandex.by suggest.yandex.by; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.by static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
default-src 'self' badoo.com eu1.badoo.com us1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com badoocdn.com *.badoocdn.com   *.api.here.com *.paypal.com pagead2.googlesyndication.com api.giphy.com *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src *; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 1
frame-ancestors 'self' www.messenger.com www.facebook.com; upgrade-insecure-requests 1
base-uri 'self';connect-src *;default-src 'self' *.meetup.com *.dev.meetup.com:8001;font-src * data:;frame-src *;img-src * data: blob:;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline' 1
frame-ancestors 'self' *.cbssports.com *.sportsline.com *.247sports.com *.maxpreps.com *.scout.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 1
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com; prefetch-src https:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss:; object-src https:; 1
frame-ancestors 'self' http://*.gamestop.com https://*.gamestop.com http://*.optimizely.com https://*.optimizely.com 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com *.yandex.com; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com https://passport.yandex.com wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com *.yandex.com; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com https://*.yandex.com *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.com *.yandex.com; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=com.com&showid=1544340253.35581.140891.723824&h=vla2-0450-4dd-vla-portal-morda-31387&csp=old&date=20181209&yandexuid=8093810451544340253; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com https://www.yandex.com https://pass.yandex.com https://mc.yandex.com an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com www.yandex.com suggest.yandex.com; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
frame-ancestors *.jeuxvideo.com 1
block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-ddd08672d18665df73840e849b446f0511b18454' https://api.geetest.com https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://static.geetest.com https://translate.googleapis.com; font-src 'self' data: https://at.alicdn.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com; connect-src 'self' https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://translate.googleapis.com wss://jpush.binance.im:5000 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' data: https://ex.bnbstatic.com https://resource.binance.co.ug https://resource.binance.com https://resource.binance.sg https://sensors.binance.cloud https://sensors.binance.com https://translate.google.com https://translate.googleapis.com https://www.binance.co https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src 'none'; base-uri 'self' 1
frame-ancestors 'self' https://askfm.adspirit.de 1
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 1
frame-ancestors 'self' *.brazzers.com *.bz.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' http://akamai-b.cdn.cddbp.net https: data: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thoughtco.com *.qa.aws.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-bxOhSXtrJj' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors "self" 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=3a833545-6428-4485-b74f-c413396652be 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired 1
default-src 'self' gidonline.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' gidonline.in reichelcormier.bid *.adbetnet.com json.bannersvideo.com serving.adbetclickin.pink cdn.hdat.xyz hhit.xyz cdn7.rocks hgbn.rocks *.mxttrf.com oconner.link franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com *.marketgid.com *.tovarro.com *.criteo.com https://apis.google.com counter.yadro.ru; frame-src 'self' gidonline.in *.adbetnet.com adbetnet.advertserve.com json.bannersvideo.com https://bannersvideo.com serving.adbetclickin.pink franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com biocdn.com cdn.hdat.xyz oconner.link *.r.worldssl.net counter.yadro.ru pandastream.cc moonwalk.cc serpens.nl https://trailerclub.me https://streamguard.cc 37.220.36.15 *.youtube.com https://www.youtube.com https://apis.google.com; connect-src 'self' gidonline.in franecki.net reichelcormier.bid https://xml.bannersvideo.com wss://ws.hghit.com/ws *.onedmp.com wss://oconner.link:8041 wss://*.marketgid.com; style-src 'self' 'unsafe-inline' gidonline.in counter.yadro.ru; font-src 'self' gidonline.in counter.yadro.ru fonts.gstatic.com; img-src 'self' data: gidonline.in *.gemius.pl *.adbetnet.com reichelcormier.bid serving.adbetclickin.pink imgg-cdn.adskeeper.co.uk imgg-cdn.mgid.com *.r.acdnpro.com creatives.adbetclickin.pink hg-bn.com ws.hghit.com c.datpix.net hhit.xyz hgbn.space hgbn1.com hgbnr.com hgbn.rocks cdn7.rocks hghit.com *.mxttrf.com *.deltacdn.net *.r.worldssl.net *.marketgid.com https://ft.imgsniper.com *.tovarro.com front.facetz.net counter.yadro.ru *.gstatic.com; object-src 'self' gidonline.in counter.yadro.ru 1
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-wyCHdylArE' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://a.alimama.cn g.click.taobao.com platform.sina.com.cn suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com tui.cnzz.net www.google-analytics.com *.googlesyndication.com static.huohu123.com; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; report-uri /_/csp-reports 1
default-src 'self' https://docs.google.com *.googleapis.com https://music.yandex.ru *.googletagmanager.com *.googlesyndication.com *.calameo.com *.facebook.com *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.google.com.ua *.twitter.com *.youtube.com http://*.youtube.com *.ok.ru ok.ru https://www.youtube.com *.odnoklassniki.ru  *.yandex.ru https://accounts.google.com https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com *.getloupe.com *.padlet.com *.twitter.com schoodle.ru https://prezi.com http://vedomosti.media.eagleplatform.com https://learningapps.org https://*.revolvermaps.com https://player.vgtrk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.google.ru https://docs.google.com https://apis.google.com ajax.googleapis.com mc.yandex.ru an.yandex.ru *.yandex.ua *.yandex.ru vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru counter.rambler.ru www.googletagservices.com www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com *.odnoklassniki.ru *.ok.ru counter.rambler.ru https://www.googleapis.com relap.io schoodle.ru https://*.revolvermaps.com; object-src *; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com relap.io *.twitter.com ton.twimg.com cdn.jsdelivr.net uroki-maya.online; img-src * 'self' data: https:; media-src 'self'; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' mc.yandex.ru www.google-analytics.com www.googleapis.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalancecareers.com *.qa.aws.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1
policy-uri /parivahan/'self' 1
default-src 'self' https://*.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  connect.facebook.net www.googletagservices.com yandex.st *.doubleclick.net *.googleadservices.com  *.googlesyndication.com *.criteo.com *.criteo.net vk.com vk.com *.vk.com *.imgsmail.ru *.google.com *.google.ru connect.mail.ru *.connect.mail.ru *.ok.ru *.topadvert.ru *.adriver.ru *.r-99.com cdn.mxpnl.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagservices.com *.gstatic.com yandex.ru *.yandex.ru yastatic.net cdnjs.cloudflare.com  *.yandex.net oimenkr.com *.2mdn.net 2mdn.net   *.twitter.com *.google.com.ua *.google.by *.google.cz *.google.kz *.google.de *.google.es js.mamydirect.com  abp.smartadcheck.de *.ampproject.org  *.adfox.ru; object-src 'self' *; style-src 'unsafe-inline' 'unsafe-eval' 'self'  *; img-src 'self' data: blob: * ; media-src 'self' *; frame-src 'self' *.googlesyndication.com *.facebook.com  facebook.com vk.com *.vk.com apis.google.com connect.odnoklassniki.ru *.ok.ru connect.mail.ru accounts.google.com  *.doubleclick.net  *.doubleclick.net  *.youtube.com www.google.com *.criteo.com  *.criteo.net *.gstatic.com yandex.ru *.yandex.ru *.r-99.com oimenkr.com *.oimenkr.com   *.yandexadexchange.net yandexadexchange.net *.2mdn.net 2mdn.net *.twitter.com yastatic.net *.yandex.net *.googletagservices.com *.vimeo.com *.hpmdnetwork.ru; font-src 'self' data: blob: * ; connect-src 'self' * 1
default-src 'self' http://porno365.xxx http://www.porno365.xxx *.porno365.xxx http://ssl.p.jwpcdn.com http://jwpltx.com http://mp-a.info http://redirect.mp-a.info http://mpay69.com http://mpay69.biz  http://counter.rambler.ru my2.imgsmail.ru www.gstatic.com yandex.st an.yandex.ru pagead2.googlesyndication.com www.youtube.com vk.com cdn.connect.mail.ru *.gstatic.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com https://apis.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' http://porno365.xxx http://www.porno365.xxx data: 0.gravatar.com http://0.gravatar.com/ 1.gravatar.com http://1.gravatar.com/ an.yandex.ru/count http://an.yandex.ru/count/ favicon.yandex.net http://favicon.yandex.net avatars-fast.yandex.net http://avatars-fast.yandex.net/ vk.com yastatic.net counter.rambler.ru top-fwz1.mail.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com yastatic.net http://yastatic.net/ *.yastatic.net connect.mail.ru an.yandex.ru www.youtube.com googleads.g.doubleclick.net vk.com userapi.com site.yandex.net yastatic.net https://yastatic.net http://site.yandex.net https://site.yandex.net *.gstatic.com https://vk.com fonts.googleapis.com mc.yandex.ru *.gstatic.com mpay3.info *.exoclick.com *.exosrv.com *.uaadi.com uaadi.com redirect.mpay69.net redirect.mpay69.org redirect.mpay69.info test.test-mp.info *.xcvgdf.party *.bgclk.club *.googleapis.com googleapis.com bgclk.club pornopirat.net 50.7.132.106 172.255.230.44 *.jquery.com jquery.com *.google.com *.googletagmanager.com *.1qe.info 1qe.info *.1qi.info *.newsportal9.ru *.img-server-1.top img-server-1.xyz img-server-2.xyz 1qi.info *.1qo.info 1qo.info *.1qp.info 1qp.info *.1qt.info 1qt.info *.1qu.info 1qu.info *.1qw.info 1qw.info *.1qy.info 1qy.info *.wwpon365.ru wwgate.ru wwpon365.ru 1
frame-ancestors 'self' slate.com *.slate.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-KtVOxLEGFh' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' https://www.coinbase.com; child-src 'self' https://www.coinbase.com https://fast.wistia.net https://*.online-metrix.net https://*.wpstn.com https://netverify.com https://platform.twitter.com https://www.google.com/recaptcha/ https://cdn.plaid.com/link/ https://*.doubleclick.net/ blob: https://coinbase.ada.support https://www.youtube.com/embed/NtMCXERzM3E https://www.youtube.com/embed/997ZZpUL8_k https://www.youtube.com/embed/fBcoSrCmphw https://www.youtube.com/embed/COljxvEgDOg; connect-src 'self' https://www.coinbase.com https://api.coinbase.com https://api.mixpanel.com https://*.online-metrix.net https://api.cloudinary.com https://ott9.wpstn.com/live https://api.amplitude.com/ https://d3907m2cqladbn.cloudfront.net/ static.coinbase.com wss://ws.coinbase.com wss://ws.coinbase.com:443 https://www.coinbase.com/api https://coinbase.ada.support/api/ https://www2.coinbase.com; font-src 'self' https://www.coinbase.com https://assets.coinbase.com/ static.coinbase.com https://www2.coinbase.com; img-src 'self' data: https://www.coinbase.com https://images.coinbase.com https://d3907m2cqladbn.cloudfront.net/ https://dynamic-assets.coinbase.com https://exceptions.coinbase.com https://coinbase-uploads.s3.amazonaws.com https://s3.amazonaws.com/app-public/ https://maps.gstatic.com https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://csi.gstatic.com https://www.google-analytics.com https://res.cloudinary.com https://secure.gravatar.com https://i2.wp.com https://*.online-metrix.net https://assets.coinbase.com/ https://hexagon-analytics.com https://api.mixpanel.com https://cb-brand.s3.amazonaws.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/r/collect blob: static.coinbase.com https://d124s1zbdqkqqe.cloudfront.net https://www.facebook.com/tr https://www2.coinbase.com; media-src 'self' https://www.coinbase.com blob:; object-src 'self' data: blob: https://www.coinbase.com https://cdn.siftscience.com https://*.online-metrix.net https://www.gstatic.com https://www.google.com/recaptcha/api/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coinbase.com https://fast.wistia.com/assets/external/E-v1.js https://cdn.siftscience.com https://*.newrelic.com https://bam.nr-data.net https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://*.online-metrix.net https://code.jquery.com https://chart.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://netverify.com https://ajax.cloudflare.com https://cdn.plaid.com/link/v2/stable/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://assets.coinbase.com/ static.coinbase.com https://www2.coinbase.com; style-src 'self' 'unsafe-inline' https://www.coinbase.com https://assets.coinbase.com/ static.coinbase.com https://www2.coinbase.com; report-uri /csp-report 1
frame-ancestors 'self'  *.ampproject.org *.zdbb.net *.specless.tech *.specless.io *.mashable.com mashable.com *.alphr.com androidcommunity.com androidforums.com betanews.com cellphoneforums.net *.channelpro.co.uk *.cloudpro.co.uk *.codingforums.com *.denofgeek.com *.developerfusion.co.uk *.electricbento.com *.expertreviews.co.uk *.extremetech.com geardiary.com *.geek.com *.gottabemobile.com *.hometheaterforum.com hothardware.com *.howardforums.com *.itpro.co.uk *.knowyourmobile.com *.myce.com *.onmsft.com phandroid.com *.product-reviews.net *.simplehelp.net *.slashgear.com *.techlicious.com *.techshout.com *.tgdaily.com *.thedroidguy.com *.thehdroom.com *.theinquirer.net *.theweek.co.uk *.tweaktown.com *.ubergizmo.com *.ultrabookreview.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-pDvGSZQxne' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://*.pubnub.com https://bat.bing.com https://*.briteverify.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com https://api.stripe.com https://*.pubnub.com https://*.briteverify.com https://api.soundcloud.com https://api.airbrake.io; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com; img-src * blob: data:; form-action 'self'; 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:;font-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *; 1
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sync.adap.tv sync.adaptv.advertising.com *.adroll.com ssp.adskom.com sync.ad-stir.com *.akamaihd.net *.appier.net *.adnxs.com x.bidswitch.net bat.bing.com *.bizographics.com sjs.bizographics.com bookeo.com www-2903b.bookeo.com britishcouncil-email.createsend.com tags.clickintext.net apps-cdn.britishcouncil.org *.disquscdn.com *.disqus.com disqus.com *.doubleclick.net loadus.exelator.com ps.eyeota.net *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net cs.gssprt.jp www.google.de www.google.es *.google.com *.google.co.uk *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com *.ytimg.com britishcouncil.github.io *.linkedin.com snap.licdn.com idsync.rlcdn.com sync.crwdcntrl.net ml314.com *.mathtag.com aa.agkn.com bam.nr-data.net js-agent.newrelic.com olc.live.solas.britishcouncil.digital *.openx.net *.optimizely.com stags.bluekai.com cdn.polyfill.io *.qualaroo.com s3.amazonaws.com pixel.rubiconproject.com *.salesforceliveagent.com embed.scribblelive.com *.scupio.com *.semasio.net *.sharethis.com *.socdm.com sui.britishcouncil.org *.streamamg.com public.tableau.com tapestry.tapad.com match.adsrvr.org *.ads-twitter.com *.twimg.com *.twitter.com d17m68fovwmgxj.cloudfront.net ucarecdn.com *.vimeocdn.com player.vimeo.com vimeo.com vk.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com *.webtrends.com statse.webtrendslive.com dev.visualwebsiteoptimizer.com britishcouncil.wufoo.com *.yahoo.com b92.yahoo.co.jp s.yimg.com www.youtube.com; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-nkVxnokvnp' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-DkIiamgFRQ' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' https://*.nrk.no; script-src 'self' https://*.pusher.com https://*.nrk.no https://www.google-analytics.com https://*.chartbeat.com https://*.chartbeat.net https://*.linkpulse.com https://*.lp4.io https://*.scorecardresearch.com https://www.gstatic.com https://cws.conviva.com https://ma93-r.analytics.edgekey.net https://ssl-nrkstream.tns-cs.net blob:; connect-src 'self' wss://*.pusher.com wss://*.pusherapp.com wss://*.nrk.no https://*.nrk.no https://nrk-datahub.appspot.com https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.linkpulse.com https://*.lp4.io https://www.google-analytics.com https://*.scorecardresearch.com https://ma93-r.analytics.edgekey.net https://ssl-nrkstream.tns-cs.net https://cws.conviva.com; img-src 'self' https://*.lp4.io https://*.linkpulse.com https://*.tns-cs.net https://*.chartbeat.net https://www.google-analytics.com https://*.nrk.no https://*.akamaized.net https://*.akamaihd.net https://*.scorecardresearch.com https://*.googleusercontent.com https://ma93-r.analytics.edgekey.net https://ssl-nrkstream.tns-cs.net data:; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://chartbeat.com https://*.chartbeat.com; media-src https://*.nrk.no https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net blob: data:; 1
default-src blob: data: 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.2gis.com *.2gis.ru s0.2mdn.net *.adriver.ru *.ampproject.net *.ampproject.org *.apester.com *.cloudfront.net www.dailymail.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com facebook.com *.facebook.com *.gemius.pl giphy.com *.google.com *.googleapis.com *.googlesyndication.com themes.googleusercontent.com *.gstatic.com instagram.com *.instagram.com video.khl.ru *.moatads.com *.mradx.net ok.ru *.ok.ru *.playbuzz.com *.qmerce.com rutube.ru *.rutube.ru *.serving-sys.com soundcloud.com *.soundcloud.com *.streamrail.com *.twimg.com twitter.com *.twitter.com player.vimeo.com vine.co vk.com *.vk.com *.weborama.fr *.yandex.ru *.yandex.net yandex.st yandexadexchange.net *.yandexadexchange.net yastatic.net *.youtube.com *.adsafeprotected.com *.newstube.ru *.bbc.com *.viqeo.tv bbc-maps.carto.com wtrfall.com *.1tv.ru corpmail.fluidsurveys.com *.nhl.com *.knightlab.com imgur.com *.tradingview.com paymaster.ru silatv.ru *.silatv.ru cdn.embedly.com player.vgtrk.com sportmail.ru *.sportmail.ru piter.tv *.bonus-tv.ru; script-src 'unsafe-inline' 'unsafe-eval' js-inject *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.adlooxtracking.com *.algovid.com s3.amazonaws.com cdn.ampproject.org *.apester.com *.bing.com static.bbc.co.uk news.files.bbci.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.net *.facebook.com *.flickr.com translate.google.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.google.ru *.instagram.com mediatoday.ru *.moatads.com *.mradx.net *.mxpnl.com *.odnoklassniki.ru ok.ru *.ok.ru *.playbuzz.com *.qmerce.com sb.scorecardresearch.com *.twimg.com *.twitter.com platform.vine.co vk.com *.vk.com *.webvisor.com *.mtproxy.yandex.net *.yandex.ru yandex.st yastatic.net *.pinterest.com *.adsafeprotected.com *.serving-sys.com *.viqeo.tv *.videonow.ru apis.google.com wtrfall.com *.cloudfront.net *.imgur.com *.tradingview.com mytopf.com *.redditmedia.com cdn.embedly.com sportmail.ru *.sportmail.ru; connect-src 'self' wss://*.mail.ru wss://*.devmail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.algovid.com *.ampproject.net *.apester.com facebook.com *.facebook.com *.facebook.net *.flickr.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.instagram.com *.mixpanel.com *.mradx.net *.playbuzz.com *.qmerce.com geo.query.yahoo.com twitter.com *.twitter.com *.yadro.ru *.yandex.ru yandex.st yastatic.net collector.mediator.media *.serving-sys.com *.doubleverify.com *.viqeo.tv *.videonow.ru *.vidiom.net wtrfall.com *.mediator.media mytopf.com *.reddit.com wss://sportmail.ru wss://*.sportmail.ru sportmail.ru *.sportmail.ru; img-src * data: blob:; worker-src 'self' *.mail.ru *.devmail.ru sportmail.ru *.sportmail.ru; report-uri https://portal-csp-report.corp.mail.ru/report/ 1
default-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' blob: data: *.qwant.com *.kamoov.com; style-src 'unsafe-inline' data: *.qwant.com; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=86c0a46b-2987-4bc9-bebe-1d809ddd2ffb 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-TROnhBxARl' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' http://*.tirto.id https://*.tirto.id 1
script-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline' 1
frame-ancestors https://*.udacity.com 1
frame-ancestors http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/the-new-yorker 1
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' data: https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; img-src 'self' data: https://consent.trustarc.com https://images.ctfassets.net https://*.supplyframe.com https://www.google-analytics.com https://www.googletagmanager.com https://store.arduino.cc https://store-cdn.arduino.cc https://assets.windowsphone.com *.stripe.com https://content.arduino.cc https://dcw9y8se13llu.cloudfront.net https://stats.g.doubleclick.net https://www.facebook.com https://ssl.google-analytics.com https://my.arduino.cc https://blog.arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; connect-src 'self' https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.ua https://*.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.ua *.yandex.ua; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://ok.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.ua https://passport.yandex.ua wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.ua *.yandex.ua; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.ua https://*.yandex.ua awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.ua *.yandex.ua; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.ua&showid=1544324410.44799.122028.793687&h=sas2-0181-sas-portal-morda-17154&csp=old&date=20181209&yandexuid=5612804871544324410; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.ua https://www.yandex.ua https://pass.yandex.ua https://mc.yandex.ua zen.yandex.ua an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.ua www.yandex.ua suggest.yandex.ua; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
connect-src 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org https://glitch.com https://*.glitch.com https://*.glitch.me https://*.cloudflare.com https://*.algolia.net; script-src 'unsafe-eval' 'unsafe-inline' *.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.gstatic.com https://*.cloudflare.com *.cloudflare.com https://*.gitter.im https://*.cdnjs.com *.cdnjs.com https://*.jsdelivr.com *.jsdelivr.com *.twimg.com https://*.twimg.com *.youtube.com *.ytimg.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; style-src 'unsafe-inline' *.gstatic.com *.googleapis.com *.bootstrapcdn.com https://*.bootstrapcdn.com *.cloudflare.com https://*.cloudflare.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; font-src *.cloudflare.com https://*.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com https://*.bootstrapcdn.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; img-src * data:; media-src *.bitly.com *.amazonaws.com *.twitter.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; frame-src *.gitter.im *.gitter.im https: *.youtube.com *.twitter.com *.ghbtns.com *.freecatphotoapp.com freecodecamp.github.io 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org 1
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com; prefetch-src https:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: android-webview-video-poster: http: *.images.dailystar.co.uk; media-src https: data: blob:; object-src https: data: blob:; font-src https: data: blob:; frame-src https: data: blob:; connect-src https: wss:; worker-src https: wss: blob: 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com ajax.googleapis.com  connect.facebook.net platform.twitter.com code.jquery.com www.google-analytics.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com use.fontawesome.com platform.twitter.com fonts.googleapis.com http://fonts.googleapis.com; 1
frame-ancestors 'self' http://*.dji.com https://*.dji.com 1
default-src 'self' ; img-src 'self'  https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com data: https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com  https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com  https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2  https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://*.optimizely.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ; frame-src 'self' https://cdn.lmiutil.com/ https://b.company-target.com https://*.lastpass.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com  https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com ;worker-src https://*.lastpass.com blob: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
frame-ancestors http://www.r18.com/ 1
base-uri 'self';child-src blob: *;connect-src *;default-src 'self';font-src * data:;frame-ancestors 'self';img-src * data:;media-src blob: *;script-src * 'unsafe-inline' 'unsafe-eval' data:;style-src * 'unsafe-inline' 1
default-src 'self' www.sigmaaldrich.com *.4seeresults.com *.adnxs.com ajax.googleapis.com analytics.foresee.com analytics.twitter.com apiqws.sial.com *.azalead.com bat.bing.com bcp.crwdcntrl.net brain.foresee.com c212.net cdn.c212.net cdn.userreplay.net clickserv.sitescout.com cloud-analytics.sial.com code.jquery.com connect.facebook.net cx.atdmt.com device.4seeresults.com *.doubleclick.net gateway.foresee.com *.googleapis.com *.google.co.in *.google.com i.4see.mobi img.en25.com js.bizographics.com *.linkedin.com maxcdn.bootstrapcdn.com pixel.mathtag.com pixel.sitescout.com px.ads.linkedin.com s832461399.t.eloqua.com sial.tfaforms.net sjs.bizographics.com static.ads-twitter.com static.foresee.com survey.foresee.com survey.foreseeresults.com tags.crwdcntrl.net t.co vidassets.terminus.services wscdimg.sial.com wscpimg.sial.com ws.sharethis.com www.facebook.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.viddler.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sigmaaldrich.com *.4seeresults.com *.adnxs.com ajax.googleapis.com analytics.foresee.com analytics.twitter.com apiqws.sial.com *.azalead.com bat.bing.com bcp.crwdcntrl.net brain.foresee.com c212.net cdn.c212.net cdn.userreplay.net clickserv.sitescout.com cloud-analytics.sial.com code.jquery.com connect.facebook.net cx.atdmt.com device.4seeresults.com *.doubleclick.net gateway.foresee.com *.googleapis.com *.google.co.in *.google.com i.4see.mobi img.en25.com js.bizographics.com *.linkedin.com maxcdn.bootstrapcdn.com pixel.mathtag.com pixel.sitescout.com px.ads.linkedin.com s832461399.t.eloqua.com sial.tfaforms.net sjs.bizographics.com static.ads-twitter.com static.foresee.com survey.foresee.com survey.foreseeresults.com tags.crwdcntrl.net t.co vidassets.terminus.services wscdimg.sial.com wscpimg.sial.com ws.sharethis.com www.facebook.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.viddler.com;style-src 'self' 'unsafe-inline' www.sigmaaldrich.com *.4seeresults.com *.adnxs.com ajax.googleapis.com analytics.foresee.com analytics.twitter.com apiqws.sial.com *.azalead.com bat.bing.com bcp.crwdcntrl.net brain.foresee.com c212.net cdn.c212.net cdn.userreplay.net clickserv.sitescout.com cloud-analytics.sial.com code.jquery.com connect.facebook.net cx.atdmt.com device.4seeresults.com *.doubleclick.net gateway.foresee.com *.googleapis.com *.google.co.in *.google.com i.4see.mobi img.en25.com js.bizographics.com *.linkedin.com maxcdn.bootstrapcdn.com pixel.mathtag.com pixel.sitescout.com px.ads.linkedin.com s832461399.t.eloqua.com sial.tfaforms.net sjs.bizographics.com static.ads-twitter.com static.foresee.com survey.foresee.com survey.foreseeresults.com tags.crwdcntrl.net t.co vidassets.terminus.services wscdimg.sial.com wscpimg.sial.com ws.sharethis.com www.facebook.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.viddler.com;connect-src 'self' www.sigmaaldrich.com *.4seeresults.com *.adnxs.com ajax.googleapis.com analytics.foresee.com analytics.twitter.com apiqws.sial.com *.azalead.com bat.bing.com bcp.crwdcntrl.net brain.foresee.com c212.net cdn.c212.net cdn.userreplay.net clickserv.sitescout.com cloud-analytics.sial.com code.jquery.com connect.facebook.net cx.atdmt.com device.4seeresults.com *.doubleclick.net gateway.foresee.com *.googleapis.com *.google.co.in *.google.com i.4see.mobi img.en25.com js.bizographics.com *.linkedin.com maxcdn.bootstrapcdn.com pixel.mathtag.com pixel.sitescout.com px.ads.linkedin.com s832461399.t.eloqua.com sial.tfaforms.net sjs.bizographics.com static.ads-twitter.com static.foresee.com survey.foresee.com survey.foreseeresults.com tags.crwdcntrl.net t.co vidassets.terminus.services wscdimg.sial.com wscpimg.sial.com ws.sharethis.com www.facebook.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.viddler.com; 1
script-src *.walmart.ca *.walmartimages.ca *.wal.co assets.adobedtm.com *.googleadservices.com *.google.ca *.google.com *.gstatic.com *.google-analytics.com *.bing.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.scorecardresearch.com *.answerscloud.com *.newrelic.com *.ordergroove.com *.facebook.net bam.nr-data.net *.webcollage.net *.iesnare.com *.demdex.net *.googleapis.com *.2mdn.net *.walmart.com *.omtrdc.net *.circularhub.com *.youtube.com *.postescanada-canadapost.ca *.bazaarvoice.com *.ytimg.com *.device.4seeresults.com *.custhelp.com *.rnengage.com *.moatads.com *.casalemedia.com *.hlserve.com dnisjsqid2b9p.cloudfront.net *.myregistry.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; base-uri * 'self'; 1
child-src * 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it http://manage.pec.it https://manage.pec.it 1
default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com 'nonce-6vUn1oFhlrbtwm05V5B6MeYrfZohQG7O' data:; connect-src 'self' *.blockchain.com *.blockchain.info https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' https://www.google.com; img-src 'self' data:  https://www.facebook.com http://www.google-analytics.com https://www.google.com; style-src 'self' https://fonts.googleapis.com 'nonce-6vUn1oFhlrbtwm05V5B6MeYrfZohQG7O'; font-src 'self' https://fonts.gstatic.com data:; manifest-src 'self'; 1
child-src *.criteo.com *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.kissmetrics.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.turn.com *.atdmt.com *.scorecardresearch.com *.ytimg.com *.triggit.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.kissmetrics.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.jsuol.com.br *.googleadservices.com *.googletagmanager.com *.ampproject.org *.ytimg.com *.google-analytics.com *.google.com *.doubleclick.net *.simg.uol.com.br *.uol.com *.uol.com.br *.pagseguro.com.br *.facebook.net *.criteo.net *.criteo.com *.xg4ken.com *.dynad.net *.marketo.com *.hotjar.com *.jsdelivr.net *.kissmetrics.com *.tailtarget.com *.bing.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com 'unsafe-inline' 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-KGcqfPwIdC' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.credit-du-nord.fr *.banque-courtois.fr *.banque-kolb.fr *.banque-laydernier.fr *.banque-nuger.fr *.banque-rhone-alpes.fr *.banque-tarneaud.fr *.smc.fr 1
frame-ancestors 'self' *.dkb.de 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://ok.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.ru&showid=1544339333.60777.122162.737487&h=man1-4101-man-portal-morda-29675&csp=old&date=20181209&yandexuid=2629283871544339333; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com; 1
connect-src https: wss:; img-src https: data:; default-src https: blob:; object-src https:; frame-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; style-src 'unsafe-inline' https:; media-src https:; report-uri https://zbsfsvpmbzmjualklfjf2csg.httpschecker.net/report 1
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 1
frame-ancestors 'self' btprt.dj snip.ly 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-mABJBKSXJP' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors https://*.teen.co.id/ https://*.tempo.co/ https://tpc.googlesyndication.com/ https://www.youtube.com/ https://asset.tabloidbintang.com/ https://ads.as.criteo.com/ https://eus.rubiconproject.com/ https://onesignal.com/ 1
font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 1
report-uri https://sentry.io/api/190356/security/?sentry_key=0fb44384b50e4ee692405615e7837304; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellhealth.com *.qa.aws.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalance.com *.qa.aws.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-zcFaEFLzhj' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.uk  ; frame-src 'self' *.indeed.com *.indeed.co.uk https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.uk d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.in  ; frame-src 'self' *.indeed.com *.indeed.co.in https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com *.indeed.co.in data: https://smartlock.google.com/ https://accounts.google.com/ d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://bs.serving-sys.com https://maps.googleapis.com https://csi.gstatic.com https://www.youtube.com https://www.google-analytics.com/collect https://ad.doubleclick.net/ddm/; script-src 'self' *.indeed.com *.indeed.co.in 'unsafe-inline' data: https://smartlock.google.com/ https://accounts.google.com/ d2q79iu7y748jz.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://www.google-analytics.com https://sb.scorecardresearch.com https://connect.facebook.net https://*.serving-sys.com https://maps.googleapis.com https://csi.gstatic.com https://ad.doubleclick.net/ddm/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.in  https://d1ymdoy4af119w.cloudfront.net/ https://www.google-analytics.com/collect https://www.google.com/maps/search/; 1
default-src 'self' localhost data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com *.wolframcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com ajax.googleapis.com *.wolframalpha.tw; img-src 'self' http://*.wolframcdn.com  wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-45bdad4b727148768ec3eaadeaec21a8'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
frame-ancestors *.hinet.net; 1
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.uz https://*.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.uz *.yandex.uz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.uz https://passport.yandex.uz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.uz *.yandex.uz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.uz https://*.yandex.uz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.uz *.yandex.uz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=big.uz&showid=1544353782.79746.122021.794601&h=sas2-0405-sas-portal-morda-17154&csp=old&date=20181209&yandexuid=7705806451544353782; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.uz https://www.yandex.uz https://pass.yandex.uz https://mc.yandex.uz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.uz www.yandex.uz suggest.yandex.uz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=c5dft3de0pu3c&partner=; 1
frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com; 1
frame-ancestors 'self' https://booking.jetstar.com/; 1
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com; connect-src 'self' https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vanityfair 1
connect-src 'self' https://*.tesco.com https://*.optimizely.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.doubleclick.net https://*.hotjar.com:* wss://*.hotjar.com https://cdn.appdynamics.com https://eum-col.appdynamics.com http://cdn.appdynamics.com http://eum-col.appdynamics.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://search.api.tesco.com/suggestion/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tesco.com https://*.optimizely.com https://static.hotjar.com https://script.hotjar.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://cdn.appdynamics.com https://eum-col.appdynamics.com http://cdn.appdynamics.com http://eum-col.appdynamics.com https://maps.googleapis.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://*.doubleclick.net https://adservice.google.co.in/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://adservice.google.co.uk/adsid/integrator.js https://adservice.google.ie/adsid/integrator.js https://pagead2.googlesyndication.com/pagead/osd.js https://*.sociomantic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://* data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://app.optimizely.com https://*.doubleclick.net; child-src 'self' https://*.doubleclick.net https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com; frame-src https://*.doubleclick.net https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com https://*.googletagservices.com https://*.doubleclick.net https://*.sociomantic.com; object-src 'none'; report-uri /ce-assets/csp-report-violation 1
block-all-mixed-content; child-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net pixel.mathtag.com https://c.paypal.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://adservice.google.com https://events.uber.com https://staging.cdn-net.com https://www.cdn-net.com https://siteintercept.qualtrics.com https://d3i4yxtzktqr9n.cloudfront.net https://ramensjc.uber.com https://ramendca.uber.com https://auth.uber.com events.uber.com api.mixpanel.com d1a3f4spazzrp4.cloudfront.net *.optimizely.com www.google-analytics.com *.tealiumiq.com *.demdex.net; font-src 'self' data: fonts.gstatic.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; form-action 'self' 'self' https://staging.cdn-net.com https://www.cdn-net.com https://www.facebook.com; frame-ancestors 'self'; frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net pixel.mathtag.com staging.cdn-net.com https://c.paypal.com staticxx.facebook.com https://www.cdn-net.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; img-src 'self' data: https: https://apps.rokt.com https://c.paypal.com https://phx.stats.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com * * https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; media-src 'self' https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; object-src https://www.cdn-net.com; script-src 'self' 'unsafe-inline' 'nonce-a06fde1a-e298-4756-b874-d0880cea514b' analytics.twitter.com bat.bing.com graph.facebook.com https://*.cdn-net.com https://*.siteintercept.qualtrics.com https://amplify.outbrain.com https://c.paypal.com https://siteintercept.qualtrics.com https://staging.cdn-net.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.cl https://www.google.co.ao https://www.google.co.in https://www.google.co.jp https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.sg https://www.google.com.tw https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ru https://www.google.se https://www.googletagmanager.com https://www.paypalobjects.com maps.googleapis.com mathid.mathtag.com pixel.mathtag.com platform.twitter.com static.ads-twitter.com 'unsafe-eval' script.crazyegg.com www.google-analytics.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://pullo.uberinternal.com https://d3i4yxtzktqr9n.cloudfront.net https://d1a3f4spazzrp4.cloudfront.net; report-uri https://csp.uber.com/csp?a=web-eats&ro=false&v=1 1
script-src 'report-sample' 'nonce-7hFnbj8gXBkpZExtEEZJaA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com 1
upgrade-insecure-requests; report-uri https://ee.report-uri.io/r/default/csp/enforce 1
default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ http://metrics.nationwide.co.uk/ https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://nationwide.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js  https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/; 1
frame-ancestors 'self' http://*.webvisor.com http://webvisor.com *.ntv.ru; 1
frame-ancestors 'self' *.gsmarena.com *.killerfeatures.com *.91mobiles.com 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.tenor.co https://*.tenor.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv 'nonce-YjQ1NDE0MTEtMmM1Mi00OTU2LTlmMjMtZTEyN2QwMzhhYjg4'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/; object-src 'none' 1
script-src *.tapd.cn *.qq.com 'unsafe-inline' 'unsafe-eval' https:; report-uri https://www.tapd.cn/fastapp/csp_report_log.php?token=U2FsdGVkX18bxCEHeJHlPS1DYHGXe0lcYmEBmpyXUEsFM9lYrwEbLJkhUAXIK36E9CFgS7g1iZHT1oOtfNlHjw%3D%3D 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/gq 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://uwaterloo.ca https://*.uwaterloo.ca https://maxcdn.bootstrapcdn.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleadservices.com https://*.g.doubleclick.net https://6263835.fls.doubleclick.net https://cdnjs.cloudflare.com https://twitter.com https://*.twitter.com https://*.twimg.com https://twitter-widgets.s3.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube-nocookie.com https://s.ytimg.com https://*.livestream.com https://*.webspellchecker.net https://cdn.mathjax.org https://storify.com https://*.addtoany.com https://*.vimeo.com https://*.vimeocdn.com https://*.tintup.com https://*.71n7.com https://d36hc0p18k1aoc.cloudfront.net https://cdn.hypemarks.com https://cdn.leafletjs.com https://cdn-geoweb.s3.amazonaws.com https://cdn.maptiks.com https://api.tiles.mapbox.com https://d591zijq8zntj.cloudfront.net https://*.libanswers.com https://secure.skype.com https://cdn-akamai.mookie1.com https://*.tiqcdn.com https://o2.eyereturn.com https://snap.licdn.com https://*.ads.linkedin.com https://*.hscampaigns.com https://secure.adnxs.com https://public.tableau.com; img-src * data: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: * ; font-src 'self' data: * ; frame-ancestors 'self' https://*.ualberta.ca 1
default-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com *.googletagmanager.com *.googlesyndication.com *.facebook.com  *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.google.com.ua *.google.ca *.twitter.com *.youtube.com https://www.youtube.com *.odnoklassniki.ru *.rutarget.ru *.adriver.ru *.doubleclick.net *.bidswitch.net *.yandex.ru https://accounts.google.com https://googleads.g.doubleclick.net https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amalgama-lab.com https://*.amalgama-lab.com https://yandex.ru http://openstat.net *.google.ru http://*.google.ru http://cse.google.ru *.google.ru:* https://*.google.ru:* *.google.com http://*.google.com *.google.com.ua *.google.com:* https://*.google.com:* *.google.ca https://apis.google.com ajax.googleapis.com https://*.googleapis.com *.googleapis.com *.mixmarket.biz 4294953203.kt.mixmarket.biz *.revsci.net *.republer.com https://yastatic.net https://*.republer.com *.gstatic.com https://*.gstatic.com *.yandex.net https://*.yandex.net *.yandex.st *.yandex.ru https://*.yandex.ru yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net mc.yandex.ru https://*.yandex.ru an.yandex.ru https://an.yandex.ru *.yandex.ua https://*.googlesyndication.com  http://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.doubleclick.net *.doubleclick.net *.luxup.ru luxup.ru *.luxadv.com *.luxcdn.com vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru *.pinterest.com *.advertur.ru advertur.ru *.betweendigital.com counter.rambler.ru www.googletagservices.com www.googletagmanager.com  *.google-analytics.com *.googleadservices.com https://*.googleadservices.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru go.youlamedia.com *.adlabs.ru *.adriver.ru *.kavanga.ru https://*.kavanga.ru *.ok.ru ok.ru *.sociomantic.com *.odnoklassniki.ru *.googleusercontent.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com *.imrkcrv.net *.imrk.net *.infostatsvc.com *.avocet.io; img-src 'self' data: https://relap.io https://x01.aidata.io https://sspstark.ru https://is.mixmarket.biz *.mixmarket.biz https://*.yandex.com *.amalgama-lab.com https://*.amalgama-lab.com https://*.advombat.ru http://openstat.net https://*.rambler.ru *.rutarget.ru *.smartyads.com https://*.republer.com sync.republer.com *.revsci.net yastatic.net *.yastatic.net *.adhigh.net *.datamind.ru counter.yadro.ru *.ytimg.com *.yandex.net *.yandex.st *.yandex.ru *.yandex.ua *.google.am *.google.it *.google.jo *.google.cz *.google.ch *.google.no *.google.ae *.google.at *.google.az *.google.bg *.google.me *.google.hr *.google.co.id *.google.co.il *.google.dk *.google.fr *.google.ge *.google.nl *.google.rs *.google.gr *.google.ba *.google.ro *.google.dz *.google.se *.google.sk *.google.md *.google.ee *.google.lv *.google.pl *.google.tn *.google.es *.google.si *.google.com.kw *.google.com.ng *.google.lu *.google.ca *.google.lt *.google.com.tr *.google.de *.google.com.cy *.google.com.au *.google.com.sg *.google.com.eg *.google.co.uk *.google.co.jp *.google.co.in *.google.co.ve *.google.com.kh *.google.com.mt *.google.com.np *.google.com.pe *.google.com.ph *.google.fi *.google.hu *.google.mn *.google.pt *.google.com.mx *.google.com.tj *.google.co.kr *.google.co.th *.google.com.tw *.pinterest.com vk.com  *.googleusercontent.com *.googlesyndication.com https://*.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com *.google.com *.google.ru *.google.by *.google.com.ua *.google.be *.google.ie *.google.com.ar *.google.kz *.gstatic.com https://*.gstatic.com counter.rambler.ru *.betweendigital.com *.luxup.ru *.luxup.ru:* *.imrk.net *.adlabs-retail.ru go.youlamedia.com *.gravatar.com  front.facetz.net ad.dumedia.ru rtb.rtcdn.ru g.mp.luxcdn.com *.rtb-media.ru *.whisla.com *.adlabs.ru *.recreativ.ru *.mail.ru *.tns-counter.ru  x.bidswitch.net *.luxadv.com *.sociomantic.com *.adriver.ru *.kavanga.ru b.kavanga.ru https://*.kavanga.ru *.hubrus.com *.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://googleads.g.doubleclick.net *.2mdn.net *.googleapis.com https://*.googleapis.com https://*.2mdn.net *.madnet.ru *.spotxchange.com https://*.spotxchange.com https://*.adform.net *.republer.com *.intencysrv.com *.googleadservices.com *.yahoo.com *.admitad.com 109.206.167.217 109.206.167.109 mc.yandex.ru mc.yandex.ru:* https://*.yandex.ru https://*.yandex.ru *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com *.rontar.com *.paradocs.ru *.uptolike.com *.adap.tv *.r24-tech.com *.adnxs.com *.rubiconproject.com *.btrll.com *.adtech.de *.liverail.com *.adadvisor.net *.openx.com *.upstats.ru *.advertising.com *.adsniper.ru *.lijit.com *.openx.net *.adframesrc.com *.adadvisor.net *.targetix.net *.trafex.net *.imrkcrv.net *.tovarro.com *.begun.ru *.avocet.io *.advombat.ru *.smaclick.com *.yadro.ru https://*.yadro.ru *.liveinternet.ru https://*.liveinternet.ru; style-src 'self' 'unsafe-inline' *.amalgama-lab.com https://*.amalgama-lab.com *.gstatic.com https://*.gstatic.com *.amalgama-lab.com https://*.amalgama-lab.com 'unsafe-inline' https://fonts.googleapis.com fonts.googleapis.com *.google.com *.sociomantic.com yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net;  media-src 'self'  *.amalgama-lab.com https://*.amalgama-lab.com *.youtube.com youtube.com; object-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com http://imrkcrv.net *.imrkcrv.net *.adriver.ru *.gstatic.com *.googlesyndication.com https://*.googlesyndication.com https://*.gstatic.com *.datariver.ru *.kavanga.ru *.googlevideo.com googlevideo.com *.ytimg.com ytimg.com *.youtube.com youtube.com an.yandex.ru https://an.yandex.ru *.yandex.ru; frame-src 'self' *.amalgama-lab.com https://*.amalgama-lab.com *.googlesyndication.com https://*.googlesyndication.com *.googleadservices.com https://*.googleadservices.com *.doubleclick.net https://stats.g.doubleclick.net https://*.doubleclick.net https://googleads.g.doubleclick.net *.google.ru *.google.com *.yandex.st https://*.yandexadexchange.net *.imrk.net yastatic.net *.yastatic.net *.yastatic.net:* https://*.yastatic.net; font-src 'self' data: *.amalgama-lab.com https://*.amalgama-lab.com *.gstatic.com *.googleusercontent.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com; connect-src 'self' data: *.amalgama-lab.com https://*.amalgama-lab.com https://csi.gstatic.com https://pagead2.googlesyndication.com mc.yandex.ru *.yandex.ru https://*.yandex.ru www.google-analytics.com www.liveinternet.ru *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com https://*.yandex.ru; report-uri //www.amalgama-lab.com/csp/report0.php 1
script-src 'self' *.harbortest.com *.harborfreight.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com ea.harbortest.com:9143 assets.moovweb.net *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net ea.harborfreight.com:9143 px.owneriq.net *.res-x.com seal.verisign.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.g.doubleclick.net *.powerreviews.com *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.payeezy.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harbortest.com *.harborfreight.com *.powerreviews.com *.moovweb.net *.googleapis.com *.akamaihd.net *.turnto.com 'unsafe-inline'; img-src 'self' blob: data: *.harborfreight22.com *.harbortest.com *.harborfreight.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.powerreviews.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.moovweb.net *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com cdn.ywxi.net; connect-src 'self' *.harbortest.com *.harborfreight.com www.facebook.com *.nmgplatform.com *.powerreviews.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net 1
frame-src 'self' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 apornoonlain.tv *.apornoonlain.tv m.apornoonlain.tv *.m.apornoonlain.tv apornoonlain.tv *.apornoonlain.tv video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.mpornob.ru *.onlvideo.net *.dasistnews.net *.tools.runetki.co tools.runetki.co *.megabestnews.net *.dyzha.com *.gonews2.net *.morenews4.net *.tools.bongacash.com *.bongacams.com *.bongacash.com *.davarello.com *.poulop.com *.veroui.com *.likondok.com *.olizyr.com *.targetan.com *.kolitter.com *.wtoredir.com *.qrstes.com *.modelatos.com *.foundtr.com *.teromil.com *.viewrtb.com *.urlrtb.com *.nyyed.com *.panoll.com *.herefegedef.net *.vvmblock.ru *.deobp.com *.hnixr.com *.google-analytics.com *.jbugk.com *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.tnaflix.com *.redtube.com *.xhamster.com *.pornhub.com *.runetki.com *.24video.net *.keezmovies.com *.tgpsitecentral.com *.madthumbs.com *.hardsextube.com *.xvideos.com *.youporn.com *.xxxbunker.com *.youjizz.com *.tube8.com *.spankwire.com *.bestxtube.ru *.nuvid.com *.porn.com *.myeasytv.com *.gawxf.com *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.xiepl.com xiepl.com *.bzlwe.com *.yrsfs.com *.ikiif.com ikiif.com *.jofbu.com jofbu.com *.video18.org video18.org *.onlaxxx.com onlaxxx.com *.7hha.biz *.zqmwf.xyz zqmwf.xyz *.vryxb.xyz vryxb.xyz *.wwteasers.org wwteasers.org *.wwgate.ru wwgate.ru *.xpicw.top xpicw.top *.c.mcbag.top c.mcbag.top *.mcbag.top mcbag.top *.static.wwclick.su static.wwclick.su https://*.static.wwclick.su https://static.wwclick.su *.static.wwpon365.ru static.wwpon365.ru https://*.static.wwpon365.ru https://static.wwpon365.ru *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' videxx.net *.videxx.net jwpcdn.com *.jwpcdn.com 109.169.66.161 *.109.169.66.161 109.169.66.171 *.109.169.66.171 apornoonlain.tv *.apornoonlain.tv m.apornoonlain.tv *.m.apornoonlain.tv apornoonlain.tv *.apornoonlain.tv video-server.local *.video-server.local *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.mpornob.ru *.onlvideo.net *.dasistnews.net *.tools.runetki.co tools.runetki.co *.megabestnews.net *.dyzha.com *.gonews2.net *.morenews4.net *.tools.bongacash.com *.bongacams.com *.bongacash.com *.davarello.com *.poulop.com *.veroui.com *.likondok.com *.olizyr.com *.targetan.com *.kolitter.com *.wtoredir.com *.qrstes.com *.modelatos.com *.foundtr.com *.teromil.com *.viewrtb.com *.urlrtb.com *.nyyed.com *.panoll.com *.herefegedef.net *.vvmblock.ru *.deobp.com *.hnixr.com *.google-analytics.com *.jbugk.com *.vk.com https://*.vk.com *.vkontakte.ru https://*.vkontakte.ru *.tnaflix.com *.redtube.com *.xhamster.com *.pornhub.com *.runetki.com *.24video.net *.keezmovies.com *.tgpsitecentral.com *.madthumbs.com *.hardsextube.com *.xvideos.com *.youporn.com *.xxxbunker.com *.youjizz.com *.tube8.com *.spankwire.com *.bestxtube.ru *.nuvid.com *.porn.com *.myeasytv.com *.gawxf.com *.www.googleapis.com https://*.www.googleapis.com *.www.google-analytics.com https://*.www.google-analytics.com *.xiepl.com xiepl.com *.bzlwe.com *.yrsfs.com *.ikiif.com ikiif.com *.jofbu.com jofbu.com *.video18.org video18.org *.onlaxxx.com onlaxxx.com *.7hha.biz *.zqmwf.xyz zqmwf.xyz *.vryxb.xyz vryxb.xyz *.wwteasers.org wwteasers.org *.wwgate.ru wwgate.ru *.xpicw.top xpicw.top *.c.mcbag.top c.mcbag.top *.mcbag.top mcbag.top *.static.wwclick.su static.wwclick.su https://*.static.wwclick.su https://static.wwclick.su *.static.wwpon365.ru static.wwpon365.ru https://*.static.wwpon365.ru https://static.wwpon365.ru *.promo-bc.com promo-bc.com https://*.promo-bc.com https://promo-bc.com 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; frame-ancestors https:; img-src https: data:; media-src http: https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
frame-ancestors 'self' https://*.pottermore.com 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thespruce.com *.qa.aws.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1
default-src 'self' https://staging.8ch.net/post.php https://invidio.us http://invidio.us https://i.ytimg.com http://i.ytimg.com https://i1.ytimg.com https://thumb-v-ec.xhcdn.com https://video2.thegoldwater.com https://thumb-v.xhcdn.com https://vocaroo.com https://www.smashcast.tv https://hooktube.com https://sys2.8ch.net http://sys2.8ch.net http://nerv.8ch.net https://nerv.8ch.net http://www.8ch.net https://www.8ch.net https://www.vlive.tv http://www.vlive.tv wss://204.63.3.11:8080/megud ws://204.63.3.11:8080/megud wss://ws.8ch.net:8080/megud ws://ws.8ch.net:8080/megud wss://ws.8ch.net:8443/megud ws://ws.8ch.net:8443/megud http://video1.thegoldwater.com https://video1.thegoldwater.com http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0 http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.woff?v=4.3.0 http://sys.8ch.net/stylesheets/font-awesome/fonts/fontawesome-webfont.ttf?v=4.3.0 https://www.xaniatube.com http://www.xaniatube.com https://w.soundcloud.com http://w.soundcloud.com http://*.dmcdn.net https://*.dmcdn.net http://s2.dmcdn.net https://s2.dmcdn.net http://www.n330adserv.com http://n330adserv.com http://cdn-e1.streamable.com http://s1.dmcdn.net https://api.streamable.com http://tn-skr2.smilevideo.jp http://embed.nicovideo.jp http://www.liveleak.com http://cdn-w1.streamable.com https://cdn-w1.streamable.com http://streamable.com https://streamable.com http://www.dailymotion.com https://www.dailymotion.com http://vaughnlive.tv https://vaughnlive.tv https://embed.redtube.com https://player.vimeo.com https://d1wst0behutosd.cloudfront.net http://flashservice.xvideos.com https://i.vimeocdn.com http://thumbs-cdn.redtube.com https://thumb-v.xhcdn.com http://www.xhamster.com https://xhamster.com http://xhamster.com http://www.pornhub.com https://www.pornhub.com http://www.redtube.com https://www.redtube.com http://www.tube8.com https://www.tube8.com https://www.xvideos.com http://www.xvideos.com https://www.youjizz.com http://www.youjizz.com https://vimeo.com http://vimeo.com https://vid.me http://vid.me http://*.vid.me https://*.vid.me https://8ch.net http://8ch.net https://sys.8ch.net https://softserve.8ch.net https://media.8ch.net http://media.8ch.net http://media2.8ch.net https://media2.8ch.net http://softserve.8ch.net https://i.imgur.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://banners.8ch.net https://www.youtube.com https://img.youtube.com http://www.youtube.com http://img.youtube.com https://youtube.com http://youtube.com http://*.jtvnw.net http://*.twitch.tv http://*.justin.tv http://*.ttvnw.net http://122.2.223.42 https://*.jtvnw.net https://*.twitch.tv https://*.justin.tv https://*.ttvnw.net https://122.2.223.42 data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://dnb.no https://*.dnb.no; default-src 'self' blob: http://test4.dnb.avantimedns.se 6479481.fls.doubleclick.net *.dnbeiendom.no *.digipostdata.no https://api-fakturahotell.tellier.no https://bkk-web.bkk.no https://ringvirkninger.stage.george.no https://bkk-web2.bkk.no https://bc.dnb.no https://b2b.edb.com https://b2c.efakt.no https://cards.edb.com https://edi.hatteland.com https://edok.ec.evry.com https://efakt.lyse.no https://efaktura.emetro.no https://eFaktura.enita.no https://efaktura.fellesdata.no https://efaktura.biz https://efaktura.nets.no https://efaktura.quick.no https://e-faktura1.stralfors.net https://*.efaktura.biz https://einvoice.compello.com https://hotel.bbs.no/document https://invoicee.einvoiceportal.no https://invoice.lindorff.com https://kundonline.faktab.se https://mk.ec.evry.com https://privat.telenor.no https://*.efaktura.fellesdata.no https://www.e4cinvoice.com https://www.telenor.no preview.miprocloud.net *.siteimprove.com siteimproveanalytics.com surveydata.no mediaunit.23video.com dc.miprocloud.net *.digipost.no docs.google.com *.tiqcdn.com *.tealiumiq.com https://qbrick.hb.omtrdc.net *.dnbfeed.no https://dpm.demdex.net *.nets.eu *.bbs.no *.dnb.no *.dnb.se *.dnb.sg https://*.mastercard.com http://*.dnbnor.net *.edb.com *.bankid.no themes.googleusercontent.com ssl.google-analytics.com fonts.gstatic.com fonts.googleapis.com csi.gstatic.com http://finncdn.no *.investtech.com *.morningstar.com *.qbrick.com adserver.adtech.de b2b.edb.com nettbankdrift.edb.com *.nets.no bedriftservice.no bilfinansonline.se carporten.dnbfinans.se carporten.nu connect.facebook.net designer.tagmycard.com dev.participant.com dnb.socialcee.com dnbnor.bankavstemming.no dnbnor.easycruit.com dnbnor.enterprisebanker.com dnbnorfeed.com www.deltager.no www.dnbfinans.net fidstest.dnbfinans.no get.adobe.com innbo.livesite.no itunes.apple.com ajax.googleapis.com *.doubleclick.net mts.googleapis.com mts0.googleapis.com mts1.googleapis.com maps-api-ssl.google.com maps.googleapis.com maps.gstatic.com plus.google.com apis.google.com maps.google.no www.google.no www.google.com www.googleadservices.com new.livestream.com thomsonreuters.com tools.euroland.com track.adform.net *.easyresearch.se webcastclients.s3.amazonaws.com www.adobe.com www.euroland.com www.newsweb.no www.nordic-online.net www.nordlandsbanken.no www.sandnes-sparebank.no www.slideshare.net www.soliditet.no www.ssf.no *.youtube.com *.ytimg.com www.youtube-nocookie.com www2.anleger-fernsehen.de wss://*.dnb.no wss://*.edb.com labeladmin.carporten.nu code.jquery.com no.bankid.app://* *.webtrends.com *.webtrendslive.com https://api.vipps.no https://sit02gw.api.test.tech-02.net https://ece46ec4-6f9c-489b-8fe5-146a89e11635.tech-02.net https://www.facebook.com data: chrome-extension: chromeinvoke: chromeinvokeimmediate: chromenull: 'unsafe-inline' 'unsafe-eval' qbrick.d3.sc.omtrdc.net http://*.qbrick.com wvjbscheme://* *.dnbproto.com *.mxpnl.com *.mixpanel.com *.socialboards.com wss://signalr.socialboards.com; media-src 'self' *.dnb.no *.youtube.com:* *.vimeo.com:* http://*.qbrick.com https://*.qbrick.com *.socialboards.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com; report-uri https://www.dnb.no/portalfront/csp/cspreportlog.php 1
frame-ancestors 'self' www.funtime.com.tw asfly.agenttour.com.tw ap.asfly.com.tw payez.agenttour.com.tw www.payeasy.com.tw; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thespruceeats.com *.qa.aws.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1
frame-ancestors 'self' *.oanda.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com https://*.ravelrycache.com https://*.chatlio.com https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com https://ban.nr-data.net bam.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.gstatic.com; frame-src 'self' https://*.facebook.com https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com translate.googleapis.com syndication.twitter.com bam.nr-data.net https://*.chatlio.com https://*.pusher.com wss://*.pusherapp.com; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-DfIMT46rbYnmHTRc3bYePw==' *.yandex.ru *.yandex.ua *.yandex.net yandex.ru yandex.st yastatic.net social.yandex.ru js-agent.newrelic.com bam.nr-data.net; img-src 'self' data: blob: *.yandex.ru *.yandex.net yandex.ru mc.yandex.ru mc.beru.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mc.webvisor.org mc.webvisor.com yandex.st yastatic.net yandexgaby.hit.gemius.pl yandexgaua.hit.gemius.pl www.tns-counter.ru ar.tns-counter.ru ads.adfox.ru ads6.adfox.ru banners.adfox.ru matchid.adfox.yandex.ru fenek.beru.ru fox.beru.ru bam.nr-data.net; style-src 'self' 'unsafe-inline' blob: https://yastatic.net yandex.st; connect-src 'self' data: *.yandex.ru yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.com.tr mc.yandex.com mail.yandex.ru yandex.st yastatic.net bam.nr-data.net; frame-src 'self' blob: data: *.beru.ru beru.ru *.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net www.youtube-nocookie.com www.youtube.com; font-src 'self' data: dealer.s3.yandex.net yastatic.net; media-src *.yandex.net yandex.st yastatic.net; report-uri https://csp.yandex.net/csp?uid=6877759501544331194&login=&from=market.blue_desktop.node&env=prod&ext=true&reqId=1544331194923%2F6411d8da5c6c870f66d84dbd800c7969; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' blob:; connect-src wss: https: ; object-src 'self' blob: ; 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.fr  ; frame-src 'self' *.indeed.com *.indeed.fr https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.fr d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
default-src 'none';form-action https:;frame-src https:;frame-ancestors 'none';manifest-src 'self';base-uri 'none';img-src data: https:;script-src 'strict-dynamic' 'nonce-MC4yNjQyODg=' 'unsafe-inline' https:;style-src 'self' data: 'unsafe-inline' ;connect-src 'self' https://api.joom.com https://api.joompay.tech https://www.google-analytics.com https://fcm.googleapis.com https://www.facebook.com https://api.branch.io https://*.bugsnag.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://hackernoon.com https://*.hackernoon.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors https://*.stoiximan.gr:* 1
frame-ancestors http://*.dubizzle.com https://*.dubizzle.com https://app.optimizely.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' http://www.google-analytics.com https://www.googletagmanager.com https://jira.flipboard.com https://cdn.flipboard.com https://apis.google.com https://cdn.ampproject.org https://connect.facebook.net https://flapi.flipboard.com https://s.flipboard.com http://ue.flipboard.com https://ue.flipboard.com; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://ws.chain.com wss://*.karere.mega.nz localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1
frame-ancestors 'self' *.careerbuilder.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellmind.com *.qa.aws.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/bonappetit 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thebalancesmb.com *.qa.aws.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1
frame-ancestors 'self' *.realitykings.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a8e04dda-4028-47b0-abfa-5385489761c3 1
default-src * 'unsafe-inline'; frame-ancestors 'self'; img-src * data: blob:; media-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1
default-src 'self';img-src 'self' https: data:;connect-src 'self' wss://steamdb.info https://www.google-analytics.com;font-src 'self' https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'nonce-rYXfVOHYwJ1WV/VfXN7Rb2WSuRE=' https://www.google-analytics.com;frame-src 'self' https://store.steampowered.com https://www.youtube.com/; 1
default-src 'self'; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tealium.hs.llnwd.net service.maxymiser.net camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net www.google.com www.gstatic.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com cdn.otherlevels.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud; style-src 'self' 'unsafe-inline' camelotcdn.abaresearch.uk service.maxymiser.net eg4005bprl.egaincloud.net d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud; frame-src 'self' https://payments1.national-lottery.co.uk https://payments2.national-lottery.co.uk *.doubleclick.net *.tealiumiq.com www.youtube.com static.ak.facebook.com s-static.ak.facebook.com www.facebook.com service.maxymiser.net qgen.abaresearch.co.uk eg4005bprl.egaincloud.net www.google.com camelot.egain.cloud; img-src 'self' camelot.d3.sc.omtrdc.net d.turn.com service.maxymiser.net camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net www.facebook.com i.ctnsnet.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud blob:; connect-src 'self' camelotcdn.abaresearch.uk eg4005bprl.egaincloud.net *.tealiumiq.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com js-api.otherlevels.com js-tags.otherlevels.com js-content.otherlevels.com js-mdn.otherlevels.com js-rich.otherlevels.com js-deliverability-api.otherlevels.com client-reporting.otherlevels.com d26c0rrqwd9a5c.cloudfront.net camelot.egain.cloud; frame-ancestors 'self'; font-src 'self' d9jip03vd289g.cloudfront.net 1
frame-ancestors kink.com 1
frame-ancestors 'self' http://*.leroymerlin.fr https://*.leroymerlin.fr https://*.lmcdn.fr 1
frame-ancestors *.aarp.org *.aarp.net *.nationalhearingtest.org; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.tripsavvy.com *.qa.aws.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1
default-src https://trade.mql5.com 'self' https://*.facebook.net https://*.youtube.com https://*.licdn.com http://*.mexgroup.com data: https://www.google-analytics.com https://*.mmstat.com  https://*.youku.com http://*.share.baidu.com https://360fenxi.mediav.com https://zz.bdstatic.com 'unsafe-eval' 'unsafe-inline' https://*.mexgroup.com https://*.googleapis.com https://*.baidu.com https://*.union.360.cn https://*.hotjar.com https://*.livechatinc.com; font-src 'self' https://*.googleusercontent.com https://*.livechatinc.com https://*.gstatic.com https://*.mexgroup.com https://*.googleusercontent.com 1
frame-ancestors 'self' http://*.bloomberg.com https://*.bloomberg.com 1
frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dnn506yrbagrg.cloudfront.net https://www.googletagmanager.com https://vjs.zencdn.net https://cdn.mathjax.org https://www.sc.pages02.net https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://*.olark.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.google-analytics.com https://jobs.jobvite.com https://plus.google.com https://www.googleadservices.com https://players.brightcove.net http://ie7-js.googlecode.com https://apis.google.com https://d1fc8wv8zag5ca.cloudfront.net https://connect.facebook.net https://*.criteo.com https://s.pinimg.com https://s.yimg.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.criteo.net https://ajax.googleapis.com https://*.doubleclick.net https://platform.twitter.com https://*.ads-twitter.com https://*.googlesyndication.com https://boards.greenhouse.io https://adservice.google.com https://snap.licdn.com https://s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.olark.com https://fast.fonts.net https://fonts.googleapis.com; img-src 'self' data: blob: https://*.pages02.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://*.olark.com https://www.facebook.com https://ct.pinterest.com https://www.google.com https://bat.bing.com https://*.doubleclick.net https://q.quora.com https://*.linkedin.com https://*.criteo.net https://secure.adnxs.com https://cdn.optimizely.com https://www.bizographics.com https://www.google-analytics.com https://placeholdit.imgix.net https://*.criteo.com https://tck.ttadstrk.com https://www.w3.org https://*.analytics.yahoo.com https://*.googlesyndication.com https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://adservice.google.com https://gtrk.s3.amazonaws.com https://user-event-tracker.crazyegg.com; frame-src 'self' https://*.ixl.com https://www.youtube.com https://ixl.desk.com https://jobs.jobvite.com https://players.brightcove.net https://accounts.google.com https://*.criteo.com https://www.gstatic.com https://*.olark.com https://*.doubleclick.net https://*.googlesyndication.com https://boards.greenhouse.io https://app.optimizely.com https://a14220909.cdn.optimizely.com; media-src 'self' blob: https://*.olark.com https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://rwforg.speechstream.net/; connect-src 'self' https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://*.olark.com https://*.optimizely.com https://*.greenhouse.io https://csm.sv.us.criteo.net https://www.google-analytics.com https://docs.google.com https://rwforg.speechstream.net/ https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://ct.pinterest.com https://pubsub.ixl.com wss://pubsub.ixl.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://blog.ixl.com/ http://support/ http://supportvm/ http://support.quiacorp.com/ http://supportvm.quiacorp.com/ http://try.quiacorp.com/; report-uri /actions/csp/report; 1
frame-ancestors https://www.balenciaga.com/ https://www.balenciaga.com/ ; 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri /api/csp-report 1
frame-ancestors *.ntu.edu.sg 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; frame-ancestors https://*.eztravel.com.tw http://*.eztravel.com.tw  1
style-src 'self' 'unsafe-inline' https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://cdn.dynamicyield.com https://service.force.com https://full-urbanoutfitters.cs15.force.com https://urbn.my.salesforce.com https://urbanoutfitters.secure.force.com https://use.fontawesome.com https://*.rewardstyle.com https://app.curalate.com https://*.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://script.crazyegg.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://fast.fonts.net https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://*.bluecore.com https://tpc.googlesyndication.com https://service.force.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://*.googleapis.com https://ct1.ra.linksynergy.com https://static.criteo.net https://full-urbanoutfitters.cs15.force.com https://urbn.my.salesforce.com https://*.cs15.my.salesforce.com https://urbanoutfitters.secure.force.com https://www.google.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://*.rewardstyle.com https://s3.amazonaws.com https://app.curalate.com https://www.shopstylecollective.com https://cm.g.doubleclick.net https://www.shopstylecollective.co.uk; 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=yaru.ru&showid=1544352872.65557.160925.811943&h=vla2-4283-b3a-vla-portal-morda-deb-16891&csp=old&date=20181209&yandexuid=9172007441544352872; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
child-src 'self' blob: facebook.com vk.com www.instagram.com *.doubleclick.net yastatic.net *.googleapis.com *.yandexadexchange.net www.youtube.com *.facebook.com www.avtoradio.ru *.yandex.ru webvisor.com *.apester.com *.soundcloud.com youtube.com www.veseloeradio.ru *.betweendigital.com ok.ru premiaradiomania.ru www.deti.fm www.gpmradio.ru www.radioromantika.ru 1
default-src blob: data: https://*.akamaihd.net https://*.akamaized.net https://*.analytics.edgekey.net https://*.linkpulse.com https://*.scribblelive.com https://*.svt.se https://*.twimg.com https://analytics.codigo.se https://cm.everesttech.net https://dpm.demdex.net https://pp.lp4.io https://sb.scorecardresearch.com https://sentry.io https://svt.d3.sc.omtrdc.net https://svt.demdex.net https://time.akamai.com https://trafficgateway.research-int.se https://translate.google.com https://www.gstatic.com https://www.svtstatic.se https://event-center-fwc.sports.gracenote.com https://svt.html.infostradasports.com https://media-svt.stormgeo.com https://svt-voting-api-prod.herokuapp.com/vote/register 'self' 'unsafe-eval' 'unsafe-inline';report-uri https://sentry.app.svt.se/api/2/csp-report/?sentry_key=6b8a1f48bd324aa489a252588099964b 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vogue 1
default-src tr.binomo.com 'self'; child-src *; connect-src websdk.moengage.com ekr.zdassets.com www.googleapis.com www.google-analytics.com wss://*.zopim.com wss://*.cackle.me binomo.zendesk.com mc.yandex.ru *.intercom.io wss://*.intercom.io app.getsentry.com *.kameleoon.com 'self' *.binomo.com wss://*.binomo.com:*; font-src data: *.zopim.com *.binomo.com js.intercomcdn.com fonts.gstatic.com mc.yandex.ru *.livechatinc.com themes.googleusercontent.com maxcdn.bootstrapcdn.com 'self'; img-src * data:; media-src 'self'; script-src *.doubleclick.net *.google.com cdn.moengage.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io *.intercomcdn.com binomo.co *.kameleoon.com *.cackle.me cackle.me cdn.rutarget.ru *.adroll.com gscst-84a.kxcdn.com *.getsitecontrol.com *.binomo.com binstats.com *.googletagmanager.com *.google-analytics.com mc.yandex.ru *.mail.ru echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.ytimg.com www.gstatic.com *.livechatinc.com www.googleadservices.com *.adnetwork.vn yastatic.net 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.google.com static.kameleoon.com *.cackle.me *.binomo.com fonts.googleapis.com 'unsafe-inline' 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.imedia.cz http://*.imedia.cz https://*.imedia.cz *.pliing.com http://*.pliing.com https://*.pliing.com gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.seznamzpravy.cz https://www.seznamzpravy.cz *.pubmatic.com *.adform.net *.adnxs.net *.doubleclick.net; frame-ancestors 'self' www.seznam.cz share.seznam.cz www.seznamzpravy.cz adminzpravy.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.gstatic.com data: 1
default-src 'self'; script-src 'self' c.mql5.com c.mql5.com trade.mql5.com www.mql5.com content.mql5.com content.mql5.com content.finteza.org search.mql5.com maps.googleapis.com maps.google.com mc.yandex.ru *.google-analytics.com stats.g.doubleclick.net connect.facebook.net www.facebook.com player.youku.com  'unsafe-inline' 'unsafe-eval'; style-src c.mql5.com fonts.googleapis.com player.youku.com 'unsafe-inline'; img-src 'self' msg1.mql5.dev msg1.mql5.com c.mql5.com c.mql5.com www.mql5.com content.mql5.com content.mql5.com content.finteza.org download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru trade.mql5.com stat.mql5.com blob: *.tile.openstreetmap.org csi.gstatic.com maps.gstatic.com maps.google.com maps.googleapis.com chart.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com mc.yandex.ru *.google-analytics.com stats.g.doubleclick.net www.facebook.com connect.facebook.net; media-src 'self' msg1.mql5.dev msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com fonts.gstatic.com; connect-src 'self' trade.mql5.com wss://msg1.mql5.dev https://msg1.mql5.dev wss://msg1.mql5.com wss://www.mql5.com https://msg1.mql5.com gwt1.mql5.com gwt2.mql5.com gwt3.mql5.com gwt4.mql5.com gwt5.mql5.com gwt6.mql5.com gwt7.mql5.com gwt8.mql5.com gwt9.mql5.com gwt10.mql5.com gwt11.mql5.com mc.yandex.ru *.google-analytics.com stats.g.doubleclick.net connect.facebook.net www.facebook.com; frame-src 'self' blob: trade.mql5.com content.mql5.com www.youtube.com player.youku.com c.mql5.com www.facebook.com mql5buy: mql4buy:; object-src 'self' blob: trade.mql5.com www.youtube.com player.youku.com c.mql5.com; child-src 'self' trade.mql5.com www.youtube.com player.youku.com c.mql5.com; 1
default-src * data: blob:; frame-ancestors *.smule.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https://boards.greenhouse.io/embed/job_board/js https://js.stripe.com/v2/ https://js.stripe.com/v3/ http://*.smule.com:* http://*.facebook.net http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.gstatic.com https://*.smule.com:* https://*.facebook.net https://*.accountkit.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com http://www.apple.com/library/quicktime/scripts/ac_quicktime.js https://www.apple.com/library/quicktime/scripts/ac_quicktime.js platform.twitter.com https://optimize.google.com; style-src 'unsafe-inline' data: http://*.smule.com:* https://*.smule.com:* yui.yahooapis.com https://optimize.google.com https://fonts.googleapis.com; report-uri /s/csp-log; 1
frame-ancestors 'none'; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 1
default-src 'self'	*.sp sp *.softportal.com softportal.com *.softportal.ua	master-push.com s.uuidksinc.net actpx.com actiflex.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st    *.doubleclick.net    https://*.googleapis.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.google-analytics.com    https://*.google.com https://*.google.com.ua https://*.google.ru    connect.facebook.net *.facebook.com    stg.odnoklassniki.ru *.ok.ru vkontakte.ru vk.com https://d31qbv1cthcecs.cloudfront.net    adv.otclick-adv.ru static.otclick-adv.ru otclick-adv.ru    files.goodadvert.ru engine.goodadvert.ru engine2.goodadvert.ru udb.goodadvert.ru udb.adgear.ru    js.softprotalfiles.com w.uptolike.com https://relap.io    *.mediatoday.ru mediatoday.ru    *.castplatform.com platform.twitter.com    www.googletagservices.com partner.googleadservices.com    http://universalsrc.com    http://rtb.com.ru/mediatoday-script    https://js.gleam.io slinks.yadro.ru    https://d31j93rd8oukbv.cloudfront.net/metrika/ https://mc.webvisor.com    s7.addthis.com m.addthisedge.com m.addthis.com api-public.addthis.com www.linkedin.com    js.mamydirect.com    https://cdn.ywxi.net https://www.mcafeesecure.com	master-push.com	jsc.marketgid.com https://servicer.marketgid.com https://cm.marketgid.com;child-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st yastatic.net *.yandexadexchange.net    *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net    youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru    https://images01.iqoption.com https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com    https://*.googleapis.com https://*.gstatic.com https://gstatic.com cse.google.com    https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com https://www.google.com    https://accounts.google.com *.facebook.com vk.com login.vk.com    *.mediatoday.ru mediatoday.ru    w.uptolike.com yandexadexchange.net https://gleam.io platform.twitter.com https://syndication.twitter.com    s7.addthis.com https://www.mcafeesecure.com;connect-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua www.phpmyadmin.net    *.mediatoday.ru mediatoday.ru    mc.yandex.ru https://translate.googleapis.com www.google-analytics.com *.googleapis.com    https://mc.webvisor.com    s7.addthis.com m.addthis.com	master-push.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.googleapis.com *.gstatic.com *.yandex.ru stg.odnoklassniki.ru cse.google.com www.google.com    *.mediatoday.ru mediatoday.ru    https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru https://relap.io data:;font-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.mediatoday.ru mediatoday.ru    *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com w.uptolike.com    https://*.gstatic.com https://*.yandex.ru data:;img-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.yandex.net *.yandex.ru yandex.ru yandex.st    *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com www.google-analytics.com ssl.google-analytics.com    https://*.yandex.net https://*.yandex.ru https://*.googlesyndication.com www.google.com clients1.google.com    https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com    https://apycdn.com https://*.iqoption.com *.facebook.com    c.bigmir.net i.bigmir.net counter.rambler.ru counter.yadro.ru top100-images.rambler.ru partner.iobit-team.ru    www.tns-counter.ru vk.com de.c4.b5.a0.top.list.ru yastatic.net *.cloudfront.net cloudfront-labs.amazonaws.com    static.adtidy.net i.webguard.ru advombat.ru wq3.ru https://ad.admitad.com https://cdn.admitad.com/    *.mediatoday.ru mediatoday.ru    *.castplatform.com syndication.twitter.com    http://otclick-adv.ru http://universalsrc.com    http://rtb.com.ru https://i.ytimg.com    w.uptolike.com https://js.gleam.io cdn.relap.io https://relap.io https://x.cnt.my amscdn.relap.io    https://mc.webvisor.com https://cdn.ywxi.net  https://www.carambis.ru	https://imgg-cdn.marketgid.com c.marketgid.com udata.mixmarket.biz cm.marketgid.com imgg-cdn.tovarro.com	data:;object-src 'self' *.sp sp *.softportal.com softportal.com *.softportal.ua    *.gstatic.com an.yandex.ru https://*.gstatic.com https://an.yandex.ru    *.mediatoday.ru mediatoday.ru; 1
frame-ancestors 'self' https://www.bitmex.com https://static.bitmex.com https://www-eu-west-1.bitmex.com https://www-sg-1-az.bitmex.com https://www2.bitmex.com;report-uri https://sentry.services.bitmex.com/api/2/csp-report/?sentry_key=5a2d0d5524c54b908d447fe1ca308d25; 1
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz; report-uri /cspreport; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.google.com www.gstatic.com ; style-src 'self' 'unsafe-inline' ; img-src * data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; connect-src 'self' ; object-src 'none' ; child-src 'self' www.youtube.com www.google.com webchat.quakenet.org ; frame-ancestors 'none' ; form-action 'self' www.paypal.com www.sandbox.paypal.com ; media-src 'self' pub.rachni.com 1
child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.m3.com:* *.m3img.com:* *.uliza.jp *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.jp *.doubleclick.net b92.yahoo.co.jp ybx.yahoo.co.jp *.twimg.com *.googleapis.com *.facebook.net t.co *.facebook.com *.ads-twitter.com *.fout.jp *.adjust-net.jp *.mcube-stream.com 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.truefitcorp.com http://*.truefitcorp.com https://www.googletagmanager.com http://*.bazaarvoice.com https://*.bazaarvoice.com https://code.jquery.com https://*.evergage.com http://*.evergage.com http://*.academy.com https://*.academy.com https://*.iesnare.com https://*.amazonaws.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.scene7.com http://*.scene7.com  https://*.firstdata.com https://*.google.com https://*.paypalobjects.com https://unpkg.com https://*.evgnet.com http://www.youtube.com https://www.youtube.com https://*.go-mpulse.net http://*.go-mpulse.net https://*.ytimg.com https://*.googleadservices.com https://cdn.b0e8.com https://*.micpn.com https://*.pbbl.co https://*.pinimg.com https://*.myvisualiq.net https://*.facebook.net https://googleads.g.doubleclick.net http://*.googleapis.com https://*.googleapis.com https://*.evgnet.com https://tagmanager.google.com https://*.cdn-net.com http://*.cdn-net.com https://*.akamaihd.net https://*.paymentjs.firstdata.com https://*.paypal.com https://*.rfihub.net https://*.rfihub.com https://*.dealtime.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b769d894-8470-40b4-99cd-d32c008e05fb 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://be.wizzair.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://cloudfront.loggly.com https://aff.bstatic.com https://widget.rentalcars.com https://*.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net *.akamaihd.net https://youtube.com https://www.youtube.com https://*.ytimg.com https://instagram.com https://www.instagram.com https://*.polyfill.io; connect-src 'self' wss: *.wizzair.com *.loggly.com https://waplazrass01.search.windows.net https://bam.nr-data.net https://www.google-analytics.com https://partner.wizzair.com https://widget.rentalcars.com https://*.hotjar.com https://api.instagram.com https://www.facebook.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://widget.rentalcars.com https://cars.wizzair.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-src https://5308433.fls.doubleclick.net https://www.booking.com https://secure.rentalcars.com https://www.facebook.com https://connect.facebook.net https://*.hotjar.com https://www.youtube.com https://www.google.com https://www.instagram.com; object-src 'self'; manifest-src 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src https:; worker-src blob:; report-uri https://dailykos.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.internshala.com *.googleadservices.com *.bootstrapcdn.com *.googleads.g.doubleclick.net ; img-src 'self' *.amazonaws.com * data: *.googleapis.com pagead2.googlesyndication.com  *.internshala.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.googleads.g.doubleclick.net *.jquery.com *.bootstrapcdn.com *.google-analytics.com data: pagead2.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.googleapis.com *.amazonaws.com *.gstatic.com *.internshala.com *.linkedin.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.google.com *.internshala.com; font-src 'self' data: fonts.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.internshala.com ;frame-src *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.hellotars.com *.googletagmanager.com *.googleapis.com *.linkedin.com; frame-ancestors 'self' *.internshala.com; object-src 'self'; connect-src 'self' ws: wss: *.google.com *.google-analytics.com *.doubleclick.net  *.amazonaws.com *.google.co.in *.facebook.com *.instagram.com; base-uri 'self' *.internshala.com; report-uri /csp_report/report_csp_error ; 1
default-src 'self' ws://localhost:* data: 'unsafe-inline' 'unsafe-eval' localhost:* *.youneedabudget.com marketing-youneedabudgetco.netdna-ssl.com sslcdn-youneedabudgetco.netdna-ssl.com youneedabudget.helpscoutdocs.com *.quora.com *.helpscout.net *.sumologic.com *.pusher.com d3hb14vkzrxvla.cloudfront.net player.vimeo.com apis.google.com accounts.google.com www.google.com www.google.ca www.google.co.uk www.google.au www.google.de www.google.com.br www.google.be www.google.co.nz www.google.es www.google.nl www.google.com.ph www.google.co.in www.google.fr www.google.ie www.google.com.mx www.google.ru www.google.pl www.google.com.sg www.google.no www.google.ch *.googletagmanager.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.doubleclick.net https://docs.google.com https://api.ipify.org https://s.pinimg.com *.facebook.com *.pinterest.com *.facebook.net *.youtube.com djtflbt20bdde.cloudfront.net https://d.adroll.com https://s.adroll.com https://pixel.cdnwidget.com/cdn/c.min.js https://ids.cdnwidget.com/c https://*.cdnbasket.net/ *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.twitter.com *.ads-twitter.com *.soundcloud.com https://youneedabudget.us11.list-manage.com https://ajax.cloudflare.com https://giphy.com/ https://api.cloudinary.com https://cdnjs.cloudflare.com https://api.getgo.com *.mparticle.com *.amplitude.com;frame-ancestors http://localhost:3000 http://localhost:7888 *.youneedabudget.com ;img-src data: *;font-src 'self' data: fonts.gstatic.com *.intercomcdn.com sslcdn-youneedabudgetco.netdna-ssl.com 1
script-src 'nonce-nFXUrbqZdPdVRwCj' 'self' https://cache.vtrcdn.com/ *.gstatic.com *.nr-data.net *.newrelic.com *.youtube.com *.ytimg.com *.googleapis.com *.hotjar.com *.tamgrt.com *.facebook.net s.yimg.com js-agent.newrelic.com; img-src 'self' https://cache.vtrcdn.com/ https://cache-graphicslib.viator.com/graphicslib/ https://media.tacdn.com/media/ data: *.gstatic.com *.viator.com *.facebook.com *.zanox.com https://*.paypal.com *.zenaps.com; style-src 'self' 'unsafe-inline' https://cache.vtrcdn.com/ *.google.com *.googleapis.com *.hotjar.com; font-src 'self' https://cache.vtrcdn.com/ data:; frame-src 'self' https://cache.vtrcdn.com/ https://www.tamgrt.com/ https://*.facebook.com *.youtube.com *.cdn-net.com *.vtrcdn.com *.hotjar.com *.tripadvisor.es *.tripadvisor.de *.tripadvisor.fr *.tripadvisor.it *.tripadvisor.nl *.tripadvisor.com *.tripadvisor.com.br *.tripadvisor.se *.tripadvisor.jp *.tripadvisor.dk *.tripadvisor.com.au *.tripadvisor.ca *.tripadvisor.co.uk *.paypal.com; form-action 'self' https://*.facebook.com https://accounts.google.com/* https://staging.cdn-net.com https://www.cdn-net.com https://*.paypal.com https://www.tamgrt.com/RT; object-src 'self' https://cache.vtrcdn.com/; report-uri /orion/csp/report; connect-src 'self' https://cache.vtrcdn.com/ *.facebook.com *.hotjar.com wss://*.hotjar.com/api/v1/client/ws https://graylog.hotjar.com:12443/gelf *.paypal.com *.braintreegateway.com *.braintree-api.com bam.nr-data.net *.authoritycrm.com; default-src 'self'; child-src 'self' https://cache.vtrcdn.com/; media-src 'self' https://cache.vtrcdn.com/ 1
object-src 'none' ; img-src https: http: blob: data: ; frame-src http://* https://* https://www.google.com/recaptcha/ ; font-src https://*.www-assets-hightail.global.ssl.fastly.net https://* http://* data: ; script-src data: 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com/embed/ http://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://cdn.heapanalytics.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ https://pendo-io-static.storage.googleapis.com/ data https://*.www-assets-hightail.global.ssl.fastly.net; 1
frame-ancestors 'self' http://www.cv.ee/ 1
form-action 'self' https://pacogames.os.tc/subscribe 1
frame-ancestors https://*.modelmayhem.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-a0ec26b725896e9a7687c8b2a2d050' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=e97c179e-db09-4236-a5b9-1252d302b83f&version=34ffb8f2235021bdf63196a35d812040b87aaecd 1
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://assets.secure.checkout.visa.com https://static.masterpass.com https://www.paypalobjects.com https://thm.visa.com; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://*.checkout.visa.com https://*.visa.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://*.checkout.visa.com https://script.crazyegg.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.masterpass.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://thm.visa.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.masterpass.com https://masterpass.com https://*.smartrecruiters.com; connect-src https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com; frame-src 'self' https://*.bazaarvoice.com blob: https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://*.checkout.visa.com https://thm.visa.com https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://*.masterpass.com https://masterpass.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-f226a92d738a601f564c81cf15cf0a' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=a22d248d-ba4e-499a-8aad-6ca3c5474b0d&version=34ffb8f2235021bdf63196a35d812040b87aaecd 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src https://report.s.csp.squarespace.com; script-src https://static3.squarespace.com https://www.google.com https://www.gstatic.com; style-src https://static3.squarespace.com 'unsafe-inline'; img-src data: 'self'; base-uri 'none'; form-action 5help.squarespace.com support.squarespace.com squarespace.zendesk.com circleforum.squarespace.com; font-src data:; connect-src 'self' https://www.squarespace.com; report-uri https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; frame-src https://www.google.com https://static3.squarespace.com; child-src https://www.google.com https://static3.squarespace.com; report-to https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-60a537f60f64bd85491d7c2d6b126f' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=6db1751a-7f6a-483f-8047-bd5aeedc26fe&version=62c29f3d39b5035178b711ed93129e9757ef18d0 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/epicurious 1
object-src * 'unsafe-inline' 1
style-src 'self' 'unsafe-inline' jimdo.github.io tagmanager.google.com fonts.googleapis.com webteam.jimstatic.com *.jimstatic.com; img-src 'self' www.facebook.com www.google-analytics.com www.google.com www.google.de ssl.gstatic.com www.gstatic.com *.doubleclick.net *.tvsquared.com t.jimdo-platform.net b97.yahoo.co.jp *.bunchbox.co www.googleadservices.com *.outbrain.com *.quantserve.com *.peaksandpies.io data: *.jimstatic.com; connect-src 'self' *.hotjar.com; frame-src 'self' www.facebook.com staticxx.facebook.com cms.e.jimdo.com dashboard.e.jimdo.com register.jimdo.com *.hotjar.com a.jimdo.com *.fls.doubleclick.net; font-src 'self' data: jimdo.github.io fonts.gstatic.com *.jimstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net a.jimdo.com *.jimstatic.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com s.yimg.jp *.hotjar.com b97.yahoo.co.jp *.bunchbox.co *.tvsquared.com *.doubleclick.net *.outbrain.com *.quantserve.com *.peaksandpies.io; default-src 'none' 1
default-src 'self' https://cdn.ivaws.com; connect-src https://trc.taboola.com https://sockjs.pusher.com https://*.pinterest.com wss://ws.pusherapp.com wss://*.intercom.io https://*.intercom.io https://api-iam.intercom.io http://*.hotjar.com  ws://*.hotjar.com wss://*.hotjar.com https://wikibuy.zendesk.com https://*.doubleclick.net https://apps.rokt.com https://trk.shophermedia.net https://*.fullstory.com https://api.segment.io https://nrpc.olark.com wss://ws.ivf-dev.com wss://ws.wikibuy.com https://*.ivaws.com https://*.ivf-dev.com https://*.wikibuy.com https://ivf-dev.com https://wikibuy.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://*.akamaihd.net; script-src https://stats.pusher.com https://*.gstatic.com https://*.stripe.network https://roktcdn1.akamaized.net   data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com https://*.criteo.com https://*.braintreegateway.com https://*.quora.com https://*.getvero.com http://*.hotjar.com https://*.hotjar.com https://*.outbrain.com https://*.cloudfront.net https://apps.rokt.com https://adservice.google.com https://*.yahoo.com https://www.fullstory.com https://www.googleadservices.com https://www.google-analytics.com https://s.yimg.com https://trc.taboola.com https://cdn.taboola.com https://cstpersle.com https://s.pinimg.com https://*.googlesyndication.com https://*.hotjar.com https://*.olark.com https://*.google.com https://*.stripe.com https://js.intercomcdn.com https://assets.customer.io https://*.ivaws.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://*.segment.com https://maps.googleapis.com https://static.criteo.net https://widget.intercom.io https://*.wistia.com https://*.wistia.net https://*.litix.io; img-src 'self' https://*.googleapis.com https://themoneymanual.servecvr.com https://*.taboola.com https://apps.rokt.com http://t.thepennyhoarder.com https://*.go2cloud.org https://*.intercomcdn.com https://*.cloudfront.net https://*.paypal.com https://static.intercomassets.com https://cvs.com https://*.kohlsimg.com data: https://*.medium.com https://*.macysassets.com https://help.wikibuy.com https://trk.shophermedia.net https://*.ytimg.com https://*.pinterest.com https://*.quora.com https://*.google.com https://*.doubleclick.net https://www.google-analytics.com https://log.olark.com http://*.hotjar.com https://*.hotjar.com https://www.facebook.com https://t.afftrackr.com/ https://*.gstatic.com http://*.images-amazon.com https://q.stripe.com https://track.customer.io https://logo.clearbit.com http://*.ssl-images-amazon.com https://*.ssl-images-amazon.com https://*.amazon.com http://*.amazon.com https://imageproxy.ivaws.com http://imageproxy.ivaws.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://cdn.ivf-dev.com https://cdn.ivaws.com https://*.wistia.com https://*.wistia.net https://*.litix.io https://cstpersle.com http://*.outbrain.com; style-src 'self' 'unsafe-inline' https://static.olark.com https://fonts.googleapis.com https://assets.zendesk.com https://cdn.ivaws.com https://*.wistia.com https://*.wistia.net https://apps.rokt.com https://*.litix.io; font-src 'self' data: https://js.intercomcdn.com https://cdn.ivaws.com https://themes.googleusercontent.com; child-src https://c.paypal.com https://www.youtube.com https://*.criteo.com https://*.doubleclick.net http://*.hotjar.com https://*.hotjar.com https://*.google.com https://static.olark.com https://staticxx.facebook.com https://js.stripe.com https://assets.zendesk.com https://apps.rokt.com https://*.facebook.com https://tautt.zendesk.com https://widget.intercom.io https://*.wistia.com https://*.wistia.net https://*.litix.io; media-src 'self' data: blob: https://*.wistia.com https://*.wistia.net https://apps.rokt.com https://*.litix.io https://*.akamaihd.net; prefetch-src https://cdn.ivaws.com; object-src 'none' 1
frame-ancestors http://www.4helal.net 1
default-src 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com; script-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com 'unsafe-eval'; connect-src * 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com; img-src data: 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com blob:; style-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com; media-src blob: 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://authedmine.com https://authedmine.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.co.id *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com cdnjs.cloudflare.com *.inews.id *.disqus.com *.disquscdn.com https://disqus.com https://*.disqus.com https://*.okezone.com https://*.metube.id *.metube.id http://*.inews.id http://cdn.viglink.com/ https://stats.g.doubleclick.net http://*.googlesyndication.com https://*.alexametrics.com http://*.alexametrics.com https://www.googletagservices.com https://www.googletagservices.com https://adservice.google.co.id https://googleads.g.doubleclick.net http://cloudfront-labs.amazonaws.com https://*.doubleclick.net http://*.cloudfront.net http://*.doubleclick.net https://*.googlesyndication.com mobileads.google.com https//placehold.it/ http://*.metube.id/ https://*.metube.id/ http://placehold.it/ https://placehold.it/ https://securepubads.g.doubleclick.net/ https://cc.adingo.jp/ https://sb.scorecardresearch.com/ https://cdn.ampproject.org/ https://*.sindonews.com/ https://*.okezone.com https://*.doubleclick.net/ https://*.subscribers.com/ https://nuri.inews.id https://unpkg.com/ https://static.vidy.com/ https://api.vidy.com/ 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; media-src http: 'unsafe-inline' https:; connect-src https: wss:; img-src * data: https: android-webview-video-poster: 1
frame-ancestors https://apps.facebook.com https://userheat.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-XPmczvEdap' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-92e444e5816ae11988dbb9285c5774' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=5a50543f-0218-4894-ace6-975d720bd1e9&version=df507506fab90b586a0c098cfae7b9995f2450e7 1
default-src 'self' *.amdm.ru amdm.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.amdm.ru amdm.ru https://*.google.com https://adservice.google.ru https://adservice.google.com.ua https://adservice.google.kz https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.gstatic.com *.googleapis.com https://*.googleapis.com https://*.gstatic.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru *.yandex.ru https://*.yandex.ru *.yandex.net *.yandex.net vk.com *.vk.com https://vk.com https://*.vk.com ok.ru *.ok.ru http://*.google-analytics.com https://*.google-analytics.com http://*.twitter.com https://*.twitter.com http://*.jquery.com https://*.jquery.com *.yastatic.net https://*.yastatic.net http://yastatic.net https://yastatic.net www.google-analytics.com https://www.google-analytics.com; object-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.gstatic.com https://*.gstatic.com an.yandex.ru https://an.yandex.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru yastatic.net https://yastatic.net; img-src * data:; media-src 'self' data: *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net; frame-src 'self' data: *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://*.googleadservices.com *.gstatic.com https://*.gstatic.com *.yandex.ru https://*.yandex.ru *.yastatic.net yastatic.net https://*.yastatic.net *.yandex.net https://yandex.net *.youtube.com https://*.youtube.com vk.com https://vk.com; font-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.yandex.ru https://*.yandex.ru yastatic.net https://yastatic.net; connect-src 'self' *.amdm.ru amdm.ru *.google.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru https://*.yandex.ru *.gstatic.com *.googleapis.com https://translate.googleapis.com http://www.google-analytics.com https://www.google-analytics.com; report-uri /csp/collector.php  1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar; 1
frame-ancestors 'self' https://*.leetcode.com https://leetcode.com https://*.leetcode-cn.com https://leetcode-cn.com https://*.lingkou.com https://lingkou.com https://tongji.baidu.com https://www.growingio.com https://*.leetcode.pro https://leetcode.pro 1
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; connect-src 'self' http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com http://*.amazonaws.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; 1
frame-ancestors 'self' https://*.touristtube.com/; default-src https://*.touristtube.com/ https:; connect-src 'self' https://*.touristtube.com/ https://*.touristtube.com:8765/ https://chat.touristtube.com:3000/ https://*.facebook.com/ https://connect.facebook.net/ https://*.adroll.com/; img-src 'self' https://*.touristtube.com https://maps.googleapis.com/ https://*.gstatic.com/ https://www.google.com/ https://www.google.com.lb/ https://www.google-analytics.com/ https://www.google-analytics.com.lb/ https://*.alexametrics.com/ https://www.facebook.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://jwpltx.com/ https://*.doubleclick.net/ https://ads.yahoo.com/ data: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.touristtube.com/ https://fonts.googleapis.com/ https://*.cloudflare.com/ https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.touristtube.com/ https://*.mastercard.com/ https://connect.facebook.net/ https://*.cloudflare.com/ https://*.payfort.com/ https://mpsnare.iesnare.com/ https://freegeoip.net/ https://*.newrelic.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://chat.touristtube.com:3000/ https://adservice.google.com/ https://adservice.google.com.lb/ https://*.googlesyndication.com/ https://connect.facebook.net/ https://code.jquery.com/ https://www.google-analytics.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://ssl.p.jwpcdn.com/player/ https://*.nr-data.net/; object-src 'self' blob: https:; worker-src 'self' blob: https://*.touristtube.com/ https: 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com mc.yandex.ru blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-6a54438a13a368476f79f455b6e71b' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=3e50fe59-e7bc-45ee-8ecd-749ffee28ece&version=df507506fab90b586a0c098cfae7b9995f2450e7 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.flashback.org; img-src 'self' data: https://static.flashback.org; style-src 'self' 'unsafe-inline' https://static.flashback.org; font-src 'self' data: https://static.flashback.org; form-action 'self'; connect-src 'self'; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' spellcheck.boe.es svc.webspellchecker.net www.google-analytics.com ajax.googleapis.com ; connect-src 'self' spellcheck.boe.es ; img-src 'self' spellcheck.boe.es data: www.google-analytics.com ajax.googleapis.com chart.apis.google.com servicios.mpr.es ; style-src 'unsafe-inline' 'self' *.boe.es fonts.googleapis.com ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; child-src 'self' spellcheck.boe.es www.youtube.com afirma: ; object-src 'self' ; media-src 'self' 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' mobile.free.fr www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.fr connect.facebook.net www.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com assistance.free.fr osm.proxad.net 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-dc9ebdf53766ea987d4cce826dd4cc' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=5d6dbf87-c723-4498-a805-54e6d146d33a&version=abdcaa3df793750c2e75b294132b15b38b8f8b08 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/allure 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-QBc2QsZtPWhme9CrHhCZ0FyhEiHy9D3jcsbhXtsdey6amCI7' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://nexus.ensighten.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' http://www.stumbleupon.com 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ca  ; frame-src 'self' *.indeed.com *.indeed.ca https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ca d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org;style-src 'self' 'unsafe-inline';font-src 'self' https://*.gstatic.com;img-src 'self' https://images.dmca.com https://appn.center https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;media-src 'none';object-src https://*.googlesyndication.com;frame-src https://*.doubleclick.net https://*.google.com https://appn.center;connect-src 'self' https://appn.center https://*.google-analytics.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;form-action https://*.paypal.com;base-uri 'self';manifest-src 'self';report-uri https://appn.center/apiv1/csp; 1
frame-ancestors 'self' *.sharekhan.com 1
default-src https:; frame-src https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss: *.hotjar.com; img-src https: 'self' data:; style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; 1
frame-ancestors 'self' *.brilliant.org *.online.tableau.com apps.facebook.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; 1
default-src 'self'; script-src 'self' https://www.openhub.net; child-src 'self' https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; media-src 'self' https://download.gimp.org https://www.mirrorservice.org; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *; report-uri /actions/csp/report; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.youtube.com https://*.ytimg.com https://stats.g.doubleclick.net https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://talkgadget.google.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://support.google.com https://www.google.com 'nonce-8c27853985899dd9ed17e44d25a316ff'; img-src 'self' *.googleusercontent.com www.google-analytics.com https://www.googleadservices.com *.doubleclick.net https://www.google.com https://www.google.co.uk https://storage.googleapis.com/ https://maps.googleapis.com/ https://maps.google.com https://ssl.google-analytics.com *.youtube.com https://www.gstatic.com data:  https://ssl.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.ca; report-uri /csp; default-src 'self'; frame-src 'self' https://www.youtube.com *.talkgadget.google.com *.doubleclick.net https://www.accountchooser.com https://www.google.com https://feedback.googleusercontent.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com https://tagmanager.google.com https://feedback.googleusercontent.com/resources/annotator.css; connect-src 'self' https://maps.googleapis.com/ https://www.gstatic.com https://fcm.googleapis.com https://securetoken.googleapis.com https://www.googleapis.com; object-src ; font-src 'self' https://fonts.gstatic.com data: 'self' http://fonts.gstatic.com data:; base-uri https://learndigital.withgoogle.com 1
frame-ancestors *.flyscoot.com dev-flyscoot.com uat-flyscoot.com flyscoot-prod.azurewebsites.net; 1
frame-ancestors 'self' *.gisher.org http://kentron.tv 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thesprucecrafts.com *.qa.aws.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1
default-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net vimeo.com player.vimeo.com vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de embedwistia-a.akamaihd.net data: blob: *.avm.de 1
default-src *.webstaurantstore.com; script-src *.webstaurantstore.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googlecommerce.com *.gstatic.com *.googleadservices.com *.google.com *.google-analytics.com *.facebook.net *.yimg.com *.yahoo.com *.bing.com s.kk-resources.com/ks.js *.bizrate.com *.dealtime.com *.shopzilla.com d10so77biaxg0k.cloudfront.net api.instagram.com *.twitter.com *.linkedin.com *.longtailvideo.com *.pinterest.com www.googletagmanager.com www.resellerratings.com www.googleads.g.doubleclick.net googleads.g.doubleclick.net *.scarabresearch.com a.quora.com *.smarterhq.io js-agent.newrelic.com bam.nr-data.net *.sitejabber.com; style-src 'unsafe-inline' *.webstaurantstore.com *.googleapis.com tagmanager.google.com optimize.google.com *.resellerratings.com *.sitejabber.com; img-src data: blob: *.webstaurantstore.com *.gstatic.com *.googlecommerce.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.facebook.com *.staticflickr.com *.msn.com *.bing.com *.pricegrabber.com *.dealtime.com *.bizrate.com *.bizrateinsights.com *.googleadservices.com *.amazon-adsystem.com *.connexity.net *.cloudfront.net *.doubleclick.net *.google.com *.cdninstagram.com *.linkedin.com *.twitter.com *.longtailvideo.com *.pinterest.com s.kelkoo.us.com s.kelkoogroup.net securetracking.adsprotection.com *.resellerratings.com q.quora.com alb.reddit.com *.smarterhq.io cx.atdmt.com bam.nr-data.net *.sitejabber.com; frame-src *.webstaurantstore.com *.googlecommerce.com *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.youtube.com apps.kaonadn.net *.pinterest.com www.googletagmanager.com *.twitter.com; font-src data: *.webstaurantstore.com *.gstatic.com *.sitejabber.com; connect-src *.webstaurantstore.com *.google-analytics.com www.resellerratings.com *.google.com/ads/user-lists *.scarabresearch.com *.linkedin.com stats.g.doubleclick.net *.clarkinc.biz *.smarterhq.io bam.nr-data.net *.facebook.com *.sitejabber.com; report-uri //www.webstaurantstore.com/api/v2/logs/?ReportingOnly=0 1
default-src *; base-uri *; font-src data: *; frame-src 'self' fbrpc: *; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' * 1
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://router.project-osrm.org/route/v1/driving/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr piwik.openstreetmap.org developer.mapquest.com; manifest-src 'none'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org https://open.mapquestapi.com/directions/v2/route; style-src 'self'; worker-src 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Header set X-Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Header set X-WebKit-CSP: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self'; child-src 'self' share.intercom.io connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net youtube.com www.youtube.com js.stripe.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com; connect-src 'self' app.intercom.io app.intercom.com api.intercom.io api-iam.intercom.io api-ping.intercom.io js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com *.hotjar.com:* sentry.io wss://*.hotjar.com www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com; font-src data: https:; img-src data: blob: https:; media-src data: blob: https:; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.ads-twitter.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-6+5bjtIC5MGrpt5cVnjF03rh3y4QXiugacn0ii2DOOw='; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com tagmanager.google.com 1
report-uri /csp/report/; frame-ancestors 'self' ableton.lightning.force.com; style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com cdn-resources.ableton.com; object-src 'self'; default-src 'self' blob: data: https: ableton:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com www.youtube.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com script.crazyegg.com sample.crazyegg.com cdn.ravenjs.com cdn-resources.ableton.com 1
default-src 'self' 'unsafe-inline'; img-src * data: 1
default-src https: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com;font-src fonts.googleapis.com fonts.gstatic.com;img-src 'self' www.google-analytics.com data:;connect-src 'self';object-src 'none';media-src 'none';child-src 'self' www.google.com www.youtube.com;form-action 'self'; 1
frame-ancestors 'self' millenniumimoveis.janeladigital.com; 1
frame-ancestors https://*.settour.com.tw; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com b92.yahoo.co.jp blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-a4bcc7345e488c55c427ccb4c78e09' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=40b8b3c9-3c96-4e32-abe2-ee7b020d7e29&version=5c2df8046534720ddcd5a15018c359f705fa6651 1
default-src https: 'unsafe-inline'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-99644071dba45945b002695a7b6382' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-A5WddWpudAUrh16ACJsxADjW6qxQr0CN36T3SCcp7Ts=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=330f01c9-8313-425e-b150-92f477d40859&version=bed484b9453afae159e3860b6f6fcb303ba7ac22 1
default-src 'none'; block-all-mixed-content; connect-src 'self'; font-src 'self' https://derpicdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.google.com/recaptcha/; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net https://www.gstatic.com https://www.google-analytics.com https://picarto.tv https://*.picarto.tv https://piczel.tv https://thumbnail.api.livestream.com https://static-cdn.jtvnw.net; manifest-src 'self'; media-src 'self' https://derpicdn.net; object-src 'none'; script-src 'self' https://derpicdn.net https://www.amcharts.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://derpicdn.net; upgrade-insecure-requests; report-uri https://derpibooru.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self'; object-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com platform.twitter.com optimize.google.com *.unicef.org; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com scontent.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com pbs.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io; media-src 'self' scontent.cdninstagram.com video.twimg.com; frame-src 'self' www.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com staticxx.facebook.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com *.getchute.com getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org; report-uri /report-csp-violation 1
frame-ancestors https://bdtracking.fareye.co/ https://*.bluedart.com/  script-src  'unsafe-inline' 'unsafe-eval' default-src 'self' https://csi.gstatic.com https://ajax.googleapis.com https://maps.googleapis.com http://maps.googleapis.com http://www.google-analytics.com https://bluedartomcpoc-bluedarttrial.itom2.management.europe.oraclecloud.com 1
report-uri /report-csp; connect-src 'self' *; font-src data: 'self'; child-src https://*.n26.com https://n26.com https://www.youtube.com https://boards.greenhouse.io; img-src 'self' images.ctfassets.net images.contentful.com https://cdn.number26.de https://usage.trackjs.com https://sc-collector.n26.com https://*.greenhouse.io data: *; media-src videos.ctfassets.net videos.contentful.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://n26-trusted.n26.com https://cdn.polyfill.io https://www.youtube.com https://s.ytimg.com https://boards.greenhouse.io *; style-src 'unsafe-inline'; default-src * 1
frame-ancestors https://www.ysl.com/ https://www.ysl.com/ ; 1
default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' *.zopim.com data:; script-src 'self' *.google-analytics.com *.zopim.com 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.zopim.com data: *.zopim.io data: *.google.com *.gstatic.com; connect-src 'self' wss://*.zopim.com; frame-src *.zopim.com *.google.com 1
frame-ancestors 'self' http://www.tatasky.com; 1
default-src 'self' rufilm.tv rufilmtv.org 6xuar.gdn; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rufilmtv.club *.gnezdo.ru news.gnezdo.ru news.2xclick.ru smartpush1.info smartpush11.info smartpush10.info smartpush0.info *.q-sht-zidjk.co q-sht-zidjk.co adbetnet.advertserve.com json.bannersvideo.com fcrgzqkbtgu.co octomarket.com adtrak.org adfill.me advmaker.su yt.advmaker.su json.bannersvideo.com bannersvideo.com 1plus1.video *.adbetclickin.pink http://serving.bepolitee.eu adlmerge.com gynax.com bgrndi.com https://fqtag.com osnn.work hydr.work luxup2.ru http://marvin.pw/ https://c.fqtag.com/ rufilm.tv brokeloy.com widefox.ru slowpoker.ru hgbn.network cdn7.network www.resttort.ru resttort.ru deenomo.com lolaken.com lopireto.com roklerok.com am15.net kadanoda.ru vakadiki.ru tozipoto.com zirifaha.ru kibitaqa.ru kiviraha.ru kilisaqa.ru retaraka.ru tisatama.ru tisataga.ru tozimoto.com tozikoto.com toziroto.com tozitoto.com tozipoto.com vogorana.ru vogozaw.ru vogozae.ru uuidksinc.net imdj.3793369.pix-cdn.org rtb.kadam.ru vogozae.ru aurumforyou.com yandex.ru yandex.st mc.yandex.ru www.google-analytics.com vk.com ulogin.ru luxup.ru *.luxup.ru *.am15.net *.thor-media.ru qepath.info zakoofoo.info zoobynu.info hbkii.xyz nucegu.info duxyve.info qezuqa.info cyjycu.info accommon.info samnioc.info dialected.info *.supuv2.com alphamrkt.com 6xuar.gdn mylma.gdn xml.adbetnet.com *.adbetnet.com m-shes.ru adbetnet.com etcxx.com mxccs.com mdapi.ru mdsrc.ru *.rtbsystem.com *.marketgid.com *.adlabs.ru dodrek.com psma01.com psma02.com psma03.com adservone.com *.onedmp.com *.videoviewer.ru bequri.com gotriki.com cdn.hgdat.com hghit.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' rufilm.tv http://fonts.googleapis.com; font-src 'self' rufilm.tv fonts.gstatic.com data:; object-src 'self' rufilm.tv *.am15.net am15.net; frame-src 'self' data: *.videomore.ru videomore.ru samnioc.info https://ad.anistar.me ad.anistar.me *.adbetnet.com t.co ad.anistar.me stream.reyden-x.com tvzvezda.ru 1plus1.video out.pladform.ru https://fqtag.com allmovie.pro http://allmovie.tv http://player.ictv.ua https://kaztube.kz ren.tv m-shes.ru tvc.ru www.tvc.ru rufilm.tv rufilmtv.org am15.net advmaker.su yt.advmaker.su my.mail.ru uuidksinc.net *.amazonaws.com ok.ru *.ok.ru vk.com veterok.tv www.youtube.com *.ivi.ru *.vgtrk.com *.1ru.tv *.1tv.ru *.ntv.ru *.gnezdo.ru *.am15.net rutube.ru *.videomore.ru *.my.mail.ru ictv.ua rmbn.net psma01.com psma02.com psma03.com *.onedmp.com ovva.tv cdn7.network www.videokub.net *.adbetclickin.pink; connect-src 'self' rufilm.tv ws://brokeloy.com:8040 samnioc.info yt.advmaker.su mc.yandex.ru rtb.kadam.ru 1
default-src 'self' blob: *.dochub.com; child-src 'self' blob: www.google.com www.youtube.com cdn.dochub.com docs.google.com accounts.google.com content.googleapis.com platform.twitter.com syndication.twitter.com js.stripe.com; connect-src 'self' blob: www.google.com example.com cdn.dochub.com docs.google.com platform.twitter.com www.dropbox.com *.nr-data.net ws://localhost:35729 ws://0.0.0.0:35729 ws://ws.pusherapp.com *.pusher.com api.onedrive.com graph.microsoft.com api.rollbar.com *.gravatar.com maps.gstatic.com www.googleapis.com sentry.io; font-src 'self' data: cdn.dochub.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' blob: www.google.com www.youtube.com cdn.dochub.com docs.google.com accounts.google.com content.googleapis.com platform.twitter.com syndication.twitter.com js.stripe.com dochub.com localhost:3000 localhost:9292 www.gstatic.com; img-src 'self' blob: data: *.dochub.com www.google-analytics.com docs.google.com www.gravatar.com platform.twitter.com pbs.twimg.com syndication.twitter.com stats.g.doubleclick.net *.nr-data.net *.googleapis.com *.gstatic.com br-rx.atatus.com sentry.io www.google.com/ads/ga-audiences; media-src 'self' cdn.dochub.com docs.google.com; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' cdn.dochub.com www.google-analytics.com docs.google.com apis.google.com www.google.com platform.twitter.com cdn.syndication.twimg.com js.stripe.com localhost:35729 0.0.0.0:35729 maxcdn.bootstrapcdn.com www.dropbox.com *.pusher.com js.live.net cdnjs.cloudflare.com api.rollbar.com *.newrelic.com *.nr-data.net *.gravatar.com *.googleapis.com maps.gstatic.com www.gstatic.com dmc1acwvwny3.cloudfront.net/atatus.js br-rx.atatus.com; style-src 'self' 'unsafe-inline' cdn.dochub.com docs.google.com platform.twitter.com fonts.googleapis.com maxcdn.bootstrapcdn.com maps.gstatic.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellfit.com *.qa.aws.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 1
frame-ancestors http://*.fgv.br https://*.fgv.br 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; img-src data: 'self' https:;frame-ancestors 'none'; block-all-mixed-content; report-uri https://www.serienjunkies.de/r/; 1
frame-ancestors 'self' https://help.thumbtack.com 1
default-src 'self'; frame-src 'self' https://connect.trezor.io/* https://connect.trezor.io/; connect-src *; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none' 1
frame-ancestors self fasttech.com *.fasttech.com 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.guidelive.com *.dallasnews.com *.dentonrc.com *.google.com 1
frame-src 'self' mypornoflv.tv *.mypornoflv.tv https://svegt.com https://*.svegt.com http://svegt.com http://*.svegt.com idexx.net *.idexx.net jwpcdn.com *.jwpcdn.com 88.150.172.218 *.88.150.172.218 88.150.172.219 *.88.150.172.219 *.vk.com https://*.vk.com *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.bing.com https://*.bing.com *.go.mail.ru https://*.go.mail.ru *.google-analytics.com https://*.google-analytics.com *.wwteasers.org wwteasers.org https://*.wwteasers.org *.static.wwgate.ru static.wwgate.ru https://*.static.wwgate.ru *.wwclickgo.com wwclickgo.com https://*.wwclickgo.com *.google.ru https://*.google.ru *.livestatisc.com livestatisc.com https://*.livestatisc.com *.static.wwpon365.ru static.wwpon365.ru https://*.static.wwpon365.ru *.yastatic.net yastatic.net https://*.yastatic.net *.i.checkru.net i.checkru.net https://*.i.checkru.net *.promokrot.com promokrot.com https://*.promokrot.com *.ofapes.com ofapes.com https://*.ofapes.com *.scund.com scund.com https://*.scund.com *.biasdo.com biasdo.com https://*.biasdo.com *.andase.com andase.com https://*.andase.com *.andumb.com andumb.com https://*.andumb.com *.basand.com basand.com https://*.basand.com *.defoge.com defoge.com https://*.defoge.com *.riedto.com riedto.com https://*.riedto.com *.thisde.com thisde.com https://*.thisde.com *.toormpc.com toormpc.com https://*.toormpc.com *.weforo.com weforo.com https://*.weforo.com *.ydoms.com ydoms.com https://*.ydoms.com *.etndl.com etndl.com https://*.etndl.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' mypornoflv.tv *.mypornoflv.tv https://svegt.com https://*.svegt.com http://svegt.com http://*.svegt.com idexx.net *.idexx.net jwpcdn.com *.jwpcdn.com 88.150.172.218 *.88.150.172.218 88.150.172.219 *.88.150.172.219 *.vk.com https://*.vk.com *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.mail.ru https://*.mail.ru *.bing.com https://*.bing.com *.go.mail.ru https://*.go.mail.ru *.google-analytics.com https://*.google-analytics.com *.wwteasers.org wwteasers.org https://*.wwteasers.org *.static.wwgate.ru static.wwgate.ru https://*.static.wwgate.ru *.wwclickgo.com wwclickgo.com https://*.wwclickgo.com *.google.ru https://*.google.ru *.livestatisc.com livestatisc.com https://*.livestatisc.com *.static.wwpon365.ru static.wwpon365.ru https://*.static.wwpon365.ru *.yastatic.net yastatic.net https://*.yastatic.net *.i.checkru.net i.checkru.net https://*.i.checkru.net *.promokrot.com promokrot.com https://*.promokrot.com *.ofapes.com ofapes.com https://*.ofapes.com *.scund.com scund.com https://*.scund.com *.biasdo.com biasdo.com https://*.biasdo.com *.andase.com andase.com https://*.andase.com *.andumb.com andumb.com https://*.andumb.com *.basand.com basand.com https://*.basand.com *.defoge.com defoge.com https://*.defoge.com *.riedto.com riedto.com https://*.riedto.com *.thisde.com thisde.com https://*.thisde.com *.toormpc.com toormpc.com https://*.toormpc.com *.weforo.com weforo.com https://*.weforo.com *.ydoms.com ydoms.com https://*.ydoms.com *.etndl.com etndl.com https://*.etndl.com 1
default-src https://secure.assrt.net https://assrt.net https://2.assrt.net https://changyan.sohu.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https: http://bdimg.share.baidu.com; img-src data: blob: https: http://cdn.xianliao.me http://tva3.sinaimg.cn; style-src 'unsafe-inline' https:; child-src https:; frame-src https://www.xianliao.me; font-src https://secure.assrt.net https://assrt.net data: 1
frame-ancestors 'self' crmchina.microsoftstore.com.cn mapi.alipay.com www.microsoft.com account.microsoft.com support.microsoft.com vortex.data.microsoft.com products.office.com 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-6aad65732686605cb9c025e89df763' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-A5WddWpudAUrh16ACJsxADjW6qxQr0CN36T3SCcp7Ts=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=cfa09389-c2be-434c-a3f4-503e0e3690a7&version=abdcaa3df793750c2e75b294132b15b38b8f8b08 1
default-src 'self' data: maps.googleapis.com *.gstatic.com talos.adman.gr *.pstatic.gr www.bestprice.gr *.heatmap.it; script-src 'unsafe-inline' connect.facebook.com www.google-analytics.com talos.adman.gr connect.facebook.net graph.facebook.com www.googletagmanager.com googleads.g.doubleclick.net *.googleadservices.com *.googlecode.com *.googleapis.com *.google.com *.adman.gr *.bestprice.gr *.pstatic.gr app.getsentry.com *.adsafeprotected.com pagead2.googlesyndication.com *.heatmap.it heatmap.it adservice.google.gr; style-src 'self' 'unsafe-inline' *.googleapis.com *.pstatic.gr *.adman.gr *.facebook.com *.twitter.com *.gravatar.com *.heatmap.it *.google.com *.adsafeprotected.com; frame-src 'self' data: *.adman.gr *.facebook.com bs.serving-sys.com *.mathtag.com *.youtube.com *.agkn.com *.heatmap.it heatmap.it *.adsafeprotected.com googleads.g.doubleclick.net ads.eu.criteo.com; frame-ancestors 'self'; connect-src 'self' stats.g.doubleclick.net api.airtable.com rpc.bestprice.gr www.google-analytics.com script.google.com pubsub.bestprice.gr ws://pubsub.bestprice.gr wss://pubsub.bestprice.gr script.googleusercontent.com graph.facebook.com www.bestprice.gr www.sentry.io app.getsentry.com *.pstatic.gr *.adman.gr *.adsafeprotected.com; img-src 'self' data: graph.facebook.com www.google-analytics.com platform-lookaside.fbsbx.com *.pstatic.gr *.gstatic.com *.youtube.com *.googleapis.com *.googlecode.com *.facebook.com *.twimg.com *.fbcdn.net www.google.com www.google.gr *.fbsbx.com *.googleusercontent.com *.heatmap.it heatmap.it *.adsafeprotected.com *.googlesyndication.com; object-src 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.optimizely.com https://checkout.stripe.com https://connect.facebook.net https://d.adroll.com/ https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://fullstory.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://js.intercomcdn.com https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://platform.twitter.com https://px.ads.linkedin.com/ https://quip-cdn.com https://s.adroll.com/ https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://widget.intercom.io https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag; report-uri /csp-report 1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cnzz.com *.luosimao.com rules.quantcount.com www.google-analytics.com secure.quantserve.com stats.g.doubleclick.net *.bdstatic.com *.baidu.com www.googletagmanager.com dn-cowlevel.qbox.me *.cdncl.net o922x45ft.qnssl.com interface.bilibili.com api.bilibili.com static.hdslb.com cdn.bootcss.com; frame-src 'self' cowlevel.net *.steampowered.com *.luosimao.com bandcamp.com *.missevan.com *.tudou.com itch.io *.acfun.cn  *.youku.com *.163.com *.bilibili.com *.kickstarter.com cowlevel-bridge-loaded cowlevel-wvjb-queue-message; 1
frame-ancestors 'self' http://webvisor.com http://turbo.az http://*.turbo.az http://tap.az http://*.tap.az turbo.az *.turbo.az tap.az *.tap.az 1
object-src cs.money; media-src cs.money; frame-src cs.money onesignal.com https://*.com https://*.ru https://*.ua 1
upgrade-insecure-requests; default-src 'self' https: data: *.comodo.com *.comodo.net wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com https://insights.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://geoip.nekudo.com https://freegeoip.net https://secure.comodo.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://m.addthisedge.com https://m.addthis.com https://s7.addthis.com https://cdn3.optimizely.com https://cdn2.optimizely.com https://www.gstatic.com https://www.youtube.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net https://code.jquery.com https://googleads.g.doubleclick.net https://script.hotjar.com https://plugins.help.com https://www.google.com https://www.google.co.uk https://cdn.optimizely.com https://www.comodo.com https://www.google-analytics.com https://secure.leadforensics.com https://static.hotjar.com https://ajax.googleapis.com https://secure.comodo.com https://www.googleadservices.com https://s.ytimg.com ; object-src 'self' *.comodo.com *.comodo.net https://download.comodo.com https://www.youtube.com https://theapplicantmanager.com ; img-src 'self' data: https://www.facebook.com https://www.google.ro https://s9.addthis.com https://cdn.ckeditor.com https://www.google.co.uk https://www.google.co.in https://www.google.com *.comodo.com *.comodo.net https://secure.comodo.com https://download.comodo.com https://www.google-analytics.com https://stats.g.doubleclick.net ; font-src 'self' data: secure.comodo.net *.comodo.com *.comodo.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.ckeditor.com https://secure.comodo.net *.comodo.com *.comodo.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.comodo.com ; base-uri 'self' *.comodo.com *.comodo.net ; form-action 'self' *.comodo.com *.comodo.net https://www.hackerguardian.com ; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://secure.comodo.net https://secure.comodo.com https://edge.addthis.com https://www.google.com https://bid.g.doubleclick.net https://www.comodo.com https://www.comodo.net https://download.comodo.com https://plugins.help.com https://vars.hotjar.com https://www.youtube.com https://theapplicantmanager.com https://s7.addthis.com ; report-uri https://cspreports.comodo.com 1
default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com  www.googletagmanager.com api.sociaplus.com  js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com aramex.api.sociaplus.com ;style-src 'self' fonts.googleapis.com js.cit.api.here.com js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline';img-src * data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action 'self'  'unsafe-inline'; frame-src 'self' charts3.equitystory.com  irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com  aramex.api.sociaplus.com api.sociaplus.com s7.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com 1
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data: 'unsafe-inline' 'unsafe-eval'; worker-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; font-src http: https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be  s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com ; report-uri /admin/config/system/seckit/csp-report 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=e1d4cb96-c290-444b-8734-14f116317e9d 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' js.stripe.com analytics.service.cryptowat.ch 'nonce-DWJMRT72RCYJ2SSSKRTU' static.cryptowat.ch; connect-src 'self' *.stripe.com wss://*.cryptowat.ch *.cryptowat.ch; img-src 'self' data: *.stripe.com analytics.service.cryptowat.ch static.cryptowat.ch; style-src 'self' 'unsafe-inline' static.cryptowat.ch; child-src 'self' *.stripe.com; font-src 'self' static.cryptowat.ch; 1
frame-ancestors 'self' http://*.waldenfacts.com http://waldenfacts.com http://laureate.postclickmarketing.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.googleapis.com https://*.doubleclick.net https://*.amazon-adsystem.com https://completion.amazon.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://fonts.googleapis.com; connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://*.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com https://shield.sitelock.com https://img.youtube.com  https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://*.assoc-amazon.com https://opensourcematters.org https://*.opensourcematters.org; media-src 'self' https://*.googlevideo.com; report-uri https://community.joomla.org/scripts/csp-reporter.php?source=joomla.org 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https:; frame-ancestors tweakers.net *.tweakers.net tweakimg.net *.tweakimg.net; report-uri https://tweakers.net/csp-report/?requestId=Twk-eun-web2_145.1.6_2736_5c0cc7bd4d9244.31787990 1
default-src 'self' *.mychords.net; script-src 'self' *.mychords.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru clck.yandex.ru mc.yandex.kz mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.ua srv.clickfuse.com 'unsafe-eval' 'unsafe-inline' *.cackle.me *.cloudflare.com  adservice.google.com.ua adservice.google.ru *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com cackle.me  http://ulogin.ru https://ulogin.ru; style-src 'self' *.mychords.net yandex.st yastatic.net *.googleapis.com *.cackle.me maxcdn.bootstrapcdn.com 'unsafe-inline' ; img-src * data:; media-src 'self' *.yandex.net yandex.st yastatic.net googleads.g.doubleclick.net; connect-src 'self' *.mychords.net *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com csi.gstatic.com  mc.yandex.ru an.yandex.ru yandex.st yastatic.net mc.yandex.kz mc.yandex.by mc.yandex.com mc.yandex.com.tr mc.yandex.ua wss://*.cackle.me *.cackle.me *.youtube.com; font-src 'self' *.mychords.net *.gstatic.com *.bootstrapcdn.com fonts.googleapis.com  *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com  data:; object-src 'self' *.mychords.net *.youtube.com *.ytimg.com *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com ; frame-src 'self' mychords.net *.mychords.net *.googlesyndication.com *.googleapis.com googleads.g.doubleclick.net *.doubleclick.net *.doubleclick.com maps.gstatic.com adwords-displayads.googleusercontent.com *.google.com *.youtube.com *.cackle.me awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru cackle.me vk.com *.vk.com xpleer.com  http://ulogin.ru https://ulogin.ru; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b72f2e53-3814-4929-8e24-eca4c5157122 1
frame-ancestors 'self' *.planet.fr 1
default-src https: js-callback: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: * 1
frame-ancestors https://webvisor.com http://webvisor.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=9da4d90c-0c41-4f19-9230-3581a0581234 1
frame-ancestors https://24.play.pl http://p4.play.pl http://promocje.play.pl 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net *.iliad.it osm.proxad.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kcp.co.kr:*; object-src 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://codeburst.io https://*.codeburst.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.fr https://*.yandex.fr static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.fr *.yandex.fr; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.fr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.fr https://passport.yandex.fr wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.fr *.yandex.fr; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.fr https://*.yandex.fr *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net *.tns-counter.ru yandex.st yandex.fr *.yandex.fr; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net yastatic.net kiks.yandex.ru strm.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=spok.fr&showid=1544351748.57364.122210.735580&h=man1-6105-man-portal-morda-29675&csp=old&date=20181209&yandexuid=1802662431544351748; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://www.yandex.fr https://pass.yandex.fr zen.yandex.fr an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.fr www.yandex.fr suggest.yandex.fr; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.fr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru yastatic.net home.yastatic.net; 1
default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com; report-uri /report-csp-violation 1
base-uri 'self' https://docs.helpscout.net/; connect-src 'self' https://api-preview.luckyorange.com/screenshot/ https://api.luckyorange.com/ https://api.mixpanel.com/decide/ https://api.mixpanel.com/track/ https://sendy.zadapps.info/ https://sentry.io/ https://settings.luckyorange.net/ https://www.google-analytics.com wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/; default-src 'self' https://api.luckyorange.com/; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; frame-src 'self' https://cse.google.com/ https://djtflbt20bdde.cloudfront.net/ https://optimize.google.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' data: https://clients1.google.com/generate_204 https://d10lpsik1i8c69.cloudfront.net/graphics/ https://optimize.google.com https://ssl.gstatic.com https://stats.g.doubleclick.net/ https://www.google.com/cse/static/ https://www.google.com/uds/ https://www.googleapis.com/generate_204 https://www.gstatic.com/ www.google-analytics.com/; media-src 'self' https://d10lpsik1i8c69.cloudfront.net/sounds/ https://www.youtube.com/; object-src 'self' https://djtflbt20bdde.cloudfront.net/img/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdnjs.cloudflare.com/ajax/libs/ https://apis.google.com https://cse.google.com/adsense/search/ https://cse.google.com/cse.js https://cse.google.com/cse/element/ https://d10lpsik1i8c69.cloudfront.net/ https://djtflbt20bdde.cloudfront.net/ https://optimize.google.com https://tagmanager.google.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/jsapi https://www.google.com/recaptcha/api.js https://www.google.com/uds/api/search/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/api2/; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://d10lpsik1i8c69.cloudfront.net/css/ https://djtflbt20bdde.cloudfront.net/css/ https://fonts.googleapis.com https://optimize.google.com https https://tagmanager.google.com https://use.fontawesome.com/ https://www.google.com/cse/static/style/ https://www.google.com/uds/api/search/ 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-pcjXyRahYy' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
object-src 'self' *; 1
frame-ancestors *.bluenile.com; object-src *.bluenile.com; base-uri *.bluenile.com; form-action *.bluenile.com https://livechat.boldchat.com; report-uri /api/csp-report 1
frame-ancestors 'self' awards.ratingruneta.ru metrika.yandex.ru metrika.yandex.com http://webvisor.com; frame-src blob: https://mc.yandex.ru https://*.sociaplus.com https://*.criteo.com https://creativecdn.com https://*.creativecdn.com https://auchan.api.useinsider.com https://api-maps.yandex.ru https://*.doubleclick.net https://*.criteo.net; 1
default-src https: 'self' *.google.com; img-src https: data:; style-src 'self' *.googleapis.com *.google.com 'sha256-MammJ3J+TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o=' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A=' 'sha256-+zzuded9+DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4=' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M=' 'sha256-WCg1a4AhMGgFRCQG5w+hgG+Q2j8Ygrbd+2dgjByIOIU=' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/4YlUlisxufO6wbKvYp4xV8Hkzxm85+1Tb31SjmAox0=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-5KvpSTE2xdGq8rDdvgAPP3mCfTXBc1ohjt2UiAQt9k4=' 'sha256-UvsJ5gtL0c/whxmyVt4YoNv7YnPUd0tANZOlq3NshXE=' 'sha256-z0kguVeUlbcxez4SqrO86oejphhqKDFfdCPv4yuhe70=' 'sha256-F7P9UGrwDw2S+mmGfNjm0kP7JoWu2pG7jp96fpSdB7o=' 'sha256-5I0k/VqCDMpiDAoq1eqY3rnuhpP/YY/XHaCPlqvPjwE=' 'sha256-vs9j4DQ6NrTFzqr+WgLFutUEFINnEmB2UGZtgJuv53M=' 'sha256-dnk3F1ZGrgh9Kvk9Vn3ptiaFUoFeGRayv9lz2urXGw8=' 'sha256-V35h8FtGH4p0yIQ7N4YgUHm1WgTAWh72NT+CZjq6/gA=' 'sha256-EqHL6dM74npnc3dlTfDjshGC9aaZRfQRUkDGa028G5Q=' 'sha256-fjvAtStaFBxvVNdldskgty047ARB1tLsZ767Gk6hPuk=' 'nonce-d23c0ba0760c4d58a1d783c740556d0d';  script-src 'self' https: 'nonce-d23c0ba0760c4d58a1d783c740556d0d'; report-uri /csp-report 1
frame-ancestors self https://community.pregnancy.org https://optum.marketing.adobe.com http://apsep01339.dmzmgmt.uhc.com http://go.optum.com *.uhc.com *.uhg.com *.optum.com; 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-XfEOevtsRp' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' *.dillards.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imedia.cz *.sdn.szn.cz *.szn.cz *.sklik.cz http://*.imedia.cz https://*.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.prozeny.cz https://www.prozeny.cz *.pubmatic.com *.adform.net *.pliing.com *.adnxs.com; frame-ancestors 'self' www.seznam.cz adminclanky.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
default-src 'self'; connect-src 'self'; font-src https://github-atom-io-herokuapp-com.freetls.fastly.net https://github-atom-io-herokuapp-com.global.ssl.fastly.net; frame-src 'self' https://www.youtube.com; img-src https://* 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net data:; media-src 'self'; object-src 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.google-analytics.com https://platform.twitter.com https://github-atom-io-herokuapp-com.freetls.fastly.net; style-src 'self' 'unsafe-inline' https://github-atom-io-herokuapp-com.freetls.fastly.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/conde-nast-traveler 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:  wss:; frame-src https: appsflyerevent: fbrpc:; report-uri https://www.internations.org/log/content-security-policy?disposition=enforce&policyVersion=3 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=c453ddb2-aafd-430e-9f84-f50f652b325f 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:  https:; font-src 'self' data: vjs.zencdn.net cdnjs.cloudflare.com fonts.gstatic.com;  1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.mx  ; frame-src 'self' *.indeed.com *.indeed.com.mx https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.mx d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
frame-ancestors https://*.meijer.com 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://*.tenor.co https://*.tenor.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv 'nonce-OWM1ZjAwNzktMTk2YS00ZDMxLWIyYmUtMDVmMjI1MjQ3ZDcy'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/; object-src 'none' 1
frame-ancestors 'self' https://tracfone.marketing.adobe.com 1
frame-ancestors *.american.edu 1
frame-ancestors https://stage.lentatest.com:*; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-EAdGiioXDT' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
default-src 'self' *.uqu.edu.sa *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.youtube.com *.twitter.com 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' *.uqu.edu.sa *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.twimg.com *.flagcounter.com data: blob: https: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.interakt.ru http://r.interakt.ru https://r.interakt.ru dl.metabar.ru s0.2mdn.net www.googletagmanager.com ze406soi.ru openstat.net sync.1rx.io mrelko.com *.adsrvr.org *.demdex.net *.sspicy.ru *.madsone.com *.adtags.pro tele2msubs.immo.ru terthoreper.ru redllama.ru *.facebook.net *.smaato.net rttr2.zaycev.net *.ssl-services.com tredman.com jfduv7.com *.yuhuads.com smilered.com *.imgsniper.com bgrndi.com relap.io *.leadzu.com *.top100.ru *.weborama.fr *.admilk.ru ma-static.ru *.price.ru *.marketgid.com *.rambler.ru psma01.com psma02.com psma03.com zclpro-clk.com zclpro.com zcltracker.com zcl-js.com adservone.com adservone-globotech1.netdna-ssl.com allrington.biz *.onedmp.com psmardr.com *.prototypes.ru *.people-group.net *.bid.run *.mobalix.com *.audsp.com *.audtd.com *.cloudfront.net *.acint.net *.sape.ru *.admelon.ru *.sociomantic.com imrkcrv.net hghit.com cdn.hgdat.com *.doubleclick.net *.yabidos.com *.contextweb.com cdncity.com *.advideo.ru *.facetz.net *.buzzoola.com *.kavanga.ru *.googlesyndication.com *.republer.com *.targetix.net *.adriver.ru *.adselector.ru *.advertur.ru redir.adap.tv *.adfox.ru adfox.ru *.addmob.info *.adsafeprotected.com *.advertising.com advertshot.ru bazr.ru *.bazr.ru *.begun.ru begun.ru *.betweendigital.com betweendigital.com *.criteo.com *.dumedia.ru ssl.google-analytics.com www.google-analytics.com www.googleapis.com *.jquery.com cdn-static.liverail.com cdn-static-secure.liverail.com *.mail.ru mobilekinosite.net *.oclaserver.com onclickads.net *.mobisla.com *.pushnative.com *.mobtrks.com *.ok.ru vk.com yastatic.net yandex.st *.yandex.ru *.yandex.by *.yandex.kz *.yandex.ua *.yandex.fr *.myzuka.me *.myzuka.club *.imyz.me videopotok.pro *.videopotok.pro;object-src 'self' *.contextweb.com *.price.ru *.smartbn.ru *.admilk.ru *.admelon.ru *.begun.ru *.googlesyndication.com *.adselector.ru *.buzzoola.com *.laim.tv *.tvzavr.ru *.adriver.ru redir.adap.tv static.adsafeprotected.com inpagevideo.nl vjs.zencdn.net *.myzuka.me *.myzuka.club *.imyz.me;style-src 'unsafe-inline' *;img-src * data:;media-src *;frame-src *;font-src * data:;connect-src 'self' *.interakt.ru https://coin-hive.com wss://*.coin-hive.com/proxy http://r.interakt.ru https://r.interakt.ru *.webvisor.org *.rambler.ru *.madsone.com cr-input.mxpnl.net cdn.mecash.ru *.angsrvr.com *.digitalbox.ru rttr2.zaycev.net *.mail.ru *.weborama.fr adservone.com *.netdna-ssl.com *.onedmp.com psmardr.com zclpro-clk.com zcltracker.com *.buzzoola.com *.adfox.ru *.advarkads.com *.advertising.com www.google-analytics.com *.google-analytics.com *.googleapis.com *.liverail.com webisaba.vmg.host www.vmg.host *.yandex.ru *.yandex.by *.yandex.kz *.yandex.ua *.yandex.fr *.myzuka.me *.myzuka.club *.imyz.me;child-src 'self' * blob:;form-action 'self' *;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors https://we.are.expensify.com https://*.salesforce.com chrome-extension://oiicpdkmeclmgmlmbajefnkalcfageek 1
frame-ancestors https://www.particulares.santandertotta.pt 'self'; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-c330502279fb6efa82d57801320548' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=9160147d-e4e6-482c-95aa-53512d16d825&version=c9ee61990a92ff02f7e588f33afda1ed3b2432df 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=69eeaa8c-04e8-4903-b48c-eababb0d12b4 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; img-src 'self' data: *; font-src 'self' *; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com login.raiffeisen.ch; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' statistics.raiffeisen.ch dmp.adform.net maps.googleapis.com maps.gstatic.com csi.gstatic.com khms0.googleapis.com khms1.googleapis.com www.homegate.ch dpm.demdex.net raiffeisen.demdex.net export.highcharts.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' api.raiffeisen.ch statistics.raiffeisen.ch www.homegate.ch prod1.solid.rolotec.ch prod1.solutions.webfg.ch dpm.demdex.net login.raiffeisen.ch raiffeisen.tt.omtrdc.net export.highcharts.com; media-src 'self' ruz.ch; child-src * ; block-all-mixed-content; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.verywellfamily.com *.qa.aws.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1
default-src 'self' remontka.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' remontka.pro https://storage.googleapis.com https://vk.com https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.yadro.ru http://code.jquery.com *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru; frame-src 'self' 'unsafe-inline' remontka.pro https://money.yandex.ru https://vk.com remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googlevideo.com http://code.jquery.com *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com https://st.yandexadexchange.net http://yandexadexchange.net http://st.yandexadexchange.net *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' remontka.pro https://storage.googleapis.com https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com data:; object-src 'self' *.remontka.pro remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googleadservices.com https://*.googleadservices.com http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com; img-src 'self' remontka.pro yadro.ru https://vk.com *.yadro.ru *.googleadservices.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com data:; font-src 'self' remontka.pro *.googleapis.com *.gstatic.com *.googlevideo.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru https://cdnjs.cloudflare.com data:; connect-src 'self' remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ http://code.jquery.com *.googleadservices.com *.googlevideo.com https://*.googleadservices.com *.googleapis.com https://*.googleapis.com *.gstatic.com gstatic.com https://gstatic.com https://*.gstatic.com *.doubleclick.net https://*.doubleclick.net apis.google.com https://apis.google.com *.googlesyndication.com https://*.googlesyndication.com google-analytics.com *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru yandex.ru https://yandex.ru *.yandex.net yandex.net https://yastatic.net *.yastatic.net yastatic.net mc.yandex.ru google.com *.google.com https://*.google.com https://google.com *.google.com.ua http://*.google.com.ua https://*.google.com.ua google.ru *.google.ru http://*.google.ru https://*.google.ru an.yandex.ru youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://translate.googleapis.com; media-src 'self' remontka.pro https://www.youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com/ *.googlevideo.com http://*.ytimg.com youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com data:; 1
frame-ancestors 'self' *.lumosity.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self' zacks.com *.zacks.com; 1
frame-ancestors 'self' http://vodafone.lookbookhq.com https://vodafone.lookbookhq.com http://*.vodafone.com https://*.vodafone.com; 1
block-all-mixed-content; connect-src 'self' wss://*.amateri.com www.google-analytics.com amateri-video-original.s3.amazonaws.com sentry.io; default-src 'self' https://video-cdn.amateri.com; font-src 'self'; frame-src www.google.com promo-bc.com; img-src 'self' *.amateri.com data: www.google-analytics.com stats.g.doubleclick.net chart.googleapis.com; media-src 'self' https://video-cdn.amateri.com blob:; script-src 'unsafe-inline' 'self' www.google-analytics.com www.google.com www.gstatic.com cdn.ravenjs.com 'nonce-N6xamV22pOz2wxOS3dtmnQ==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' http://www.kayak.com.au http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.myprotein.com/cspReport.txt; 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-cd12e3c507e64c09b00376e80d65d193'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
default-src https: 'unsafe-eval' 'unsafe-inline';img-src 'self' data: https: http:; 1
default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu; frame-src *.youtube.com *.twitter.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu ; connect-src https://cercador.upc.edu 'self' 1
base-uri 'self'; script-src 'self' https://dreambroker.com 'nonce-d8cf342b-7be6-4729-b2b4-61d1a81c0e1d'; style-src 'self' 'nonce-d8cf342b-7be6-4729-b2b4-61d1a81c0e1d'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://yhteystietohakemisto.valtori.fi; child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://dreambroker.com data:; frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://dreambroker.com data:; object-src 'none'; frame-ancestors 'none' https://*.tunnistus.fi 1
frame-ancestors *.diffen.com 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com 1
default-src 'self' *.pobeda.aero pobeda.aero *.google-analytics.com *.g.doubleclick.net mc.yandex.ru top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.pobeda.aero yastatic.net *.googleadservices.com www.google-analytics.com *.g.doubleclick.net top-fwz1.mail.ru *.vk.com *.google.ru *.google.com *.google.de *.google.kz *.gstatic.com mc.yandex.ru cdn.sendpulse.com top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.pobeda.aero *.sendpulse.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.pobeda.aero; img-src 'self' *; child-src 'self' *; 1
script-src https://file3.noormags.ir https://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://api-public.addthis.com http://www.linkedin.com https://certificate.iwmf.ir 'unsafe-inline' 'unsafe-eval'; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-JkxxvfznSB' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com;    connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com;     font-src 'self' data:  *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com;     frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com;     img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.summit.network *.summitracing.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com;    style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.googleapis.com; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-XVcBNCmNkM' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 1
default-src * blob: https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.aboutespanol.com *.qa.aws.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1
frame-ancestors 'self' https://*.ranker.com https://*.ranker-dev.com https://*.ranker-stage.com 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;object-src *;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src *;connect-src *;child-src *;form-action *;frame-ancestors *;worker-src * 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.112.2o7.net *.aldiventskalender.de s3.eu-central-1.amazonaws.com stage-statistics.aldi-international.com statistics.aldi-international.com tracking.aldi-international.com stage-tracking.aldi-international.com assets.adobedtm.com track.adform.net www1.mpnrs.com videos.cdn-aldi-sued.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.112.2o7.net *.aldiventskalender.de www.youtube-nocookie.com walls.io stage-statistics.aldi-international.com statistics.aldi-international.com assets.adobedtm.com track.adform.net www1.mpnrs.com tracking.aldi-international.com stage-tracking.aldi-international.com; frame-src 'self' *.aldiventskalender.de www.youtube.com www.youtube-nocookie.com walls.io videos.cdn-aldi-sued.de stage-statistics.aldi-international.com statistics.aldi-international.com assets.adobedtm.com track.adform.net www1.mpnrs.com; frame-ancestors 'self' *.aldiventskalender.de statistics.aldi-international.com stage-statistics.aldi-international.com assets.adobedtm.com track.adform.net www1.mpnrs.com www.youtube-nocookie.com https://walls.io 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; script-src * 'unsafe-inline'; report-uri https://content-security-policy.jobteaser.com/report 1
default-src 'self' *.lendingclub.com lendingclub.com; img-src * data:; script-src 'unsafe-inline' 'self' *.lendingclub.com lendingclub.com js-agent.newrelic.com bam.nr-data.net t.a3cloud.net cdn.plaid.com *.googletagmanager.com/gtag/ *.googleadservices.com/pagead/ googleads.g.doubleclick.net/pagead/ s.pinimg.com connect.facebook.net lendingclub.com www.lendingclub.com t.a3cloud.net 'unsafe-eval' *.optimizely.com optimizely.s3.amazonaws.com cdn.ampproject.org/v0.js cdn.ampproject.org/v0/validator.js; connect-src 'self' js-agent.newrelic.com bam.nr-data.net ct.pinterest.com *.optimizely.com; frame-src 'self' cdn.plaid.com 'self' view.ceros.com; font-src 'self' data: static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-regular.woff2 static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-bold.woff2; style-src 'unsafe-inline' 'self'; report-uri /site/csp/report /site/csp/report; media-src static.lendingclub.com 1
frame-ancestors 'self' *.wildberries.by; 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-7a9267b7f07f41849aa94ef9ca31a713'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
frame-ancestors 'self' wab-parent-portal-1600.wabedu.finalsite.com; 1
frame-ancestors 'self' https://piwik.mz.tu-dresden.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; child-src 'self' qaldqtraffic.masarak.com  maps.moi.gov.qa indd.adobe.com 1
frame-ancestors 'self';  base-uri 'self'; object-src 'none';  1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: data: mediastream: blob: http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com; 1
frame-ancestors https://apps.facebook.com http://www.clickjogos.com.br http://clickjogos.com.br https://www.clickjogos.com.br https://clickjogos.com.br http://tibia.uol.com.br https://tibia.uol.com.br 'self' 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com/static/0.5/styles/themes/ https://s3.amazonaws.com/vwo-surveys/theme/ https://fonts.googleapis.com/ http://app.vwo.com/ ; media-src 'self'; font-src 'self' https://www.ingdirect.fr/assets/fonts/ https://app.vwo.com/assets/fonts/ https://fonts.gstatic.com/ ; object-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com/analysis/ https://ampcid.google.com/v1/publisher:getClientId https://www.google.com/ads https://www.google.fr/ads https://amp-error-reporting.appspot.com/ https://stats.g.doubleclick.net/r/ https://ampcid.google.fr/ https://www.google-analytics.com/r/collect https://www.ingdirect.fr/ https://services.opcvm360.com/api-v1/ https://cr-input.mxpnl.net/; img-src 'self' https://www.google.fr/ads/ https://www.google.com/ads/ https://news.ing.be/newsingbeimages/assets/ https://stats.g.doubleclick.net/r/collect/ data: http://chart.googleapis.com/ http://*.visualwebsiteoptimizer.com/  www.ingdirect.fr www.google-analytics.com ssl.google-analytics.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://app.vwo.com/visitor-behavior-analysis/ https://www.google.com/jsapi http://b.mxpnl.net/cs/ http://trendtext.eu/metric/ http://trendtext.eu/ https://cse.google.com/cse/brand http://www.ingdirect.fr www.google-analytics.com ssl.google-analytics.com www.google.com platform.twitter.com connect.facebook.net apis.google.com http://d5phz18u4wuww.cloudfront.net/ http://*.visualwebsiteoptimizer.com/ code.jquery.com; frame-src https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/visitor-behavior-analysis/ https://fls.doubleclick.net/ https://*.fls.doubleclick.net/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ http://www.google.com/cse https://cse.google.com/cse; child-src 'self' https://cse.google.com/cse http://cse.google.com https://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://apis.google.com/ http://www.google.com https://www.google.com http://r.turn.com https://r.turn.com http://platform.twitter.com/widgets https://accounts.google.com https://s-static.ak.facebook.com http://www.facebook.com/plugins;  1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/teen-vogue 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-BewSiWfFQG' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors *.waves.com 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk *.houseofwellness.com.au 1
default-src http: data: 'self' 'unsafe-inline' 'unsafe-eval' *.surlatable.com *.surlatable.net; frame-ancestors 'self' *.surlatable.com 1
frame-src 'self' blob: *.adobedtm.com creditsuisse.demdex.net *.doubleclick.net *.credit-suisse.com *.credit-suisse.cspta.ch wl.fundsquare.net *.omtrdc.net *.youtube.com *.qq.com *.facebook.com *.facebook.net maps.gstatic.com 1
block-all-mixed-content;frame-ancestors 'self' https://www.dashlane.com https://www.google.com https://www-dashlane-com.cdn.ampproject.org https://www-dashlane-com.amp.cloudflare.com;base-uri 'none';default-src https://d38muu3h4xeqr1.cloudfront.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;font-src data: https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kck3hlb9.dashlane.com https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://cdn.ampproject.org https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://cdn.heapanalytics.com https://js.stripe.com https://widget.trustpilot.com https://cdn.omniconvert.com https://munchkin.marketo.net https://app-ab14.marketo.com https://api.greenhouse.io https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://tagmanager.google.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://connect.facebook.net https://static.criteo.net/js/ld/ld.js https://widget.criteo.com/event https://widget.us.criteo.com/event https://sslwidget.criteo.com/event https://cm.g.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://s.pinimg.com/ct/ https://a.quora.com/qevents.js https://b-code.liadm.com/a-00ou.min.js https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/ https://platform.twitter.com/oct.js;img-src 'self' data: https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://d2erpoudwvue5y.cloudfront.net https://kwift-icons-desktop.s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/static-icons/_web/ https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://q.stripe.com https://www.gstatic.com https://ssl.gstatic.com https://www.facebook.com https://ct.pinterest.com/v3/ https://*.liadm.com https://goo.gl https://trc.taboola.com/geistm2-dashlane-sc/ https://stats.g.doubleclick.net https://*.us.criteo.net https://pinterest.adsymptotic.com https://q.quora.com https://i.geistm.com/x/ https://api.nanigans.com/event.php https://gravatar.com https://t.co https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.google.ad https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.cl https://www.google.co.ao https://www.google.co.bw https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.et https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gp https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.mu https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sn https://www.google.tt;connect-src 'self' https://ws1.dashlane.com https://api.dashlane.com https://kck3hlb9.dashlane.com https://cdn.ampproject.org https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://api.stripe.com https://widget.trustpilot.com https://app.omniconvert.com https://*.mktoresp.com https://www.facebook.com https://ct.pinterest.com/user/ https://lcidc.liadm.com/api/v1/dynamic-conversion https://stats.g.doubleclick.net https://ampcid.google.ad https://ampcid.google.ae https://ampcid.google.am https://ampcid.google.at https://ampcid.google.be https://ampcid.google.bg https://ampcid.google.bs https://ampcid.google.by https://ampcid.google.ca https://ampcid.google.cd https://ampcid.google.ch https://ampcid.google.cl https://ampcid.google.co.ao https://ampcid.google.co.bw https://ampcid.google.co.id https://ampcid.google.co.il https://ampcid.google.co.in https://ampcid.google.co.jp https://ampcid.google.co.kr https://ampcid.google.co.ma https://ampcid.google.co.nz https://ampcid.google.co.th https://ampcid.google.co.uk https://ampcid.google.co.ve https://ampcid.google.co.za https://ampcid.google.co.zw https://ampcid.google.com https://ampcid.google.com.af https://ampcid.google.com.ar https://ampcid.google.com.au https://ampcid.google.com.bo https://ampcid.google.com.br https://ampcid.google.com.co https://ampcid.google.com.do https://ampcid.google.com.ec https://ampcid.google.com.eg https://ampcid.google.com.et https://ampcid.google.com.gh https://ampcid.google.com.gt https://ampcid.google.com.hk https://ampcid.google.com.jm https://ampcid.google.com.kw https://ampcid.google.com.lb https://ampcid.google.com.mt https://ampcid.google.com.mx https://ampcid.google.com.my https://ampcid.google.com.na https://ampcid.google.com.ng https://ampcid.google.com.ni https://ampcid.google.com.np https://ampcid.google.com.pe https://ampcid.google.com.ph https://ampcid.google.com.pk https://ampcid.google.com.pr https://ampcid.google.com.py https://ampcid.google.com.sa https://ampcid.google.com.sg https://ampcid.google.com.sl https://ampcid.google.com.tr https://ampcid.google.com.tw https://ampcid.google.com.ua https://ampcid.google.com.uy https://ampcid.google.com.vn https://ampcid.google.cz https://ampcid.google.de https://ampcid.google.dk https://ampcid.google.dz https://ampcid.google.ee https://ampcid.google.es https://ampcid.google.et https://ampcid.google.fi https://ampcid.google.fr https://ampcid.google.ge https://ampcid.google.gp https://ampcid.google.hn https://ampcid.google.hr https://ampcid.google.hu https://ampcid.google.ie https://ampcid.google.iq https://ampcid.google.is https://ampcid.google.it https://ampcid.google.lk https://ampcid.google.lt https://ampcid.google.lu https://ampcid.google.mu https://ampcid.google.mv https://ampcid.google.nl https://ampcid.google.no https://ampcid.google.pl https://ampcid.google.pt https://ampcid.google.ro https://ampcid.google.rs https://ampcid.google.ru https://ampcid.google.se https://ampcid.google.si https://ampcid.google.sn https://ampcid.google.tt;object-src 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' https://d1sk9wm475w15q.cloudfront.net https://d3mfqat9ni8wb5.cloudfront.net https://d3qm0vl2sdkrc.cloudfront.net https://s3.eu-west-1.amazonaws.com/mac.dashlane.com/ https://s3.eu-west-1.amazonaws.com/binaries.dashlane.com/ https://app.adjust.com https://amp.dashlane.com safari-extension://com.dashlane.dashlanesafari-5p72e3gc48 https://js.stripe.com https://widget.trustpilot.com https://app-ab14.marketo.com https://www.youtube.com https://www.facebook.com https://dis.us.criteo.com https://gum.criteo.com https://static.criteo.com https://static.criteo.net https://i.liadm.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flyasiana.com *.googleapis.com *.youtube.com *.google-analytics.com sslwidget.criteo.com static.criteo.net connect.facebook.net eba-amadeus.netdna-ssl.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.kr h.online-metrix.net www.vpay.co.kr *.bankpay.or.kr nsp.pay.naver.com pay.naver.com *.easypay.co.kr developers.kakao.com code.jquery.com kmpay.lgcns.com pg.cnspay.co.kr developers.kakao.com s.ytimg.com *.gstatic.com remote.captcha.com facebook.com twitter.com service.weibo.com vbv.samsungcard.co.kr *.recopick.com onsalemobile.uplus.co.kr 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.lookfantastic.com/cspReport.txt; 1
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cb2b3e64-7b3d-4110-98eb-ed84fbd01318 1
frame-ancestors self https://www.google.com 1
frame-ancestors 'self' www.kutxabank.es; 1
frame-ancestors 'self' *.mofos.com 1
frame-ancestors 'self' two-movies.name *.two-movies.name translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com yahoo.com www.yahoo.com 1
style-src 'self' *.quickteller.com 'unsafe-inline' *.interswitchng.com https://tagmanager.google.com https://fonts.googleapis.com *.livechatinc.com; script-src 'self' *.google-analytics.com https://www.google-analytics.com *.kongapay.com kongapay-pg.kongapay.com 'unsafe-inline' 'unsafe-eval' *.igbimo.com *.pushwoosh.com *.google.com *.gstatic.com *.quickteller.com 'self' *.interswitchng.com *.algolianet.com *.algolia.net https://cdnjs.cloudflare.com/ajax/libs/lazysizes/4.0.2/lazysizes.min.js https://www.googletagmanager.com/ fullstory.com https://static.ads-twitter.com/uwt.js https://ajax.cloudflare.com *.twitter.com https://storage.googleapis.com https://creativecdn.com https://js-agent.newrelic.com/nr-1099.min.js http://static.ads-twitter.com/uwt.js *.livechatinc.com *.postaffiliatepro.com https://connect.facebook.net/en_US/fbds.js *.doubleclick.net *.hotjar.com *.cloudfront.net/capture/UAT/konga.js https://stats.g.doubleclick.net https://s.yimg.com/wi/ytc.js *.salecycle.com/ https://sp.analytics.yahoo.com https://static.criteo.net/js/ld/ld.js *.criteo.com *.chartbeat.com https://creativecdn.com; img-src * data: https://creativecdn.com; frame-src 'self' *.igbimo.com *.konga.com *.kongapay.com *.youtube.com *.google.com https://d22j4fzzszoii2.cloudfront.net *.quickteller.com https://www.googletagmanager.com/ *.livechatinc.com *.hotjar.com *.salecycle.com https://dis.eu.criteo.com/; font-src 'self' data: *.livechatinc.com *.themes.googleusercontent.com; connect-src 'self' *.igbimo.com *.konga.com https://sentry.io *.google-analytics.com *.pushwoosh.com *.cloudinary.com https://www.google-analytics.com *.quickteller.com *.algolianet.com *.algolia.net *.fullstory.com *.doubleclick.net *.salecycle.com *.chartbeat.com *.google.com *.hotjar.com https://stats.g.doubleclick.net https://creativecdn.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=6ad79fea-b505-42be-bc88-831f74006ef5 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=23e6879b-75f4-4e5d-9101-6fa188b05cc5 1
base-uri 'self'; connect-src 'self' *.pixiv.net *.pawoo.net www.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com www.googleadservices.com www.google.co.jp b92.yahoo.co.jp *.buyee.jp d.line-scdn.net stats.g.doubleclick.net ekr.zdassets.com *.zendesk.com booth.pm *.booth.pm booth.pximg.net; frame-src player.vimeo.com w.soundcloud.com www.slideshare.net www.youtube.com bandcamp.com sketchfab.com *.google.com *.facebook.com *.facebook.net *.twitter.com social-plugins.line.me *.g.doubleclick.net www.googletagmanager.com booth.karakuri.ai booth.pm *.booth.pm factory.pixiv.net booth.pximg.net; object-src 'none'; script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample' 'nonce-MKKYSiFw+Jy2lpAtg0W+1a8P3cAGhyVsPeICYxZlS44=' 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4226fe83-f01a-46e1-b2c5-02032eb3541a 1
frame-ancestors 'self' search.edweek.org blogs.edweek.org webadmin.edweek.org edweek.org www.edweek.org edweekevents.org app.optimizely.com www.optimizelyedit.com www.clearslide.com 1
frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.doubleclick.net https://connect.facebook.net; worker-src 'self' https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.doubleclick.net https://connect.facebook.net 1
default-src *.mail.ru https://*.mail.ru mail.ru https://mail.ru *.imgsmail.ru https://*.imgsmail.ru *.devmail.ru https://*.devmail.ru *.yandex.net https://*.yandex.net *.yandex.ru https://*.yandex.ru *.yandexadexchange.net https://*.yandexadexchange.net yastatic.net https://yastatic.net *.yastatic.net https://*.yastatic.net *.mycdn.me icq.com https://icq.com *.icq.com https://*.icq.com icq.net https://icq.net *.icq.net https://*.icq.net ok.ru https://ok.ru *.ok.ru https://*.ok.ru odnoklassniki.ru *.odnoklassniki.ru *.mradx.net 2gis.com https://2gis.com *.2gis.com https://*.2gis.com 2gis.ru https://2gis.ru *.2gis.ru https://*.2gis.ru; font-src data: *.mail.ru *.imgsmail.ru *.devmail.ru yastatic.net https://yastatic.net *.yastatic.net https://*.yastatic.net; img-src data: http: https:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.mradx.net https://*.mradx.net icq.com https://icq.com *.icq.com https://*.icq.com icq.net https://icq.net *.icq.net https://*.icq.net *.imgsmail.ru https://*.imgsmail.ru *.devmail.ru https://*.devmail.ru ok.ru https://ok.ru *.ok.ru https://*.ok.ru *.odnoklassniki.ru *.yandex.ru https://*.yandex.ru yastatic.net https://yastatic.net *.yastatic.net https://*.yastatic.net 2gis.com https://2gis.com *.2gis.com https://*.2gis.com 2gis.ru https://2gis.ru *.2gis.ru https://*.2gis.ru *.google-analytics.com https://*.google-analytics.com 'nonce-twpYbI6yYtirAKgkn7cgmDGZsHTmopmOMF3Izcnr'; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.devmail.ru *.yandex.net https://*.yandex.net 2gis.com https://2gis.com *.2gis.com https://*.2gis.com 2gis.ru https://2gis.ru *.2gis.ru https://*.2gis.ru yastatic.net https://yastatic.net *.yastatic.net https://*.yastatic.net; report-uri https://go.mail.ru/csp-report?qid=0334c9a2e935c0e0&user_type=2a 1
default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rhrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://maps.google.com https://maps.googleapis.com https://apis.google.com https://ajax.googleapis.com; img-src 'self' data: https://*.rhrz.uni-bonn.de https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://i.ytimg.com https://maps.gstatic.com https://maps.google.com https://www.uni-bonn.de https://*.googleapis.com https://*.uni-bonn.de; style-src 'self' 'unsafe-inline' https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://www.youtube.com https://www.youtube-nocookie.com https://content.googleapis.com mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://shortener.rhrz.uni-bonn.de https://apis.google.com; 1
frame-ancestors 'self' *.dimelochat.com *.engagement.dimelo.com *.abtasty.com 1
frame-ancestors 'self' file: filesystem: http://localhost:8080 app.optimizely.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.adroll.com https://*.cloudfront.net https://*.cnetcontent.com https://*.cnetcontentsolutions.com https://www.dwin1.com https://e2d2.easy2.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlecommerce.com https://*.googletagmanager.com https://storage.googleapis.com/code.snapengage.com/ https://*.reevoo.com/ https://www.snapengage.com https://api.treepodia.com https://*.marketinghub.opentext.com https://www.googlecommerce.com https://www.gstatic.com/ https://*.hotjar.com https://bat.bing.com/bat.js https://*.facebook.net https://*.twitter.com https://*.pinterest.com https://content.webcollage.net https://*.visualwebsiteoptimizer.com https://*.exponea.com https://analytics.webgains.io blob: https://d.turn.com https://console.turn.com https://secure.dekopay.com https://*.doubleclick.net https://*.criteo.net https://*.criteo.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cnetcontentsolutions.com https://*.cnetcontent.com https://mark.reevoo.com https://tagmanager.google.com https://*.marketinghub.opentext.com https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com; img-src 'self' data: https://secure.leadback.advertising.com https://bat.bing.com https://*.cloudfront.net https://*.cnetcontent.com/ https://*.cnetcontentsolutions.com https://*.cnetcontentsyndication.com https://*.doubleclick.net https://www.dsply.com https://img.ebyrcdn.net https://image.ebuyer.com https://static.ebuyer.com https://*.facebook.com https://*.google.ie https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://storage.googleapis.com/code.snapengage.com/ https://www.googlecommerce.com https://*.gstatic.com https://bat.r.msn.com https://*.marketinghub.opentext.com https://*.pinterest.com https://*.reevoo.com https://www.snapengage.com https://*.twitter.com https://*.webcollage.net https://ads.yahoo.com https://ad.yieldmanager.com https://*.visualwebsiteoptimizer.com https://w-it.m-t.io; media-src https://videos.treepodia.com; frame-src 'self' https://www.channelcentral.net https://*.cnetcontentsolutions.com https://www.eventbrite.co.uk https://*.reevoo.com https://www.snapengage.com https://www.marketinghub.opentext.com https://www.googlecommerce.com https://*.google.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://*.youtube.com https://*.cc.cnetcontent.com https://*.visualwebsiteoptimizer.com https://*.doubleclick.net https://*.criteo.com; font-src 'self' 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.visualwebsiteoptimizer.com; connect-src 'self' https://*.hotjar.com ws://*.hotjar.com https://*.marketinghub.opentext.com https://*.googlecommerce.com https://*.google-analytics.com https://*.visualwebsiteoptimizer.com https://*.exponea.com https://console.turn.com orders.ebuyer.com; 1
base-uri 'none'; default-src 'none'; child-src *.google.com *.youtube.com; connect-src 'self'; font-src 'self' use.fontawesome.com fonts.gstatic.com; form-action 'self' *; frame-ancestors 'none'; img-src 'self' *.wikimedia.org data:; media-src 'none'; object-src 'none'; script-src 'self' *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' use.fontawesome.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; 1
default-src 'self' https://lxelma5p.bfinv.de ; style-src 'self' ; media-src 'self' https://www.elster.de https://download.elster.de ; img-src 'self' https://www.elster.de https://anycast.elster.de ; form-action 'self' ; connect-src 'self' https://lxelma5p.bfinv.de ws: wss: https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; frame-src 'self' 1
frame-ancestors http://*.house.gov https://*.house.gov http://*.senate.gov https://*.senate.gov http://*.loc.gov https://*.loc.gov 1
frame-ancestors 'self' http://procore.lookbookhq.com https://procore.lookbookhq.com http://explore.procore.com https://explore.procore.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=05e687d6-72cd-489e-ad5c-65244839ca4a 1
default-src 'self' https://tools-static.wmflabs.org; child-src 'none'; object-src 'none'; img-src 'self' data: https://tools-static.wmflabs.org 1
frame-ancestors 'self' http://www.momondo.com.br http://www.mundi.com.br http://www.kayak.com.br http://www.kayak.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f3cd15b9-318a-422d-a423-c2a994f2d9c1 1
default-src https:; img-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.asb.co.nz https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.nz https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.twitter.com https://*.youtube-nocookie.com https://*.youtube.com https://asbbankltd.tt.omtrdc.net https://d3f5l8ze0o4j2m.cloudfront.net https://quoteapi.com https://dpm.demdex.net https://asb.demdex.net https://*.pingdom.net https://nebula-cdn.kampyle.com; worker-src 'self' blob:; 1
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 1
default-src 'self'; child-src 'self' share.intercom.io connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net youtube.com www.youtube.com js.stripe.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com; connect-src 'self' app.intercom.io app.intercom.com api.intercom.io api-iam.intercom.io api-ping.intercom.io js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com *.hotjar.com:* sentry.io wss://*.hotjar.com www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com; font-src data: https:; img-src data: blob: https:; media-src data: blob: https:; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.ads-twitter.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-z/9nDoNHP2vSj7/ZDI6iZcnjQPFtB7Phvvanm+2z7zs='; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com tagmanager.google.com 1
style-src 'self' *.via.com/ *.googleapis.com/ *.google.com/ 'unsafe-eval' 'unsafe-inline' *.olark.com; font-src 'self' fonts.gstatic.com/ *.via.com/ *.facebook.com; img-src 'self' data: https://images.via.com https://cdn.via.com https://images4.via.com/ https://www.tripadvisor.com *.via.com/ *.googleapis.com *.gstatic.com *.google.com/ *.google.co.in/ googleads.g.doubleclick.net/ *.facebook.com www.google-analytics.com/ www.googleadservices.com/ stats.g.doubleclick.net/ www.tripadvisor.com/ *.firebaseio.com *.cloudfront.net/js/ct_logo.svg *.googletraveladservices.com www.googletagmanager.com/; script-src 'self' *.via.com/ *.olark.com *.googleapis.com *.google.com/ 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ wzrkt.com/ *.cloudfront.net webchat.helpshift.com/ googleads.g.doubleclick.net/ bid.g.doubleclick.net/ *.firebaseio.com s3.ap-south-1.amazonaws.com/flexmoney-public/smart-detect/sud-kit/production/; frame-src *.facebook.com *.youtube.com *.google.com/ ads-feeder.appspot.com/ *.olark.com *.webchat.helpshift.com/ flightraja.helpshift.com *.firebaseio.com bid.g.doubleclick.net/; connect-src 'self' *.via.com/ *.googleapis.com *.google.com/ www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ wzrkt.com/ *.cloudfront.net *.firebaseio.com/ *.itzcash.com/ instacred.me/v1/smartUserDetect 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.ampproject.org *.twitter.com *.twimg.com *.google-analytics.com *.youtube.com *.ytimg.com *.google.com *.gstatic.com    ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.twimg.com *.ytimg.com *.twitter.com storage.googleapis.com *.googleusercontent.com *.google-analytics.com *.ampproject.org *.gravatar.com *.google.com *.gstatic.com; default-src 'self'; frame-src 'self' *.twitter.com *.googleapis.com *.youtube.com *.ampproject.org *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.twimg.com *.ampproject.org *.google.com; media-src 'self' storage.googleapis.com *.google.com; connect-src 'self' *.twitter.com *.googleapis.com *.youtube.com *.ampproject.org *.google.com *.google-analytics.com; font-src 'self' data: storage.googleapis.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.ampproject.org 1
object-src 'none'; block-all-mixed-content 1
frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=fd165fda-4e11-4cab-b507-f2f271a4f5ce 1
default-src 'self' https://www.s1gateway.com https://my.matterport.com/ https://claroarg.s1gateway.com https://chat.claroarg.s1gateway.com http://www.googletagmanager.com http://agentcore.s3.amazonaws.com http://agentbot.s3.amazonaws.com https://www.ssbue-nwc.com/ http://www.ssbue-nwc.com/ http://pagead2.googlesyndication.com http://d2fl436cxqx5bs.cloudfront.net http://prod-agentim.agentbot.net http://cdn.agentbot.net http://*.inbenta.com http://*.sohosq-nwc.com.ar http://ad.doubleclick.net http://red.natura.cl http://adserve.atedra.com http://*.hotjar.com http://*.google.com http://ajax.aspnetcdn.com http://adapter.aivo.co http://*.gstatic.com http://*.googleapis.com http://*.clarovideo.net http://*.claromusica.com http://*.facebook.com http://*.facebook.net http://www.claromusica.com http://*.googleadservices.com http://claroarg.s1gateway.com http://corp.maplink.com.br  http://*.doubleclick.net http://claro-ar.agentbot.net http://tienda.claro.com.ar http://cdn.jsdelivr.net http://apibot.agentbot.net http://apibot2.agentbot.net http://*.google.com http://s.ytimg.com http://*.google.com.mx http://red.natura.cl http://www.google-analytics.com  http://agentbot.net http://rawgit.com http://auth0.com http://pusher.com http://intercom.io http://gravatar.com http://cloudfront.net http://jsdelivr.net http://rollbar.com http://ravenjs.com http://google-analytics.com http://s3.amazonaws.com http://adapter.aivo.co data: 'unsafe-inline' 'unsafe-eval' https://www.youtube.com 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-5a611f4ee7330459a0078e2f17f992' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=08c27f5f-24ef-47f2-9d74-4fd871cb8662&version=abdcaa3df793750c2e75b294132b15b38b8f8b08 1
frame-ancestors 'self' *.digitalplayground.com 1
frame-ancestors 'self' bcit.ca *.bcit.ca 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=66d58ee9-eba2-4870-b7ab-619918b8cd11 1
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp speee-ad.akamaized.net *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 1
default-src 'self' 'unsafe-inline' https://materials.8card.net https://assets.8card.net; child-src 'self' www.googletagmanager.com b.yjtag.jp js.fout.jp www.google.com www.google.co.jp www.facebook.com static.ak.facebook.com s-static.ak.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net js.stripe.com materials.8card.net; connect-src 'self' *.8card.net graph.facebook.com bam.nr-data.net; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net www.googletagmanager.com s.yjtag.jp yjtag.yahoo.co.jp y.nakanohito.jp connect.facebook.net fonts.googleapis.com www.google-analytics.com s.thebrighttag.com s.yimg.jp b92.yahoo.co.jp b97.yahoo.co.jp platform.twitter.com graph.facebook.com js-agent.newrelic.com bam.nr-data.net www.googleadservices.com atm.im-apps.net cdn.smartnews-ads.com js.stripe.com googleads.g.doubleclick.net www.google.com www.google.co.jp tagmanager.google.com static.ads-twitter.com analytics.twitter.com d-cache.microad.jp cdn.treasuredata.com aid.send.microad.jp in.treasuredata.com acq-3pas.admatrix.jp pi.pardot.com *.8card.net assets.8card.net:443; style-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com fonts.googleapis.com materials.8card.net assets.8card.net assets.8card.net:443 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d98df25c-5302-4aa3-b396-ee65b5d6f29f 1
frame-ancestors https://mobile.eurobet.it https://eurobet.marketing.adobe.com 1
default-src 'self' *.rating-widget.com *.twimg.com *.twitter.com *.googleapis.com *.gstatic.com *.google.it *.macromedia.com *.google-analytics.com *.facebook.net *.sharethis.com *.google.com opendataavcp.interno.it 'unsafe-inline' 'unsafe-eval';img-src 'self' data: i.rw.gs *.rating-widget.com *.twitter.com *.twimg.com *.poliziadistato.it opendataavcp.interno.it l.sharethis.com *.facebook.com *.google-analytics.com *.gstatic.com *.gravatar.com *.googleapis.com s.w.org *.google.it; style-src 'self' *.twimg.com *.rating-widget.com *.twitter.com opendataavcp.interno.it *.sharethis.com 'unsafe-inline' *.googleapis.com; frame-src 'self' storify.com *.storify.com *.twitter.com opendataavcp.interno.it *.facebook.com *.facebook.com *.sharethis.com *.facebook.com *.youtube.com *.google.com; child-src 'self' opendataavcp.interno.it *.facebook.com *.sharethis.com *.youtube.com *.google.com *.twitter.com; font-src 'self' data: opendataavcp.interno.it *.gstatic.com 1
default-src http: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self'; 1
frame-ancestors 'self' *.wildberries.kz 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://play2.qbrick.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com https://qbrick.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.fi https://code.highcharts.com; object-src 'self' https://qbrick.com *.qbrick.com; frame-src 'self' https://android.com https://windowsphone.com https://qbrick.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com; 1
report-uri https://www.asstr.org/csp-report.php ; upgrade-insecure-requests ; child-src https://*.google.com/ https://*.asstr.org http://*.nifty.org https://www.google.com ; img-src https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.statcounter.com/ https://*.google-analytics.com https://*.google.com ; script-src https://cdn.jsdelivr.net/ https://*.tawk.to/ https://*.bootstrapcdn.com/ https://*.statcounter.com/ https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.googleapis.com/ https://*.google-analytics.com https://*.google.com 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.asstr.org 1
upgrade-insecure-requests; default-src https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://cdn.jsdelivr.net/npm/md5-jkmyers@0.0.1/md5.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org; connect-src 'self' https://*.weirdgloop.org; img-src data: https:; media-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org; 1
script-src blob: 'self' 'unsafe-inline' 'unsafe-eval'  *  https: data data: safari-extension:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * https: data: gsa: *.factorydirectcraft.com *; style-src 'self' 'unsafe-inline' *; frame-ancestors https://*.facebook.com 'self' 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.thehut.com/cspReport.txt; 1
frame-ancestors 'self' http://info.barchart.com 1
'frame-ancestors' http://localhost:8100 https//*.tn.gov 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: ws: *.gifer.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.gstatic.com *.polyfill.io tagmanager.google.com gifer.b-cdn.net; style-src 'self' 'unsafe-inline' *.googleapis.com gifer.b-cdn.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu; media-src 'self' https://*.boisestate.edu *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net; object-src 'self' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' *.google.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imedia.cz *.sdn.szn.cz *.szn.cz *.sklik.cz http://*.imedia.cz https://*.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.garaz.cz https://www.garaz.cz *.pubmatic.com *.adform.net *.pliing.com *.adnxs.com; frame-ancestors 'self' www.seznam.cz adminclanky.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1
frame-ancestors 'self' https://*.doubleclick.net https://*.thedailymeal.com https://*.deployads.com https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.criteo.com https://*.casalemedia.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=17addfec-780a-46c7-a292-9e177cc71ead 1
frame-ancestors 'self' eczaurus.jp *.eczaurus.jp 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.br  ; frame-src 'self' *.indeed.com *.indeed.com.br https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.br d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org;style-src 'self' 'unsafe-inline';font-src 'self' https://*.gstatic.com;img-src 'self' https://images.dmca.com https://appn.center https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;media-src 'none';object-src https://*.googlesyndication.com;frame-src 'self' https://*.doubleclick.net https://*.google.com https://appn.center;connect-src 'self' https://appn.center https://*.google-analytics.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;form-action https://*.paypal.com;base-uri 'self';manifest-src 'self';report-uri https://appn.center/apiv1/csp; 1
default-src 'self' *.lever.co *.pushcrew.com *.sharethis.com *.consensu.org *.demandbase.com *.company-target.com *.akamaihd.net *.google.com *.litix.io *.outreach.io *.segment.io *.fullstory.com *.quora.com *.wistia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ipify.org *.ipstack.com *.personyze.com *.g2crowd.com *.google.com *.pushcrew.com pushcrew.com disqus.com *.capterra.com *.cloudflare.com *.cloudfront.net *.linkedin.com *.doubleclick.net *.influitive.com *.fullstory.com *.licdn.com *.wistia.com *.disquscdn.com *.sharethis.com *.disqus.com *.quora.com *.googletagmanager.com *.bing.com *.googleadservices.com *.facebook.net *.demandbase.com *.company-target.com *.adroll.com *.driftt.com *.outreach.io *.fullstory.com *.madkudu.com *.greenhouse.io *.google-analytics.com *.pardot.com *.fontawesome.com *.segment.com *.googleapis.com *.bizible.com *.clearbit.com *.bugcrowdusercontent.com *.facebook.com *.disqus.com *.bugcrowd.com bugcrowd.com; style-src 'self' 'unsafe-inline' *.google.com *.pushcrew.com pushcrew.com *.googleapis.com *.cloudfront.net *.disquscdn.com *.influitive.com *.fontawesome.com *.outreach.io; img-src * data:; media-src * blob: *.akamaihd.net *.outreach.io; frame-src *; font-src 'self' data: *.fontawesome.com *.cloudfront.net *.gstatic.com 1
frame-ancestors www.red-gate.com 1
default-src 'self'; script-src 'self' service.bmf.gv.at static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; child-src 'self'; frame-src *; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'unsafe-inline' 'unsafe-eval' data: * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://*.heapanalytics.com http://*.heapanalytics.com https://cdn.firstpromoter.com https://canny.io; report-uri /ajax/csp_report.php; 1
connect-src https://api.posteo.de https://payment.posteo.de https://cdn.posteo.de wss://posteo.de 'self'; child-src 'self'; font-src 'self' data:; form-action https://www.paypal.com 'self' data:; frame-ancestors 'self'; frame-src 'self' blob:; img-src data: *; media-src 'self' https://cdn.posteo.de; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'none'; reflected-xss block; referrer no-referrer; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.surrey.ac.uk hello.myfonts.net www.google.com www.google.co.uk www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.youtube.com d2oh4tlt9mrke9.cloudfront.net cdnjs.cloudflare.com *.linkedin.com *.bizographics.com *.click4assistance.co.uk *.seatadvisor.com connect.facebook.net ws.sessioncam.com *.googleapis.com widget.unistats.ac.uk *.gstatic.com *.facebook.com *.twitter.com *.twimg.com *.blackbaudhosting.com *.ads-twitter.com t.co *.ads.linkedin.com *.g.doubleclick.net snap.licdn.com scontent.cdninstagram.com js-agent.newrelic.com cdn.rawgit.com *.youtube-nocookie.com cdn.polyfill.io surrey.funnelback.co.uk *.instagram.com; 1
frame-ancestors 'self' *.ucr.ac.cr 1
frame-src 'self' https://*.smartthings.com https://a786852172.cdn.optimizely.com https://connect.facebook.net; frame-ancestors https://*.smartthings.com; script-src 'self' 'unsafe-inline' https://*.smartthings.com  https://d3ijxvf5kli6f6.cloudfront.net https://d3v2iotzttomfo.cloudfront.net https://d1mgcpums0qvsa.cloudfront.net http://d1mgcpums0qvsa.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; style-src 'self' 'unsafe-inline' https://d3ijxvf5kli6f6.cloudfront.net https://d3v2iotzttomfo.cloudfront.net 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.thesprucepets.com *.qa.aws.thesprucepets.com atlas.thesprucepets.com atlas.local.thesprucepets.com 1
frame-ancestors 'self' https://tempoconbisbal.com http://www.endesadiagnosticoenergetico.com http://www.endesadiagnosticoenergetico.com https://www.facebook.es https://www.facebook.com https://www.aaff.endesaclientes.com 1
media-src 'self' * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com; 1
upgrade-insecure-requests; frame-ancestors 'self' *.orange.ro  1
img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.facebook.com https://*.google.ru https://*.mail.ru; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru ajax.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://sentry.medrating.org https://stats.g.doubleclick.net https://*.facebook.com; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net; font-src 'self' https://*.gstatic.com *.gstatic.com; default-src 'self'; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru; frame-src *; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; report-uri https://prodoctorov.ru/cspreport/ 1
default-src https://*.f-list.net; frame-src https://www.google.com/recaptcha/; script-src https://*.f-list.net https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; img-src data: https://*.f-list.net https://www.google.com https://www.google-analytics.com https://ads.dragonfru.it; style-src https://*.f-list.net 'unsafe-inline'; connect-src https://*.f-list.net https://ads.dragonfru.it wss://chat.f-list.net:9799 ws://chat.f-list.net:9722 wss://chat.f-list.net:8799 ws://chat.f-list.net:8722; 1
child-src *; connect-src 'self' https://slevomat.sgcdn.cz https://www.google-analytics.com https://maps.googleapis.com/ wss://www.slevomat.cz https://www.facebook.com https://stats.g.doubleclick.net https://*.google.com https://*.google.cz https://*.google.sk https://*.hotjar.com wss://*.hotjar.com; default-src 'self'; font-src 'self' data: https://slevomat.sgcdn.cz https://themes.googleusercontent.com https://*.gstatic.com https://cdn.livechatinc.com https://*.hotjar.com; form-action 'self' https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self'; frame-src *; img-src data: *; media-src 'self' https://slevomat.sgcdn.cz https://cdn.livechatinc.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://slevomat.sgcdn.cz https://*.doubleclick.net https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://masterpass.com https://impass.iplatebnibrana.csob.cz https://www.googletagmanager.com https://www.google-analytics.com https://*.googleadservices.com https://www.google.cz https://www.google.sk https://*.livechatinc.com https://www.youtube.com https://*.ytimg.com https://muj.skrz.cz https://*.hotjar.com https://*.leady.com https://*.rival.cz https://*.criteo.net https://*.criteo.com; style-src 'self' 'unsafe-inline' https://slevomat.sgcdn.cz https://*.google.com https://*.googleapis.com https://masterpass.com; report-uri /csplog 1
connect-src 'self' logx.optimizely.com *.optimizely.com api.segment.io https://*.internal-weedmaps.com https://*.weedmaps.com https://internal-weedmaps.com https://weedmaps.com api.amplitude.com *.google-analytics.com cdn.contentful.com performance.typekit.net *.uptime.com api.honeybadger.io;default-src 'none';font-src 'self' data: use.typekit.net;frame-ancestors 'self';frame-src 'self' hire.withgoogle.com www.youtube.com app.optimizely.com a6360251288.cdn.optimizely.com www.google.com https://*.instagram.com https://*.twitter.com https://*.facebook.com;img-src 'self' data: stats.g.doubleclick.net *.google-analytics.com *.weedmaps.com https://wm-platform-users-production.s3-us-west-2.amazonaws.com *.internal-weedmaps.com weedmaps-uploads-production.s3.amazonaws.com p.typekit.net i.ytimg.com api.mapbox.com acuityplatform.com *.ytimg.com *.google.com cdn.optimizely.com pixel-a.basis.net *.twimg.com *.twitter.com images.ctfassets.net;report-uri https://api-g.weedmaps.com/policy/reports;script-src 'self' 'unsafe-eval' *.google-analytics.com d24n15hnbwhuhn.cloudfront.net cdn.segment.com acuityplatform.com use.typekit.net *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com js.honeybadger.io cdn.polyfill.io https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uptime.com *.instagram.com https://*.twitter.com https://*.twimg.com https://*.facebook.net 'nonce-QnVwyfwx/nXRos7omLqxnAMeRyutEROTqVinnjhkMC/YMZYN' ;style-src 'self' data: 'unsafe-inline' *.twitter.com *.twimg.com;manifest-src 'self' 1
frame-ancestors 'self' *.maxmodels.pl:* 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * 1
frame-ancestors 'self' '*.adultdvdtalk.com' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: 'unsafe-inline' 'unsafe-eval'; object-src https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /uri-directive; 1
report-uri //www.shihuo.cn/api/cspReport;child-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com;frame-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com;default-src 'unsafe-inline' 'unsafe-eval' http://*.hupu.com https://*.hupu.com http://*.alicdn.com https://*.alicdn.com http://*.taobaocdn.com https://*.taobaocdn.com http://*.taobao.com https://*.taobao.com http://*.alimama.cn http://*.tbcdn.cn https://*.alimama.cn http://*.doubleclick.net https://*.doubleclick.net *.hoopchina.com.cn *.hupucdn.com *.weibo.com *.google.com *.shihuo.cn *.qq.com *.cnzz.com *.mmstat.com *.c-cnzz.com *.googleadservices.com *.googleadsserving.cn *.googletagservices.com *.googlesyndication.com *.haitaodashi.cn *.baidu.com *.sinajs.cn *.gstatic.com *.appadhoc.com *.tanx.com www.bilibili.com *.qiniu.com data: shimage: 1
frame-ancestors 'self' https://solutions.sciquest.com https://service.ariba.com https://usertest.sciquest.com https://s1.ariba.com http://admin.atgstores.com/ https://admin.atgstores.com/ 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8c3c470b-d68d-41c4-8ae3-459207fa00f9 1
script-src         'self'         'unsafe-inline'         'unsafe-eval'         blob:         d2e70e9yced57e.cloudfront.net         d2k0escgkdw2ev.cloudfront.net         *.googleapis.com         *.google.com         *.gstatic.com         *.google-analytics.com         www.googletagmanager.com         www.googleadservices.com         googleads.g.doubleclick.net         cdn.ampproject.org         bat.bing.com         s.yimg.com         cdn.taboola.com         sp.analytics.yahoo.com         *.facebook.com         connect.facebook.net         www.linkedin.com         www.reddit.com         *.twitter.com         *.linkedin.com         *.pinterest.com         *.reddit.com         www.dianomi.com         loadus.exelator.com         ct.buyright.com         affiliate.icclicktracker.com         amplify.outbrain.com         track.supersonicads.com         ads.trafficjunky.net         cdn.ckeditor.com         *.wistia.com     ; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:;upgrade-insecure-requests; block-all-mixed-content; report-uri https://c049889f47b6f90358ef9bb3f6b3d2ac.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self';connect-src 'self' https://am.freshrelevance.com wss://am.freshrelevance.com https://www.google-analytics.com https://capture.trackjs.com https://stats.g.doubleclick.net https://*.instagram.com https://login.microsoftonline.com https://*.facebook.com https://*.richrelevance.com https://*.zopim.com https://*.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zdassets.com;default-src *.verkkokauppa.com https://*.verk.net;font-src 'self' fonts.googleapis.com fonts.gstatic.com v2.zopim.com data:;form-action 'self' connect.facebook.net;frame-ancestors 'self';frame-src 'self' https://view.24mags.com/schedule/verkkokauppa.com/ www.googletagmanager.com www.youtube.com connect.facebook.net login.microsoftonline.com login.live.com player.twitch.tv *.google.com *.facebook.com *.instagram.com *.doubleclick.net livestream.com;img-src 'self' *.verkkokauppa.com https://*.verk.net *.google-analytics.com *.google.com *.googletagmanager.com www.google.fi www.google.ru www.google.se www.google.no www.google.de www.google.pl www.google.ee www.google.nl www.google.co.uk *.googleapis.com *.facebook.com *.instagram.com *.cdninstagram.com *.bazaarvoice.com img.youtube.com usage.trackjs.com adsby.improveads.fi i.ytimg.com www.gstatic.com *.doubleclick.net v2.zopim.com data: blob:;object-src 'none';script-src 'self' *.verkkokauppa.com https://*.verk.net blob: connect.facebook.net graph.facebook.com secure.aadcdn.microsoftonline-p.com www.gstatic.com cdnjs.cloudflare.com www.google.fi www.google.ru www.google.se www.google.no www.google.de www.google.pl www.google.ee www.google.nl www.google.co.uk www.googletagmanager.com www.googleadservices.com am.freshrelevance.com cdn.ampproject.org cdn.polyfill.io *.google.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.instagram.com *.cloudfront.net *.zopim.com *.zdassets.com 'unsafe-inline' 'unsafe-eval';style-src 'self' *.verkkokauppa.com https://*.verk.net fonts.googleapis.com *.instagram.com 'unsafe-inline';report-uri https://verkkokauppa.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; frame-ancestors 'self' 'unsafe-inline' blob: *.foodtecsolutions.com *.foodtecsolutions.com:* *.google.com *.opentable.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.facebook.com https://connect.facebook.net https://cdn.syndication.twimg.com https://js.hs-scripts.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://salesiq.zoho.com/widget https://campaigns.zoho.com https://maillist-manage.com https://crm.zoho.com https://js.zohostatic.com https://vts.zohopublic.com https://unpkg.com *.adroll.com *.cloudfront.net; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=dd42ceaf-5f65-4f80-b95a-7e095a10bf74 1
default-src 'self'; script-src https://www.gstatic.com https://www.google.com http://api.recaptcha.net https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com 'self'; style-src https://cdn.jotfor.ms https://fonts.googleapis.com http://api.recaptcha.net 'self' 'unsafe-inline'; img-src https://imgstatic.phonepe.com http://images.phonepe.com http://api.recaptcha.net https://cdn.jotfor.ms 'self' https://www.google-analytics.com; font-src https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src 'self'; frame-src http://api.recaptcha.net https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com; report-uri https://csp.phonepe.com/log 1
frame-ancestors * 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' *.diplomatie.gouv.fr *.aticdn.net  *.france-visas.gouv.fr france-visas.gouv.fr; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=1b7ca58f-e1e0-466a-97de-0340bd92b704 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /crs_csp_report_parser; 1
script-src 'self' *.interpublic.com *.google.com *.googleapis.com *.googlecode.com *.google-analytics.com netdna.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com s7.addthis.com m.addthis.com m.addthisedge.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.interpublic.com; report-uri /srv/csp/reportUnsafeJS.php?sender=Content-Security-Policy 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/architectural-digest 1
default-src 'none'; connect-src 'self' https://fastmail.innocraft.cloud; img-src 'self' data: https://*.fastmail.com https://fastmail.innocraft.cloud https://*.twimg.com; font-src 'self' data: https://*.fastmail.com; style-src 'self' 'unsafe-inline' https://*.fastmail.com; script-src 'self' 'unsafe-eval' https://*.fastmail.com https://api.pin.net.au https://api.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; child-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; frame-ancestors 'none'; 1
frame-ancestors 'self' http://jobspreader.com 1
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex runetki.com *.r.acdnpro.com syndication.exosrv.com;img-src * data: stat.clickfrog.ru clfg.ru;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru franecki.net stat.clickfrog.ru clfg.ru *.r.acdnpro.com s.admulti.com gag.admulti.com https://mc.yandex.ru http://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com ads.exosrv.com;child-src 'self' blob: 1
frame-ancestors 'self' https://*.oakley.com http://*.oakley.com https://*.prd.oakley.com http://*.prd.oakley.com; 1
base-uri 'self'; default-src 'self'; child-src 'none'; connect-src 'self' https://eshop.martinus.lsk http://eshop.martinus.lsk eshop.martinus.lsk https://eshop.martinus.sk http://eshop.martinus.sk eshop.martinus.sk https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://recommender.scarabresearch.com http://recommender.scarabresearch.com recommender.scarabresearch.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://insights.hotjar.com http://insights.hotjar.com insights.hotjar.com https://in.hotjar.com http://in.hotjar.com in.hotjar.com https://api.luigisbox.com http://api.luigisbox.com api.luigisbox.com https://live.luigisbox.com http://live.luigisbox.com live.luigisbox.com https://api.infinario.com http://api.infinario.com api.infinario.com https://api.usersnap.com http://api.usersnap.com api.usersnap.com https://23566819.log.optimizely.com http://23566819.log.optimizely.com 23566819.log.optimizely.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://qjs.quartic.pl http://qjs.quartic.pl qjs.quartic.pl https://rec-ir.quartic.pl http://rec-ir.quartic.pl rec-ir.quartic.pl https://qai-ir.quartic.pl http://qai-ir.quartic.pl qai-ir.quartic.pl https://qcs-ir.quartic.pl http://qcs-ir.quartic.pl qcs-ir.quartic.pl https://er-ir.quartic.pl http://er-ir.quartic.pl er-ir.quartic.pl https://e-ir.quartic.pl http://e-ir.quartic.pl e-ir.quartic.pl https://qcp.quartic.com.pl http://qcp.quartic.com.pl qcp.quartic.com.pl https://qonizer.quarticon.com http://qonizer.quarticon.com qonizer.quarticon.com https://qcp.quarticon.com http://qcp.quarticon.com qcp.quarticon.com https://api.quartic.pl http://api.quartic.pl api.quartic.pl; font-src https://mrtns.eu http://mrtns.eu mrtns.eu; form-action 'self' https://www.facebook.com/tr/ http://www.facebook.com/tr/ www.facebook.com/tr/ https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://ib.vub.sk http://ib.vub.sk ib.vub.sk https://3dsecure.gpwebpay.com http://3dsecure.gpwebpay.com 3dsecure.gpwebpay.com https://ib24.csob.sk http://ib24.csob.sk ib24.csob.sk https://secure.payu.com http://secure.payu.com secure.payu.com https://moja.tatrabanka.sk http://moja.tatrabanka.sk moja.tatrabanka.sk https://www.platnosci.pl http://www.platnosci.pl www.platnosci.pl https://dva.martinus.sk http://dva.martinus.sk dva.martinus.sk https://ja.martinus.sk http://ja.martinus.sk ja.martinus.sk https://klub.martinus.sk http://klub.martinus.sk klub.martinus.sk; frame-src 'self' https://www.youtube.com http://www.youtube.com www.youtube.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com http://www.facebook.com www.facebook.com https://staticxx.facebook.com http://staticxx.facebook.com staticxx.facebook.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://vars.hotjar.com http://vars.hotjar.com vars.hotjar.com https://bid.g.doubleclick.net http://bid.g.doubleclick.net bid.g.doubleclick.net https://www.google.com http://www.google.com www.google.com https://api.infinario.com http://api.infinario.com api.infinario.com https://creativecdn.com http://creativecdn.com creativecdn.com https://helpdesk.martinus.sk http://helpdesk.martinus.sk helpdesk.martinus.sk https://docs.google.com http://docs.google.com docs.google.com https://inres.uspech.sk http://inres.uspech.sk inres.uspech.sk https://ams.creativecdn.com http://ams.creativecdn.com ams.creativecdn.com https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://martinus.us17.list-manage.com http://martinus.us17.list-manage.com martinus.us17.list-manage.com; img-src * data:; media-src https://download.dibuk.eu http://download.dibuk.eu download.dibuk.eu; object-src 'none'; manifest-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://mrtns.eu http://mrtns.eu mrtns.eu https://tagmanager.google.com http://tagmanager.google.com tagmanager.google.com https://cdn.luigisbox.com http://cdn.luigisbox.com cdn.luigisbox.com https://rec-ir.quartic.pl http://rec-ir.quartic.pl rec-ir.quartic.pl 'unsafe-inline'; 1
script-src 'self' vimeo.com https://gist.github.com www.slideshare.net https://query.yahooapis.com 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.mathjax.org https://www.google.com https://apis.google.com https://docs.google.com https://www.dropbox.com https://*.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://js.driftt.com https://embed.small.chat https://static.small.chat https://www.googletagmanager.com https://cdn.ravenjs.com 'nonce-a23bae6a-6a9e-4e59-ae16-5a99e04627d8' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=' 'sha256-NZb7w9GYJNUrMEidK01d3/DEtYztrtnXC/dQw7agdY4=' 'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI='; img-src * data:; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com https://fonts.gstatic.com https://*.disquscdn.com https://static.small.chat; font-src 'self' data: https://public.slidesharecdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.disquscdn.com; object-src *; media-src *; frame-src *; child-src *; connect-src *; base-uri 'none'; form-action 'self' https://www.paypal.com; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob:; 1
frame-ancestors vanderbilt.edu/AEA 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at; child-src 'self' *.tugraz.at *.youtube.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org; img-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src * data: blob:;connect-src 'self' *.accountkit.com *.facebook.com;script-src 'self' *.fbcdn.net 127.0.0.1:* fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net blob: 'unsafe-inline' 'unsafe-eval' *.accountkit.com *.facebook.com;style-src * 'unsafe-inline' data: *.accountkit.com; 1
default-src 'self' 'unsafe-inline' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.facebook.com *.fastclick.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.sharethis.com *.skype.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com; script-src 'self' 'unsafe-inline' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.sharethis.com *.skype.com *.trustwave.com *.twimg.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com; connect-src 'self' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.sharethis.com *.skype.com *.trustwave.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com; img-src 'self' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.sharethis.com *.skype.com *.trustwave.com *.twimg.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com wwwimages2.adobe.com; style-src 'self' 'unsafe-inline' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.sharethis.com *.skype.com *.trustwave.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com; frame-src 'self' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.sharethis.com *.skype.com *.trustwave.com *.twimg.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com w.sharethis.com; font-src 'self' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.intertops.eu *.skype.com *.trustwave.com *.twitter.com *.vegasinsider.com *.wagerpartner.com affiliate.intertops.eu ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net data: gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com w.sharethis.com; object-src 'self' *.vegasinsider.com  *.addtoany.com *.amazonaws.com *.commission.bz *.Dotomi.com *.facebook.com *.fastclick.net *.g.doubleclick.net *.geotrust.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.googlezip.net *.gstatic.com *.sharethis.com *.skype.com *.trustwave.com *.twimg.com *.twitter.com *.vegasinsider.com *.wagerpartner.com ajax.googleapis.com ajax.googleapis.com banners.bmaker.ag banners.bookmaker.eu cdn.syndication.twimg.com connect.facebook.net gampad js.wagerpartner.com media.commission.bz partner.googleadservices.com pci.usd.de platform.twitter.com securepubads.g.doubleclick.net syndication.twitter.com test.com twitter.com w.sharethis.com; report-uri https://register.vegasinsider.com/csplogger.cfm; report-to https://register.vegasinsider.com/csplogger.cfm; 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-DiuOVOqCaB' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=6f91c849-6f7b-4ade-b685-39c53a2a8dfe 1
frame-ancestors *.macsales.com *.ntdist.com *.owcnow.com 1
upgrade-insecure-requests; default-src 'unsafe-eval' 'self' *.carbonads.com *.getclicky.com fonts.gstatic.com www.google-analytics.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' https: data: ;report-uri https://cdnjs.report-uri.io/r/default/hpkp/enforce 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://www.gstatic.com *.googleapis.com *.cloudflare.com; font-src 'self' *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com https://ecobank-prod.custhelp.com https://az416426.vo.msecnd.net https://googleads.g.doubleclick.net https://static.site24x7rum.com/beacon/site24x7rum-min.js?appKey=578c5570ae7412969e06428fde66dbdf *.google.com *.googletagmanager.com *.google-analytics.com *.google.ru https://static.hotjar.com https://script.hotjar.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://az416426.vo.msecnd.net *.googleapis.com *.googleadservices.com *.gstatic.com *.cloudflare.com http://*.matchingnotes.com http://matchingnotes.com *.facebook.net *.twitter.com; connect-src 'self' https://secure.ecobank.com/ContentHandler.ashx *.visualstudio.com https://insights.hotjar.com *.google-analytics.com *.googleapis.com; img-src 'self' *.cdninstagram.com *.fbcdn.net *.tile.osm.org *.gstatic.com *.googleapis.com *.google.com *.google.ru *.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.twitter.com *.openstreetmap.org data:; frame-src 'self' https://www.executiveinterviews.com/ https://ecobank-prod.custhelp.com https://vars.hotjar.com *.google.com *.youtube.com *.facebook.com *.twitter.com; 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.myprotein.jp/cspReport.txt; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; img-src 'self' https://user-content.yiiframework.com https://www.gravatar.com http://www.gravatar.com data: ; child-src 'self' https://kiwiirc.com ; frame-src 'self' https://kiwiirc.com ; upgrade-insecure-requests ; 1
frame-ancestors 'self' *.babes.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=17c0a330-2d02-4ac1-bd82-a2769961b9f3 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-eb7562a71cdb48749e3e1e2bee1ad5bd'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1
default-src 'self' *.wotspeak.org wotspeak.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com statpipe.ru adservice.google.ge googletagmanager.com adservice.google.co.uz adservice.google.pl adservice.google.md adservice.google.cz adservice.google.am adservice.google.co.il adservice.google.de adservice.google.kg adservice.google.lt adservice.google.ro adservice.google.ru adservice.google.com.ua adservice.google.kz adservice.google.nl cdn.sendpulse.com yastatic.net cse.google.ru yastatic.net cse.google.ru vk.com *.reformal.ru reformal.ru *.googleadservices.com *.tynt.com *.google.com google.com *.tynt.com share.pluso.ru www.google.ru www.google-analytics.com s7.addthis.com *.wotspeak.org wotspeak.org *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com;frame-src 'self' *.google.com cse.google.ru *.google.ru login.vk.com https://*.reformal.ru *.reformal.ru reformal.ru vk.com www.google.ru s7.addthis.com *.googleadservices.com *.wotspeak.org wotspeak.org *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com;connect-src 'self' statpipe.ru stats.g.doubleclick.net csi.gstatic.com www.google-analytics.com pushdata.sendpulse.com:4434 https://*.reformal.ru *.reformal.ru reformal.ru *.googleadservices.com *.wotspeak.org wotspeak.org mc.yandex.ru https://translate.googleapis.com https://pipe.skype.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sendpulse.com *.googleadservices.com s7.addthis.com *.wotspeak.org wotspeak.org *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru data:;font-src 'self' wotspeak.org *.reformal.ru *.googleadservices.com *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://*.yandex.ru data:;img-src 'self' static.steambets.net kolobanov.pro cdn.push.expert vk.com www.gravatar.com m.addthis.com *.reformal.ru reformal.ru *.googleadservices.com counter.yadro.ru *.tynt.com share.pluso.ru www.google.ru www.google-analytics.com https://*.google.com *.google.com google.com *.wotspeak.org wotspeak.org *.yandex.net *.yandex.ru yandex.ru yandex.st *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com https://*.yandex.net https://*.yandex.ru https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com data:;object-src 'self' static.steambets.net *.googleadservices.com *.reformal.ru reformal.ru *.gstatic.com an.yandex.ru https://*.gstatic.com https://an.yandex.ru;;report-uri https://wotspeak.org/CSP-only-my.php 1
base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://dpm.demdex.net https://www.facebook.com https://*.kbc.com; default-src 'none'; font-src 'self' data: https://static.vee24.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.kbc.be https://*.cbc.be https://*.kbcbrussels.be; frame-ancestors 'self' https://*.cbc.be https://*.kbcbrussels.be https://*.kbcgroup.eu https://*.kbc.be https://*.vee24.com https://kbcgroup.marketing.adobe.com https://kbcgroup.experiencecloud.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://assets.adobedtm.com https://kbcgroup.demdex.net https://uk.personalcard.net https://uat.serversidegraphics.com https://www.google.com/recaptcha/ https://www.youtube.com https://*.vee24.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://maps.googleapis.com https://maps.gstatic.com https://pixel.everesttech.net https://static.vee24.com https://t.co https://www.google.be https://www.google.com https://www.googleadservices.com https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net https://action.metaffiliation.com https://secure.adnxs.com https://dc.ads.linkedin.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://kbc.azureedge.net https://touch.azureedge.net https://invest.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://edash.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' 'nonce-XAyy7QpADQwAAFmBD2MAAAAv' 'strict-dynamic' data: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com;  1
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 1
frame-ancestors 'self' https://*.atrapalo.com; report-uri /csp/report; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https: wss: 1
script-src 'unsafe-eval' https://static.intsig.net https://hm.baidu.com/hm.js https://zz.bdstatic.com/linksubmit/push.js http://push.zhanzhang.baidu.com/push.js res.wx.qq.com/open/js/jweixin-1.0.0.js https://api.geetest.com/gettype.php https://api.geetest.com/ajax.php https://api.geetest.com/get.php https://api.geetest.com/refresh.php https://static.geetest.com/static/js/ https://dn-staticdown.qbox.me/static/js/ https://www.zdao.com/wx/jsconfig 'nonce-b1d83aeae86287d45cce684910a9287b' https://ikoubei.baidu.com/embed/; child-src 'self' https://open.weixin.qq.com/connect/qrconnect https://m.zdao.com zdao://zd/openweb; object-src 'none'; report-uri /csp/report 1
script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org api.map.baidu.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' fast.fonts.net; media-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.firefox.com.cn; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; report-uri /csp-violation-capture 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-MkwDRiHBuc' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
frame-ancestors 'self' apps.facebook.com ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self' 1
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src https: http://*.miisolutions.net:1935; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; connect-src https:; font-src https: data: 'unsafe-inline'; object-src https: data: 'unsafe-inline'; media-src data: https: http://*.miisolutions.net:1935 http://c.brightcove.com https://brightcove.hs.llnwd.net https://secure.brightcove.com http://brightcove.vo.llnwd.net blob:; frame-src data: https: 'self'; form-action https: 'self'; frame-ancestors http: https: 'self' http://library.uml.edu 1
default-src 'self' live-aclu-d7.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aclu.org live-aclu-d7.pantheonsite.io *.documentcloudBLOCK.org squizlabs.github.io js-agent.newrelic.com bam.nr-data.net aclu.tt.omtrdc.net cdn.tt.omtrdc.net www.youtube.com/iframe_api s.ytimg.com static.chartbeat.com static2.chartbeat.com *.chartbeat.com; object-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io; style-src 'self' 'unsafe-inline' *.aclu.org live-aclu-d7.pantheonsite.io squizlabs.github.io cdn.tt.omtrdc.net; img-src 'self' 'unsafe-inline' data: *.aclu.org live-aclu-d7.pantheonsite.io *.xip.io img.youtube.com s3.amazonaws.com smetrics.aclu.org squizlabs.github.io aclu.org omnitureengineering.d1.sc.omtrdc.net *.chartbeat.net; media-src 'self'  *.aclu.org live-aclu-d7.pantheonsite.io; frame-src 'self' *.aclu.org live-aclu-d7.pantheonsite.io *.youtube-nocookie.com *.facebook.com *.youtube.com *.newsbound.com *.vote411.org https://fora.tv *.ted.com *.storify.com *.mtvnservices.com *.thinglink.com *.theguardian.com filestorage.aclu.org *.omniture.com georgejosephmapping.carto.com w.soundcloud.com chartbeat.com *.chartbeat.com; font-src 'self' data: *.aclu.org live-aclu-d7.pantheonsite.io; connect-src 'self' live-aclu-d7.gotpantheon.com graph.facebook.com phone.reverehq.com https://action.aclu.org live-aclu-d7.pantheonsite.io https://aclu.tt.omtrdc.net mab.chartbeat.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://itnext.io https://*.itnext.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=dc00ceea-ed39-481a-b2d5-370353507dc8 1
script-src 'self' https://www.google-analytics.com/analytics.js; style-src 'self' https://fonts.googleapis.com https://*.gstatic.com; object-src 'none'; default-src 'self' https://www.google-analytics.com ; frame-src 'self' https://www.google.com https://www.youtube.com https://analytics.google.com  https://google.exceedlms.com https://google.appitierre.com/; connect-src 'self' https://inputtools.google.com ; child-src 'self' https://www.google.com https://www.youtube.com https://analytics.google.com  https://google.exceedlms.com https://google.appitierre.com/; font-src 'self' https://themes.googleusercontent.com https://*.gstatic.com; report-uri /csp 1
script-src 'self' *.xlovecam.com *.wlresources.com *.acwebconnecting.com http://*.google-analytics.com https://*.google-analytics.com https://*.gstatic.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net https://www.google.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' www.xlovecam.com:9080 www.xlovecam.com:9443 *.xlovecam.com *.wlresources.com *.acwebconnecting.com http://*.google-analytics.com https://*.google-analytics.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xlovecam.com wss://www.xlovecam.com; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com; worker-src 'self' blob:; report-uri /en/jserror/?ts=1544349674 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.coggles.com/cspReport.txt; 1
default-src 'self' blob: wss: data: https:; img-src 'self' *.cloudfront.net blob: data: https:; media-src 'self' *.cloudfront.net https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; 1
frame-ancestors 'self' *.fakehub.com 1
frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1
script-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io wss://*.crisp.chat https://*.crisp.chat *.payline.com *.youtube.com; img-src 'self' data: *.zopim.com *.crisp.chat *.google-analytics.com *.gstatic.com  *.googleapis.com; font-src 'self' data: *.zopim.com *.crisp.chat *.gstatic.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https://4ege.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://4ege.ru https://www.googletagservices.com 4oge.ru https://www.googletagservices.co https://adservice.google.ru *.repetit.ru https://adservice.google.com.ua sochinenie11.ru yastatic.net vk.com userapi.com https://cdnjs.cloudflare.com/ https://cdn.mathjax.org https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru https://*.yandex.ru yandex.ru yandex.net *.yandex.net;object-src 'self' rian.ru somit.ru videoarhivos.ru *.rian.ru ria.ru https://4ege.ru https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.yandex.ru https://*.yandex.ru yandex.ru;style-src 'self' 'unsafe-inline' https://4ege.ru *.repetit.ru https://relap.io *.googleapis.com *.gstatic.com https://fonts.googleapis.com https://yastatic.net/ https://*.gstatic.com google.com *.google.com;img-src * data: https://4ege.ru https://*.2mdn.net *.2mdn.net https://*.doubleclick.net https://*.googleapis.com *.googleapis.com https://*.googlesyndication.com https://*.gstatic.com awaps.yandex.ru *.gstatic.com;frame-src 'self' yastatic.net https://yastatic.net http://yandexadexchange.net www.thinglink.com https://www.youtube.com http://www.youtube.com http://conference.dit.mos.ru https://pro.ispringcloud.ru https://*.yandexadexchange.net 93.180.23.59 *.onlinetv.ru *.webcaster.pro *.eagleplatform.com *.vgtrk.com *.1tv.ru https://*.webinar.ru www.slideshare.net yandexadexchange.net ria.ru https://*.vsu.ru *.yandex.ru yandex.ru hse.ru https://vk.com https://*.vk.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com http://*.googleadservices.com https://*.googleadservices.com https://*.googlesyndication.com *.vk.com vk.com;font-src 'self' https://4ege.ru * data: https://*.googleapis.com https://*.gstatic.com *.gstatic.com *.googleapis.com;connect-src 'self' https://pagead2.googlesyndication.com *.repetit.ru https://4ege.ru ria.ru dl.dropboxusercontent.com https://www.youtube.com *.googlevideo.com https://*.gstatic.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://yastatic.net https://yastatic.net *.yandex.ru *.webvisor.org https://metrika-informer.com https://cdn.jsdelivr.net https://www.google-analytics.com http://*.jivosite.com https://*.jivosite.com 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.es  ; frame-src 'self' *.indeed.com *.indeed.es https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.es d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.liveabout.com *.qa.aws.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.pe  ; frame-src 'self' *.indeed.com *.indeed.com.pe https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.pe d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=bff5ba6d-3a5c-4ab9-9080-ec022c2437e4 1
default-src https: 'self' *.getpostman.com *.postman.co; font-src https: 'self' *.getpostman.com *.postman.co fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'none'; img-src * data:; script-src https: 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.pstmn.io www.google-analytics.com www.googletagmanager.com; style-src https: 'self' *.getpostman.com *.postman.co *.pstmn.io fonts.gstatic.com fonts.googleapis.com 'unsafe-inline'; connect-src wss: https: 1
script-src 'self' www.google-analytics.com blockchain.info 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.novobanco.pt srv.novobanco.pt ajax.googleapis.com code.createjs.com fonts.googleapis.com webcare.byside.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com s1.byside.com grmtech.net bs.serving-sys.com secure-ds.serving-sys.com s.ytimg.com www.youtube.com d3c3cq33003psk.cloudfront.net tagmanager.google.com www.googleadservices.com connect.facebook.net www.facebook.com; frame-ancestors 'self' sec.novobanco.pt www.olx.pt m.olx.pt www.m.olx.pt www.imovirtual.com tpc.googlesyndication.com 1
default-src * 'unsafe-inline'; font-src https: data:; frame-ancestors 'self' localhost:3000; frame-src 'self' www.mindmeister.com accounts.google.com docs.google.com dl.dropboxusercontent.com platform.harvestapp.com player.vimeo.com zapier.com www.youtube.com chrome://pdf-viewer; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.za  ; frame-src 'self' *.indeed.com *.indeed.co.za https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.za d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8368f177-f210-4064-b363-a44fe540d63f 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://*.youtube.com/iframe_api https://*.ytimg.com 'sha256-X/2y0k5CqBhwyz7GjCuTbjDh8SEG3n0yZQXUof0iutg=' 'sha256-NcpdQlNlNRkHugLjvly0tTsNmv1u+XFNMVyZJt9OME8=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-Bv1iXGLhTynxdNruU+taauqCn9hasRiuUf78c9KuhE8=' 'sha256-uiC+UX/TsEbDu+MRNmLKMUaKe4GLDDlvH+iEtlIDsog='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; default-src 'self'; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.youtube.com; img-src 'self' *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com; connect-src 'self' https://www.google-analytics.com https://getsubscriptions.withgoogle.com https://newsletter-wg.appspot.com; object-src 'none'; font-src 'self' fonts.gstatic.com; base-uri 'none' 1
frame-ancestors 'self' https://open.tcfbank.com; 1
default-src * 'unsafe-inline'; script-src 'self' blob: *.afterpay.com *.booktopia.com.au *.boldchat.com *.cdn4.forter.com *.connect.fluentretail.com *.forter.com:* *.hotjar.com *.masterpass.com *.productreview.com.au *.secure-afterpay.com.au *.secure.checkout.visa.com ajax.googleapis.com apis.google.com bam.nr-data.net bat.bing.com books.google.com books.google.com.au cdn.scarabresearch.com connect.facebook.net dev.visualwebsiteoptimizer.com google.com.au googleads.g.doubleclick.net jp-tags.mediaforge.com jp-tags.rd.linksynergy.com js-agent.newrelic.com maps.google.com maps.googleapis.com masterpass.com mpsnare.iesnare.com platform.twitter.com sslwidget.criteo.com widget.criteo.com stat.DealTime.com static.criteo.net static.powerreviews.com stats.g.doubleclick.net thm.visa.com ui.powerreviews.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src data: * 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=78cfc03b-4f1c-47a5-aada-41b75aa13f9b 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: ; img-src data: https: ; font-src data: https: 1
default-src *;script-src 'self' 'unsafe-inline'  'unsafe-eval'  changba.com *.changba.com *.changbaimg.com *.cdn.changbaimg.com *.bootcss.com *.bokecc.com *.qbox.me *.google-analytics.com *.qq.com *.alipay.com *.alibaba.com *.aliyun.com  *.alicdn.com hm.baidu.com *.cnzz.com *.cnzz.cn *.irs01.com  irs01.com zz.bdstatic.com *.zhanzhang.baidu.com s.url.cn cdn.jsdelivr.net unpkg.com;style-src * 'unsafe-inline';frame-src 'self' changba.com *.changba.com changba://*;img-src 'self' data: blob: *;media-src 'self' data: blob: * 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.iwantoneofthose.com/cspReport.txt; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; style-src 'unsafe-inline' fonts.googleapis.com https://kapitalbank.az https://livechat-static.brandembassy.com;font-src data: https://kapitalbank.az dq4irj27fs462.cloudfront.net https://fonts.gstatic.com https://livechat-static.brandembassy.com;connect-src wss://livechat-ws.brandembassy.com https://livechat-ws.brandembassy.com https://kapitalbank.az https://mc.yandex.ru https://onesignal.com https://www.facebook.com https://www.google-analytics.com; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-7e35ac21ff391192973cd706cb8642' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=9a804944-a950-47be-a3c1-e305dab93f12&version=34ffb8f2235021bdf63196a35d812040b87aaecd 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=deebe63e-c797-42dd-a079-2af455ba0edc 1
img-src * data:; 1
frame-ancestors www.comparasemplice.it www.sostariffe.it www.segugio.it tariffe.segugio.it enigaseluce.com; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss://socket.showtalk.jp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com api.payota.net t.skyscnr.com secde.trivago.com unpkg.com www.googletraveladservices.com www.tripadvisor.com www.kayak.com www.clicktripz.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com *.hotjar.com fonts.gstatic.com *.livetex.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io www.googleadservices.com sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.dynamicyield.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com a.cdn.intentmedia.net st.dynamicyield.com static.dynamicyield.com *.criteo.com a.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com *.g.doubleclick.net 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com; frame-src 'self' *.ostrovok.ru *.worldota.net *.zenhotels.com widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com www.google.com a.cdn.intentmedia.net www.tamgrt.com bid.g.doubleclick.net clickioadvd.com googleads.g.doubleclick.net www.facebook.com tpc.googlesyndication.com vars.hotjar.com vk.com staticxx.facebook.com; img-src * data:; report-uri /hc/csp 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b72d7f88-0228-41e4-b215-e172cf19718d 1
frame-ancestors 'self' https://onlineapplication.targobank.de https://onlineapplication.uat.targobank.de 1
default-src 'self' 'unsafe-inline' blob: *.atv.hu *.m.atv.hu pubads.g.doubleclick.net videa.hu tagcdn.com *.tagcdn.com s0.2mdn.net gemhu.adocean.pl gemadhu.hit.gemius.pl https://securepubads.g.doubleclick.net http://s0.2mdn.net https://s0.2mdn.net bs.serving-sys.com http://bs.serving-sys.com ds.serving-sys.com servedby.flashtalking.com hugde.adocean.pl gdehu.hit.gemius.pl daemon.indapass.hu embed.indavideo.hu *.2mdn.net *.adverticum.net *.doubleclick.net *.duelbox.com *.facebook.com *.fbcdn.net *.gemius.pl *.google.com *.googleapis.com *.googlesyndication.com *.googlevideo.com *.gstatic.com *.gvt1.com *.infogr.am *.instagram.com *.macromedia.com *.movementventures.com *.netadclick.com *.pollcaster.com *.rt.com *.twimg.com *.twitter.com *.vine.co *.youtube.com *.ytimg.com box.hirstart.hu coub.com dev.adsinteractive.hu fonts.googleapis.com fonts.gstatic.com http://193.68.62.125 http://193.68.62.126 http://nodes.stream.atv.hu nol.hu players.brightcove.net propeller.hu/ streamable.com t.co twimg.com twitter.com vine.co www.boombox.com www.dailymail.co.uk www.hetek.hu www.qzzr.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.atv.hu *.m.atv.hu *.jquery.com adsinteractive-794b.kxcdn.com adservice.google.at adservice.google.hu adsinteractive-794b.kxcdn.com tagcdn.com *.tagcdn.com s0.2mdn.net http://s0.2mdn.net https://s0.2mdn.net bs.serving-sys.com hugde.adocean.pl *.2mdn.net *.adform.net *.adocean.pl *.adverticum.net gdehu.hit.gemius.pl *.doubleclick.net *.duelbox.com *.facebook.net *.flowplayer.org *.gemius.pl *.google-analytics.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.serving-sys.com *.twimg.com *.twitter.com twimg.com twitter.com www.googletagservices.com ; img-src 'self' data: *.atv.hu *.m.atv.hu bs.serving-sys.com servedby.flashtalking.com tagcdn.com *.tagcdn.com green.erne.co *.2mdn.net *.adform.net *.adocean.pl hugde.adocean.pl *.adverticum.net *.cloudfront.net *.doubleclick.net *.duelbox.com *.facebook.com *.gemius.pl *.ggpht.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.serving-sys.com *.twimg.com *.twitter.com *.ytimg.com audit.median.hu dev.adsinteractive.hu nol.hu twimg.com twitter.com hugde.adocean.pl www.googletagservices.com ; style-src 'self' 'unsafe-inline' *.atv.hu *.m.atv.hu *.jquery.com servedby.flashtalking.com *.twitter.com *.twimg.com twimg.com twitter.com https://*.ytimg.com https://fonts.gstatic.com https://fonts.googleapis.com gemhu.adocean.pl gemadhu.hit.gemius.pl https://securepubads.g.doubleclick.net ; media-src 'self' blob: *.atv.hu *.m.atv.hu *.gvt1.com nodes.stream.atv.hu hugde.adocean.pl dev.adsinteractive.hu http://gemhu.adocean.pl videa.hu streamja.com www.instagram.com vid4u.org pubads.g.doubleclick.net 1
upgrade-insecure-requests; default-src https: blob: wss:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 1
frame-ancestors 'self' www.healthyliving.in.th 1
base-uri 'self'; connect-src 'self' https: wss://*.zopim.com; default-src 'self' https:; font-src 'self' https: data: *.cloudfront.net v2.zopim.com fonts.gstatic.com; img-src 'self' https: data: *.cloudfront.net *.speechstream.net fonts.googleapis.com; media-src * *.amazonaws.com youtube.com youtu.be; object-src 'none'; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' * http://s3-us-west-2.amazonaws.com/sscache.speechstream.net/SpeechCache/2990/book1/page1/Vocalizer_Expressive_Ava_Premium_High_22kHz40/*.xml *.googleapis.com *.google.com *.newrelic.com *.speechstream.net *.twitter.com *.twimg.com assets.clever.com assets.zendesk.com bam.nr-data.net code.jquery.com cdn.mxpnl.com https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js go.pardot.com goodworld.me googleadservices.com https://www.googleadservices.com/pagead/conversion.js google-analytics.com http://www.google-analytics.com/analytics.js googletagmanager.com https://www.googletagmanager.com/gtag/js maxcdn.bootstrapcdn.com v2.zopim.com; style-src 'self' https: blob: 'unsafe-inline' *.cloudfront.net *.speechstream.net *.twitter.com *.twimg.com assets.clever.com cdn-images.mailchimp.com 1
frame-ancestors www.mlssoccer.com *.mlsdigital.net *.mlssoccer.com *.mlsdev.net; 1
style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' *.thinglink.com cdn.thinglink.me *.tlsrv.net teams.microsoft.com *.teams.microsoft.com *.skype.com; 1
style-src data: blob: 'unsafe-inline' *;script-src 'self' *.googlesyndication.com *.google.com *.google.com.br *.doubleclick.net *.googletagmanager.com *.googletagservices.com *.google-analytics.com https://cdn.ampproject.org https://d31qbv1cthcecs.cloudfront.net https://whos.amung.us 'unsafe-inline'; base-uri 'self'; 1
block-all-mixed-content; referrer unsafe-url; report-uri https://www.lookfantastic.cn/cspReport.txt; 1
object-src 'none'; script-src 'nonce-QtrVp1EltcrXxoZ706eO' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com hire.withgoogle.com www.gstatic.com ssl.gstatic.com feedback.googleusercontent.com; img-src 'self' data: blob: www.google.com www.gstatic.com ssl.gstatic.com www.google-analytics.com about: hire.withgoogle.com drive-thirdparty.googleusercontent.com https://drive.google.com/viewerng/ feedback.googleusercontent.com https://storage.googleapis.com/bebop-app-blobs-prod/; frame-src 'self' data: www.google.com www.gstatic.com ssl.gstatic.com feedback.googleusercontent.com support.google.com accounts.google.com realtimesupport.clients6.google.com content.googleapis.com docs.google.com hire.withgoogle.com; font-src 'self' data: feedback.googleusercontent.com fonts.googleapis.com www.gstatic.com fonts.gstatic.com hire.withgoogle.com; media-src 'self' hire.withgoogle.com; connect-src 'self' data: wss://ws.hire.withgoogle.com/ hire.withgoogle.com https://storage.googleapis.com/ https://drive.google.com/viewerng/ https://www.google.com https://ssl.gstatic.com https://www.google-analytics.com https://us-central1-bebop-staging.cloudfunctions.net/reportError https://us-central1-bebop-production.cloudfunctions.net/reportError 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua  *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;frame-src 'self' recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.doubleclick.net *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com https://www.google.lv;img-src 'self' *.recreativ.ru *.recreativ.ru data: blob: https://via.placeholder.com/200x200 *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;font-src 'self' data: *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;style-src 'self' 'unsafe-inline' *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;report-uri //recreativ.ru/csp_report.php; 1
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com; script-src *.scryfall.com checkout.stripe.com www.google-analytics.com 'unsafe-eval'; img-src *.scryfall.com *.stripe.com www.google-analytics.com data:; font-src *.scryfall.com; manifest-src *.scryfall.com; connect-src api.scryfall.com scryfall.com www.google-analytics.com checkout.stripe.com; block-all-mixed-content; 1
frame-ancestors 'self' stageinsight.tax.deloitteonline.com stageinsight2.tax.deloitteonline.com 1
default-src ajax.googleapis.com www.google-analytics.com www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: 'self' https://d3ns5crcgwfodk.cloudfront.net/ https://cdn.vendocdn.com/ https://cdn.vendocdn.com/store/ https://secure.vend-o.com/; report-uri https://secure.vend-o.com/api/traffic-tracking/csp 1
default-src * wss: data: 'unsafe-inline' 'unsafe-eval' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.belfius.be https://assets.adobedtm.com https://maps.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com; 1
frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.bricoman.it *.wanadev.eu *.wanadev.com; 1
default-src https: data: script-src 'self' wss://127.0.0.1:*/ 'unsafe-inline' 'unsafe-eval' 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: https://tr.rdrtr.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://sanalmarket.api.useinsider.com https://*.bkmexpress.com.tr; style-src * 'unsafe-inline'; 1
connect-src 'self' opskins.com wss://opskins.com *.opskins.com *.opskins.media *.maxmind.com *.mmapiws.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tagmanager.google.com *.googleapis.com *.gstatic.com *.cloudflare.com www.google.com maxcdn.bootstrapcdn.com www.paypalobjects.com api.twitch.tv cdn.datatables.net *.cuptrk.com d10lpsik1i8c69.cloudfront.net djtflbt20bdde.cloudfront.net *.luckyorange.net bat.bing.com googlecommerce.com *.googlecommerce.com platform.twitter.com cdn.syndication.twimg.com connect.facebook.net *.braintreegateway.com *.paypal.com *.ads-twitter.com *.twitter.com *.gleam.io gleam.io *.trustpilot.com cdn.siftscience.com *.baidu.com *.opskins.win *.facebook.com *.yandex.ru opskins.com api.opskins.com *.opskins.com; script-src 'unsafe-inline' 'unsafe-eval' data: 'self' opskins.com wss://opskins.com *.opskins.com *.opskins.media *.maxmind.com *.mmapiws.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tagmanager.google.com *.googleapis.com *.gstatic.com *.cloudflare.com www.google.com maxcdn.bootstrapcdn.com www.paypalobjects.com api.twitch.tv cdn.datatables.net *.cuptrk.com d10lpsik1i8c69.cloudfront.net djtflbt20bdde.cloudfront.net *.luckyorange.net bat.bing.com googlecommerce.com *.googlecommerce.com platform.twitter.com cdn.syndication.twimg.com connect.facebook.net *.braintreegateway.com *.paypal.com *.ads-twitter.com *.twitter.com *.gleam.io gleam.io *.trustpilot.com cdn.siftscience.com *.baidu.com *.opskins.win *.facebook.com *.yandex.ru opskins.com api.opskins.com *.opskins.com 1
default-src 'self' 'unsafe-inline' *.jlelse.de 1
default-src 'self' 'unsafe-eval' *.tgdd.vn *.thegioididong.com *.dienmayxanh.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https: data:; font-src data: 'self' https:; frame-src 'self' *.facebook.com *.hotjar.com thegioididong.typeform.com *.sociaplus.com *.tgdd.vn *.thegioididong.com *.dienmayxanh.com https://googleads.g.doubleclick.net *.youtube.com youtube.com https://*.doubleclick.net *.facebook.com *.google.com; media-src 'self' *.youtube.com youtube.com *.tgdd.vn *.thegioididong.com *.dienmayxanh.com; connect-src 'self' https://track.accesstrade.vn https://*.ecotrackings.com https://*.delighted.com *.useinsider.com https://*.sociaplus.com *.thegioididong.com *.tgdd.vn wss://rtm.thegioididong.com *.facebook.com *.googleapis.com *.google-analytics.com; manifest-src 'self' https:; object-src 'self'; report-uri /csp-violation-report-endpoint/ 1
script-src 'report-sample' 'nonce-cH6nNmAU6oPG0peMNfyw+Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com runkit.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com runkit.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com cdn.jsdelivr.net embed.runkit.com; style-src 'self' cdn.jsdelivr.net; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com runkit.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com fonts.gstatic.com cdn.jsdelivr.net *.carbonads.com srv.carbonads.net adn.fusionads.net embed.runkit.com; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cf4acd6b-35b6-4d99-8a7f-d5bb361d2a94 1
default-src 'self' www.wiese.uni-konstanz.de www.uni-konstanz.de cms.uni-konstanz.de uni-konstanz.de www.youtube-nocookie.com player.vimeo.com www.biologie.uni-konstanz.de; frame-ancestors 'self'; font-src 'self' www.uni-konstanz.de uni-konstanz.de www.biologie.uni-konstanz.de; img-src 'self' piwik.uni-konstanz.de www.wiese.uni-konstanz.de lsf.uni-konstanz.de www.controllingdaten.uni.kn www.biologie.uni-konstanz.de data:; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.mathjax.org www.google.com www.controllingdaten.uni.kn www.uni-konstanz.de uni-konstanz.de www.biologie.uni-konstanz.de piwik.uni-konstanz.de; style-src 'self' 'unsafe-inline' www.google.com www.controllingdaten.uni.kn www.uni-konstanz.de uni-konstanz.de www.biologie.uni-konstanz.de; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=dc3b2f4c-9775-4707-971b-ae4426f8c794 1
referrer origin-when-cross-origin 1
referrer unsafe-url; source-src none 1
block-all-mixed-content; report-uri https://macrolibrarsiit.report-uri.io/r/default/csp/reportOnly 1
frame-ancestors https://www.coolinarika.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data:; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.booking.com *.rentalcars.com *.hotjar.com *.google.com *.youtube.com *.criteo.com *.facebook.com *.facebook.net *.doubleclick.net *.safetypay.com *.e-tsw.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.google-analytics.com *.googleapis.com *.fusion.com *.google.com *.google.se *.google.com.mx *.vivaaerobus.com *.facebook.com *.cloudflare.com *.ckeditor.com *.doubleclick.net *.placeholder.com *.googletraveladservices.com *.kayak.com *.criteo.com *.criteo.net *.yldr.io *.cartrawler.com services.paynet.com.mx api.openpay.mx ota-cars.imgix.net *.bing.com platform-api.sharethis.com cdn.apixu.com ts.tradetracker.net ad.soicos.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.fusion.com *.google.com *.google.com.mx maxcdn.bootstrapcdn.com *.vivaaerobus.com *.cloudflare.com *.hotjar.com *.googleapis.com *.ckeditor.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.googletagservices.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net *.fusion.com *.google-analytics.com *.google.se *.googletagmanager.com *.g.doubleclick.net *.facebook.net *.hotjar.com *.googleadservices.com *.ckeditor.com *.cloudfront.net *.boxever.com *.cdn.intentmedia.net *.google-analytics.com *.yldr.io *.gstatic.com *.criteo.com *.criteo.net a.intentmedia.net *.google.com.mx *.cartrawler.com bat.bing.com platform-api.sharethis.com cdn.apixu.com tm.tradetracker.net *.intentmedia.net; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.booking.com *.rentalcars.com *.hotjar.com *.google.com *.youtube.com *.criteo.com *.facebook.com *.facebook.net *.doubleclick.net *.safetypay.com *.e-tsw.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.bootstrapcdn.com *.gstatic.com *.cartrawler.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.fusion.com *.facebook.com *.google-analytics.com; form-action 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.vivaaerobus.com *.facebook.net *.facebook.com *.e-tsw.com;  1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:; 1
frame-ancestors 'self' *.psplugin.com vergic.com 1
object-src 'none';frame-src 'self';worker-src https://pony.town/sw.js;script-src 'unsafe-eval' https://pony.town/assets/scripts/bootstrap-4d77f90748.js https://pony.town/assets/scripts/bootstrap-es-e7cef0102d.js http://www.google-analytics.com https://www.google-analytics.com; 1
frame-ancestors 'self' rtvs.sk *.rtvs.sk rtvs.org *.rtvs.org 1
style-src 'self' 'unsafe-inline' funddata.triodos.com www2.triodos.com; img-src 'self' funddata.triodos.com p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com data:; font-src 'self' funddata.triodos.com data:; script-src 'self' 'nonce-84acbc4a-86a0-4bd1-9437-5fa64f58e601' funddata.triodos.com t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; default-src 'self' funddata.triodos.com video.triodos.com; 1
default-src 'self' http://co.tl2fast.com http://jsc.marketgid.com http://co.frankiesupport.com http://uldmare.com http://et-code.ru http://myvi.ru/ http://rutube.ru https://ok.ru http://*.google-analytics.com http://mc.yandex.ru http://ajax.googleapis.com https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru http://fs126.myvi.ru:8080 http://videoplayer.ru http://rt.rtl1.org http://*.rtl1.org *.rtl1.org wsp.marketgid.com *.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://a�-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://a�-nb.marketgid.com http://ad-nb.marketgid.com http://ag-nb.marketgid.com http://imgg.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com http://rtl1.net http://rt.rtl1.biz http://rt.tizerlady.work http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1vesta.com http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com https://*.twimg.com http://*.twimg.com https://*.twitter.com http://*.twitter.com https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru https://*.mail.ru http://*.mail.ru http://adobe.com http://*.adobe.com http://*.uptolike.com https://*.uptolike.com https://uptolike.ru http://uptolike.ru https://mc.yandex.ru http://rt.tizerlady.click http://yastatic.net https://vk.com http://vk.com https://twitter.com http://twitter.com http://awaps.yandex.ru; style-src 'unsafe-inline' *; frame-src 'self' http://co.tl2fast.com http://jsc.marketgid.com http://co.frankiesupport.com http://et-code.ru http://myvi.ru/ http://*.nomoreproblems.me http://rutube.ru https://ok.ru http://rt.tizerlady.work http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1vesta.com http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://*.lcads.ru http://n.cashandfavor.ru http://n.busyprice.ru http://n.servemoney.ru http://n.levelpay.ru http://n.goodkind.ru http://n.cashheaven.ru http://n.moneytrap.ru http://n.pandre10.ru http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com https://twitter.com http://twitter.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com https://*.twimg.com http://*.twimg.com https://*.twitter.com http://*.twitter.com https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com http://*.uptolike.com https://*.uptolike.com https://uptolike.ru http://uptolike.ru http://lc2ads.ru http://*.lc2ads.ru http://uk.tizerlady.com https://*.mail.ru http://*.mail.ru http://vk.com http://*.vk.com https://vk.com https://*.vk.com https://vkontakte.ru https://*.vkontakte.ru http://*.marketgid.com https://mc.yandex.ru http://awaps.yandex.ru http://rt.tizerlady.click http://*.tizerlady.click http://marketgid.com https://twimg.com http://twimg.com http://yastatic.net; img-src * data:; media-src *; font-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://co.frankiesupport.com http://uldmare.com https://ok.ru http://ajax.googleapis.com http://mc.yandex.ru http://*.recreativ.ru http://recreativ.ru https://myvi.ru http://myvi.ru https://*.myvi.ru http://*.myvi.ru http://videoplayer.ru http://rt.rtl1.org http://*.rtl1.org *.rtl1.org wsp.marketgid.com *.marketgid.com http://*.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://a�-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://a�-nb.marketgid.com http://ad-nb.marketgid.com http://ag-nb.marketgid.com http://imgg.marketgid.com http://*.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com http://rtl1.net http://rt.rtl1.biz http://rt.tizerlady.work http://block.s1venus.org  http://block.s1venus.com http://block.s1venus.biz http://block.s1vesta.com http://block.s1block.com http://block.s3block.com http://block.s2block.com http://block.s4block.com http://cdn.s1venus.org http://cdn.s1venus.com http://cdn.s1venus.biz http://cdn.s1vesta.com http://cdn.s1block.com http://cdn.s3block.com http://cdn.s2block.com http://cdn.s4block.com http://uk.tizerlady.com http://rtl.tizerlady.pw http://rt.tizerlady.win http://rtl.tizerlady.party https://*.api.twitter.com http://*.api.twitter.com http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://*.mail.ru http://*.mail.ru http://*.uptolike.com https://*.uptolike.com https://uptolike.ru http://uptolike.ru https://counter.yadro.ru http://counter.yadro.ru http://uk.tizerlady.com http://lc2ads.ru http://*.lc2ads.ru http://yandex.st http://rt.tizerlady.click https://*.mail.ru http://jsc.marketgid.com http://marketgid.com http://*.marketgid.com http://*.ladycash.ru http://*.tizerlady.ru http://tizerlady.ru http://rt.tizerlady.click http://*.tizerlady.click http://tizerlady.click https://mc.yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://yastatic.net https://*.facebook.net https://*.ok.ru https://my2.imgsmail.ru https://*.google.com https://*.twitter.com http://*.twitter.com https://twitter.com http://twitter.com https://*.twimg.com http://*.twimg.com http://*.lcads.ru http://n.cashandfavor.ru http://n.busyprice.ru http://n.servemoney.ru http://n.levelpay.ru http://n.goodkind.ru http://n.cashheaven.ru http://n.moneytrap.ru http://n.pandre10.ru https://vk.com http://vk.com; connect-src 'self' http://jsc.marketgid.com https://ok.ru wsp.marketgid.com *.marketgid.com http://*.marketgid.com http://marketgid.com https://marketgid.com http://cdn.marketgid.com http://jsc.marketgid.com http://counter.yadro.ru http://aa-gb.marketgid.com http://ab-gb.marketgid.com http://a�-gb.marketgid.com http://ad-gb.marketgid.com http://ag-gb.marketgid.com http://ai-gb.marketgid.com http://aa-nb.marketgid.com http://ab-nb.marketgid.com http://a�-nb.marketgid.com http://ad-nb.marketgid.com http://ag-nb.marketgid.com http://imgg.marketgid.com http://*.marketgid.com http://fonts.gstatic.com http://c.marketgid.com http://counter.tovarro.com https://*.facebook.com http://*.facebook.com https://facebook.com http://facebook.com http://recreativ.ru http://*.recreativ.ru http://rt.tizerlady.click http://jsc.marketgid.com http://*.marketgid.com http://vk.com http://*.vk.com https://vk.com https://*.vk.com http://*.yandex.st https://yastatic.net http://mc.yandex.ru http://yandex.st http://yastatic.net https://mc.yandex.ru http://*.tizerlady.click http://*.yandex.net http://yandex.net http://*.facebook.net http://*.ok.ru http://my2.imgsmail.ru http://*.google.com https://*.twitter.com http://*.twitter.com https://*.twimg.com http://*.twimg.com http://rt.rtl1.org http://*.rtl1.org *.rtl1.org http://fs126.myvi.ru:8080 http://videoplayer.ru http://tizerlady.click; 1
upgrade-insecure-requests; base-uri 'none'; object-src 'none'; img-src *; frame-src https:; script-src 'self' 'unsafe-inline' https://www.xrel.to https:; style-src 'self' 'unsafe-inline' https://www.xrel.to https:; default-src 'self' https://www.xrel.to https:; frame-ancestors 'self' 1
default-src 'self' moiprogrammy.com;style-src 'self' 'unsafe-inline' https://vk.com http://vk.com https://ajax.googleapis.com http://ajax.googleapis.com;frame-src 'self' https://vk.com http://vk.com https://*.doubleclick.net http://*.doubleclick.net https://*.yastatic.net http://*.yastatic.net https://yastatic.net http://yastatic.net;media-src 'self';connect-src 'self' https://*.yandex.ru http://*.yandex.ru;font-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com http://ajax.googleapis.com https://vk.com http://vk.com http://*.googlesyndication.com https://*.googlesyndication.com https://*.yandex.ru http://*.yandex.ru https://*.google.de http://*.google.de https://*.google.ru http://*.google.ru https://*.google.com http://*.google.com https://*.google.com.ua http://*.google.com.ua https://*.yastatic.net http://*.yastatic.net https://yastatic.net http://yastatic.net;img-src 'self' http://counter.yadro.ru https://counter.yadro.ru https://vk.com http://vk.com https://*.yandex.net http://*.yandex.net https://*.yandex.ru http://*.yandex.ru data: blob: filesystem:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-04a85e87a9f38c87e25dcc27952d7a' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=9ab895b6-917f-45fd-befb-6eb269af8654&version=df507506fab90b586a0c098cfae7b9995f2450e7 1
script-src 'self'  'unsafe-inline' 'nonce-PEmikbsakkZLVmaJbZPGXQ==' *.faithlifecdn.com *.faithlife.com api.reftagger.com serve.faithlifeads.com platform.twitter.com *.google.com connect.facebook.net cdn.syndication.twimg.com www.googletagmanager.com www.google-analytics.com reftaggercdn.global.ssl.fastly.net cdnjs.cloudflare.com netdna.bootstrapcdn.com *.live.net cdn.amplitude.com cdn.raygun.io request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com maps.googleapis.com www.gstatic.com cdn.siftscience.com; object-src 'none'; base-uri 'none' 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
object-src 'self'; connect-src 'self';frame-ancestors 'self' 1
default-src blob: https: 'self' ; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' ; style-src 'unsafe-inline' https: 'self'; img-src https: data: 'self' 1
frame-ancestors 'self' ien.edu.sa ibs.ien.edu.sa vcr.ien.edu.sa mobile.ien.edu.sa auth.ien.edu.sa moelms.ien.edu.sa vlc.ien.edu.sa; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.googleapis.com www.google-analytics.com *.google.com www.googletagmanager.com *.addthis.com assets.zendesk.com *.newrelic.com *.nr-data.net www.vicroads.vic.gov.au *.mailchimp.com cdn.monsido.com; img-src * data:; style-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.googleapis.com www.vicroads.vic.gov.au;frame-src 'self' *.google.com *.addthis.com feedback.userreport.com *.youtube.com *.sitecore.net blob:;font-src 'self' fonts.gstatic.com; connect-src 'self' *.vicroads.vic.gov.au *.funnelback.com 1
default-src 'self'; style-src 'self'; object-src 'none'; frame-src 'none'; media-src * http://*; connect-src * http://* 1
frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src http: 1
default-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-XnAaswVPzO' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' checkout.stripe.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' checkout.stripe.com;frame-src 'self' checkout.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com;img-src * data:; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=45d7cd9f-834e-4d53-bd1e-be9f6c4ac61b 1
frame-ancestors https://www.optimizely.com/ https://mixpanel.com/ http://www.kayak.com.hk/ https://www.kayak.com.hk/ http://www.momondo.hk/ https://www.momondo.hk/ http://www.cheapflights.com.hk/ https://www.cheapflights.com.hk/ 1
frame-ancestors self *.moneyweb.co.za http://preview.moneyweb-2.instantmagazine.com http://moneyweb-2.instantmagazine.com *.instantmagazine.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://static.liqpay.com https://static.liqpay.ua https://w.liqpay.ua https://cdn.liqpay.ua https://img.liqpay.ua https://www.liqpay.ua https://sentry.microaws.com https://*.sender.mobi https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.youtube-nocookie.com https://crm.privatbank.ua/service/Incut https://masterpass.com https://static.masterpass.com  https://pin.privatbank.ua https://socauth.privatbank.ua https://discount.pb.ua/inet https://*.checkout.visa.com https://*.masterpassturkiye.com https://channelapi.liqpay.ua wss://channelapi.liqpay.ua; frame-ancestors 'self' https://invoice.privatbank.ua https://telegram.org 1
frame-ancestors 'self' vk.com ; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/brides 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:  1
default-src 'none'; script-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com ci.appveyor.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.slideshare.net www.youtube.com; child-src 'self' www.slideshare.net www.youtube.com; manifest-src 'self'; base-uri 'self'; frame-ancestors 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.prestocard.ca *.gotransit.com *.google.com *.gstatic.com fonts.gstatic.com *.googleapis.com maps.google.com *.creativevirtual15.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com ssl.google-analytics.com www.google-analytics.com maps.google.com maps.googleapis.com http://maps.google.com www.google.com www.google.com/recaptcha ajax.googleapis.com *.creativevirtual15.com; img-src 'self' *.prestocard.ca www.google-analytics.com ssl.google-analytics.com csi.gstatic.com *.creativevirtual15.com data:; connect-src 'self' *.prestocard.ca wss: *.creativevirtual15.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com http://fonts.googleapis.com *.google.com *.creativevirtual15.com; font-src 'self' fonts.gstatic.com *.creativevirtual15.com data:  1
default-src 'self'  googleads.g.doubleclick.net www.google-analytics.com app-eu.readspeaker.com f1-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com https://r3.talklets-secure.com r3.talklets-secure.com spellzone.youcanbook.me www.youtube.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com ajax.googleapis.com adservice.google.com adservice.google.co.uk f1-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com https://r3.talklets-secure.com www.googleapis.com player.vimeo.com;  img-src 'self' data: storage.googleapis.com pagead2.googlesyndication.com www.google-analytics.com  f1-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com chart.googleapis.com/chart; style-src 'self' 'unsafe-inline' app-eu.readspeaker.com f1-eu.readspeaker.com;  font-src 'self' fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://uxdesign.cc https://*.uxdesign.cc https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'none'; base-uri 'self'; child-src 'self' ghbtns.com; connect-src 'self'; font-src 'self'; form-action 'self' www.paypal.com; frame-ancestors 'none'; frame-src 'self' ghbtns.com; img-src 'self' data: www.google-analytics.com *.githubusercontent.com; manifest-src 'self'; script-src 'self' www.google-analytics.com; style-src 'self'; require-sri-for script style; upgrade-insecure-requests; report-uri https://mpchc.report-uri.com/r/d/csp/enforce 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0055a993-d12e-4eda-8065-89803d376761 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cae85729-3330-482c-9d18-d563522656e9 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=7fb98046-bac5-4af7-a88b-b462b7497dec 1
frame-ancestors https://tongji.baidu.com; 1
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=713e090f-8c11-4a38-8ef1-d464bc4191bb 1
default-src https: 'unsafe-inline' 'unsafe-eval'; media-src blob: https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: https: 'unsafe-inline' 'unsafe-eval';font-src data: 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.youtube.com https://*.youtube.com; script-src https://*.rontar.com https://mobjs.b-cdn.net http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.googletagmanager.com http://*.googleadservices.com https://*.googleadservices.com http://*.googletagservices.com https://*.googletagservices.com http://google-analytics.com https://google-analytics.com http://*.google-analytics.com https://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.googleapis.com https://*.googleapis.com http://*.google.com https://*.google.com http://vk.com https://vk.com http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com 'unsafe-inline' 'unsafe-eval' 'self'; object-src http://*.googlesyndication.com https://*.googlesyndication.com 'self'; style-src https://adcode.rontar.com https://mobjs.b-cdn.net https://mobimg.b-cdn.net https://www.google.com http://*.googleapis.com https://*.googleapis.com 'unsafe-inline'; media-src data: tones.mob.org ru.ringtones.mob.org fr.ringtones.mob.org es.ringtones.mob.org ringtones.mob.org.ru ringtones.mob.org.ua ringtones.mob.com.de ringtones.mob.org.pt ringtones.mob.org.cn ringtones.mob.gr.jp http://ahandfulof.me; img-src data: https://ssp.adriver.ru https://*.rontar.com https://images.mob.org https://mobimg.b-cdn.net https://mobjs.b-cdn.net http://i.ytimg.com https://i.ytimg.com http://*.google-analytics.com https://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://vk.com https://vk.com https://mob.org http://*.facebook.com https://*.facebook.com http://*.googleapis.com https://*.googleapis.com http://*.doubleclick.net https://*.doubleclick.net http://check.googlezip.net http://img.youtube.com https://img.youtube.com; child-src https://i.ohbah.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://gstatic.com https://gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.doubleclick.net https://*.doubleclick.net http://youtube.ru https://youtube.ru http://youtube.com https://youtube.com http://*.youtube.ru https://*.youtube.ru http://*.youtube.com https://*.youtube.com http://vk.com https://vk.com http://*.facebook.com https://*.facebook.com 'self'; worker-src 'self'; frame-src https://mobimg.b-cdn.net https://i.ohbah.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://gstatic.com https://gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.google.com https://*.google.com http://*.doubleclick.net https://*.doubleclick.net http://youtube.ru https://youtube.ru http://youtube.com https://youtube.com http://*.youtube.ru https://*.youtube.ru http://*.youtube.com https://*.youtube.com http://vk.com https://vk.com http://*.facebook.com https://*.facebook.com; font-src data: https://mobjs.b-cdn.net http://fonts.gstatic.com https://fonts.gstatic.com; connect-src http://*.googleapis.com https://*.googleapis.com http://*.googlesyndication.com https://*.googlesyndication.com https://googleads.g.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://*.facebook.net https://*.facebook.net http://ahandfulof.me 'self'; report-uri https://mob.org/cspcollector.php 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://uxplanet.org https://*.uxplanet.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors entertainment.unitymedia.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b477fdd3-7351-451e-b894-e855280d1701 1
object-src 'self'; frame-ancestors win2day.at lottery.co.at; script-src 'nonce-797987f5a7c66614b1e41ce1fff3a324' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: tagmanager.google.com; report-uri /html/cspReport.jsp 1
frame-ancestors *.vente-exclusive.com 1
frame-ancestors 'self' http://www.philips.ru *.philips.com *.philips.ru 1
default-src 'self' *.boozt.com *.booztcdn.com *.booztx.com *.klarna.com; script-src 'self' data: blob: *.boozt.com *.booztcdn.com *.booztx.com *.hotjar.com *.zenaps.com 7276578.collect.igodigital.com d38knilzwtuys1.cloudfront.net bat.bing.com www.googletagmanager.com www.google-analytics.com storage.googleapis.com track.adform.net *.klarna.com *.klarnacdn.net bam.nr-data.net www.snapengage.com www.googleadservices.com www.barilliance.net widget.criteo.com static.criteo.net s3.amazonaws.com connect.facebook.net googleads.g.doubleclick.net cm.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com sslwidget.criteo.com widget.eu.criteo.com www.dwin1.com www.gstatic.com hst.tradedoubler.com swrap.tradedoubler.com tag.smartly.io dis.criteo.com www.awin1.com cdn.siftscience.com e.issuu.com bat.bing.com atemda.com 'unsafe-eval' 'unsafe-inline'; font-src 'self' *.boozt.com *.booztcdn.com *.booztx.com fonts.gstatic.com cdnjs.cloudflare.com data:; img-src https: data: blob: 'unsafe-inline'; connect-src 'self' *.boozt.com *.booztcdn.com *.booztx.com  stats.g.doubleclick.net code.jquery.com *.klarna.com *.klarnacdn.net *.hotjar.com bam.nr-data.net www.snapengage.com dawa.aws.dk www.google-analytics.com translate.googleapis.com wss://www.boozt.com wss://ws3.hotjar.com partner.revieve.com; child-src 'self' dis.eu.criteo.com www.google-analytics.com; frame-src 'self' *.boozt.com *.booztcdn.com *.booztx.com *.hotjar.com *.zenaps.com track.adform.net dis.eu.criteo.com bid.g.doubleclick.net gum.criteo.com static.criteo.net staticxx.facebook.com www.facebook.com player.vimeo.com web.facebook.com *.klarna.com *.klarnacdn.net www.prisjakt.nu www.googletagmanager.com e.issuu.com; style-src 'self' *.boozt.com *.booztcdn.com *.booztx.com fonts.googleapis.com d38knilzwtuys1.cloudfront.net data: 'unsafe-inline';  manifest-src 'self' *.boozt.com *.booztcdn.com *.booztx.com; media-src storage.googleapis.com www.snapengage.com; report-uri https://boozt.report-uri.com/r/d/csp/enforce 1
connect-src 'self' https://sgwidget.leaderapps.co;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;frame-ancestors chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd;frame-src https://player.vimeo.com https://boards.greenhouse.io https://www.youtube.com;img-src 'self' https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://www.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' https://analytics.brave.com https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com https://sgwidget.leaderapps.co;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
frame-ancestors 'self' https://hoeffner.de http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 1
report-uri //0lik.ru/s/ss.php; default-src 'self' *.0lik.ru 0lik.ru mc.yandex.ru; connect-src 'self' *.0lik.ru 0lik.ru *.mail.ru api.depositphotos.com mc.yandex.ru mc.yandex.ua https://*.yandex.ru syndication.twitter.com www.google-analytics.com https://yastatic.net https://login.vk.com; child-src 'self' *.0lik.ru 0lik.ru; font-src 'self' data: *.0lik.ru 0lik.ru fonts.gstatic.com; form-action 'self' *.0lik.ru 0lik.ru; frame-ancestors 'self' *.0lik.ru 0lik.ru; frame-src 'self' 'unsafe-inline' about: https://vk.com vk.com *.youtube.com *.google.com https://st.yandexadexchange.net yastatic.net connect.ok.ru platform.twitter.com apis.google.com *.facebook.com accounts.google.com https://api.vk.com; img-src 'self' data: *.0lik.ru 0lik.ru vk.com *.depositphotos.com *.akamaihd.net *.yadro.ru *.mail.ru *.yandex.net mc.yandex.ru mc.yandex.ua *.rambler.ru www.google-analytics.com https://an.yandex.ru *.yandex.ru *.facebook.com *.twitter.com *.gstatic.com; media-src 'self' *.0lik.ru 0lik.ru *.akamaihd.net; object-src 'self' *.0lik.ru 0lik.ru about: stg.odnoklassniki.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.0lik.ru 0lik.ru *.akamaihd.net fotovramku.ru *.googleapis.com userapi.com vk.com stg.odnoklassniki.ru *.depositphotos.com st.mycdn.me yandex.st an.yandex.ru mc.yandex.ru mc.yandex.ua *.rambler.ru *.mail.ru www.google-analytics.com connect.ok.ru yastatic.net connect.facebook.net platform.twitter.com apis.google.com https://www.google.com *.google.com https://www.gstatic.com *.gstatic.com *.googletagmanager.com https://api.vk.com; style-src 'self' 'unsafe-inline' *.0lik.ru 0lik.ru *.akamaihd.net stg.odnoklassniki.ru st.mycdn.me *.depositphotos.com fonts.googleapis.com; 1
script-src https: http: 'unsafe-eval' 'unsafe-inline'; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a30cfa24-2b4d-4939-b583-164449286e56 1
frame-ancestors https://fressnapf.marketing.adobe.com https://confluence.fressnapf.de https://*.fnfarm.de app.fressnapf.de; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.facebook.com *.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://eum.danskebank.com https://owner-service-dev.sunday.dk https://api.june.dk https://api.test.june.dk https://beregnerservice.klogem2.dk; object-src 'self' *.qbrick.com; frame-src 'self' https://android.com https://windowsphone.com *.qbrick.com *.112.2o7.net *.danskebank.dk *.danid.dk *.facebook.com *.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://eum.danskebank.com https://cloud-emea.analytics-egain.com https://onlineapi.danskenet.com:8600; report-uri /api/csp-report; 1
default-src 'self'; script-src *.diginetica.net *.google-analytics.com mc.yandex.ru *.shoppilot.ru *.maps.yandex.net api-maps.yandex.ru suggest-maps.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.shoppilot.ru api-maps.yandex.ru cdn.diginetica.net 'self' 'unsafe-inline' 'unsafe-eval'; img-src counter.yadro.ru *.diginetica.net *.cloudfront.net yastatic.net/market-export/ *.google-analytics.com mc.yandex.ru *.shoppilot.ru api-maps.yandex.ru *.maps.yandex.net yandex.ru/clck/counter* status.icq.com data: 'self';connect-src *.diginetica.net mc.yandex.ru *.fastly.net www.google-analytics.com omnibox.shoppilot.ru suggestions.dadata.ru 'self';child-src api-maps.yandex.ru omnibox.shoppilot.ru blob: 'self';frame-src api-maps.yandex.ru get.shoppilot.ru omnibox.shoppilot.ru 'self';font-src 'self' fonts.gstatic.com;frame-ancestors webvisor.com 'self';worker-src blob: 'self'; report-uri https://www.regard.ru/csp.php 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=5a582f20-a142-42f0-83e6-cd86402fcd47 1
default-src https://tpc.googlesyndication.com 'self'; img-src data: https://pagead2.googlesyndication.com https://click.topturizm.ru https://d2ttnongggltje.cloudfront.net https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://matchid.adfox.yandex.ru https://*.adfox.ru http://banners.adfox.ru https://hexagon-analytics.com https://stats.g.doubleclick.net https://s.youtube.com https://www.kayak.com https://*.facebook.com https://*.clicktripz.com https://*.amazonaws.com https://*.gstatic.com https://*.googleapis.com https://img.twiket.cfafom.ua https://media.expedia.com https://www.google-analytics.com https://servedbyadbutler.com https://b.siftscience.com https://usage.trackjs.com https://*.amadeus.com https://*.onetwotrip.com https://*.google.com https://www.google.ru https://googleads.g.doubleclick.net https://ads.otthyper.com https://*.rackcdn.com https://*.mapbox.com https://*.bstatic.com https://img.twiket.com.ua https://cdn.cartrawler.com https://t.skyscnr.com https://www.tcsbank.ru https://level.travel https://*.4sqi.net https://d2f9dw3b0opbul.cloudfront.net https://www.sixt.de https://*.olt.su https://s3.level.travel https://static.europcar.com https://vk.com https://an.yandex.ru https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net 'self'; script-src https://partner.tophotels.ru https://banners.adfox.ru https://top-fwz1.mail.ru https://onesignal.com https://*.onesignal.com https://*.doubleclick.net https://*.clicktripz.com https://matchid.adfox.yandex.ru https://ads.adfox.ru https://cm.g.doubleclick.net https://npmcdn.com https://connect.mail.ru https://static.olark.com https://*.gstatic.com https://www.odnoklassniki.ru https://connect.ok.ru https://*.facebook.net https://*.facebook.com https://*.amazonaws.com https://*.googleapis.com https://*.addthis.com https://yastatic.net https://t.skyscnr.com https://*.criteo.com https://static.criteo.net https://*.google.com https://www.googleadservices.com https://*.otthyper.com https://www.google-analytics.com https://www.googletagservices.com https://adservice.google.ru https://cdn.ampproject.org https://pagead2.googlesyndication.com https://*.onetwotrip.com https://vk.com https://ad.doubleclick.net https://www.tns.counter.ru https://bs.serving-sys.com https://adriver.ru https://gemius.pl https://weborama.com https://*.splitmetrics.com https://dalusewymm5m7.cloudfront.net 'sha256-utHc6W9laKQHu5xsLu1xARK9SQYmXAGZXILalXWGxz8=' 'sha256-1Or2VH0kql7x3gN+87qaHju89Itr/rcx6bpPFu198zQ=' 'sha256-p7nQGNQEohY7G1H6o93fX6NFaUa+A/SiAcN6mQuxH4o=' 'sha256-51dKTyKrLcz8MhX/6XCGr5Tjhzfp7rWqP7aIuLrgxyQ=' 'sha256-LP8uL4i/yWS8TBwu1iOHbShuOAjFOl9HIi3JWv4Wu58=' 'sha256-nZZ0G6b2JMj1bwBOwRlSzWg2x+CUY8SLGKU4JJk7If0=' 'sha256-hY0cT0H4W6x5ZeyI+kD0ST9hFPbAlt2F8MewCJPYgZc=' 'sha256-t52AuL92b6JVwnJ2H57wblwrztHgLOiFIZuktVwFWKU=' 'self' 'unsafe-eval'; frame-src https://*.revo.ru https://*.revoplus.ru https://*.booking.com https://*.google.com https://*.criteo.com https://*.facebook.com https://secure.payture.com https://kviku.ru https://*.onetwotrip.com https://static.criteo.net https://www.tcsbank.ru https://level.travel https://ott-static.s3.eu-central-1.amazonaws.com 'self'; connect-src https://securepubads.g.doubleclick.net https://csi.gstatic.com https://ads.adfox.ru https://translate.yandex.net https://servedbyadbutler.com https://*.onetwotrip.com https://ads.otthyper.com https://capture.trackjs.com https://*.youtube.com https://www.google-analytics.com https://www.tcsbank.ru https://connect.mail.ru https://onesignal.com https://*.onesignal.com https://*.blablacar.com https://*.clicktripz.com https://top-fwz1.mail.ru https://*.splitmetrics.com 'self'; style-src https://partner.tophotels.ru https://npmcdn.com https://*.amazonaws.com https://*.googleapis.com https://onesignal.com https://*.onesignal.com https://*.facebook.com https://partner.onetwotrip.com 'self' 'unsafe-inline'; font-src https://static.onetwotrip.com https://fonts.gstatic.com https://partner.onetwotrip.com 'self'; form-action *; report-uri https://www.onetwotrip.com/_api/statistics/addCSPR; object-src https://ott-static.s3.eu-central-1.amazonaws.com; frame-ancestors https://*.onetwotrip.com https://vk.com https://m.vk.com 'self'; 1
default-src * data: blob:;img-src * about: https: data: blob:;child-src *.lvmama.com *.baifendian.com http: https:;script-src *.uflys.com *.qiyukf.com *.criteo.com *.criteo.net *.bokecc.com *.qhimg.com *.bdimg.com *.lvmama.com *.lvjs.com.cn *.alicdn.com *.alimama.com *.baidu.com *.ipinyou.com *.mediav.com *.google-analytics.com *.baifendian.com *.p0y.cn *.w3t.cn *.de.coremetrics.com *.cn.coremetrics.com *.gtags.net *.zampda.net *.google.cn *.fraudmetrix.cn *.geetest.com *.gridsumdissector.com 'unsafe-inline' 'unsafe-eval' https: data: blob:;style-src * https: data: 'unsafe-inline';connect-src * wss:; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8c005627-5dac-4935-91e9-cbb72adf5389 1
upgrade-insecure-requests; default-src cdn1.svenskaspel.net;script-src 'self' cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://connect.facebook.net track.adform.net tb.de17a.com https://*.tradedoubler.com 'unsafe-inline' 'unsafe-eval';style-src fonts.googleapis.com 'self' 'unsafe-inline' cdn1.svenskaspel.net tagmanager.google.com;img-src https://api.www.svenskaspel.se 'self' data: cdn1.svenskaspel.net api.www.svenskaspel.se www.google-analytics.com https://www.facebook.com tb.de17a.com https://*.tradedoubler.com *.cloudfront.net *.solidtango.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn1.svenskaspel.net data:;media-src 'none';frame-src 'self' svsinhouse-se.loopiasecure.com api.www.svenskaspel.se https://www.facebook.com https://connect.facebook.net https://*.tradedoubler.com tb.de17a.com *.solidtango.com;object-src 'none';frame-ancestors 'none';worker-src 'none';connect-src 'self' https://api.www.svenskaspel.se cdn1.svenskaspel.net api.www.svenskaspel.se wss://api.www.svenskaspel.se www.google-analytics.com; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://jw-webmagazine.com https://*.jw-webmagazine.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
connect-src 'self'   *.pinimg.com *.pinterest.com *.branch.io *.facebook.com cdn.ampproject.org *.cdn.ampproject.org pinterest-media-upload.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob:; media-src 'self' *.pinimg.com blob: data:; object-src 'self' h.online-metrix.net; prefetch-src *; script-src 'nonce-ooiUKwMcvL' 'strict-dynamic' 'report-sample' 'self'  *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /_/_/csp_report/ 1
media-src *; img-src 'self' data: blob: filesystem: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com *.amazonaws.com *.google.com http://ps.w.org http://i0.wp.com http://i1.wp.com *.gravatar.com *.googleapis.com *.gstatic.com http://www.google-analytics.com *.twitter.com *.twimg.com https://dly4mho8u118u.cloudfront.net https://stats.g.doubleclick.net https://v2.zopim.com https://dashboard.zopim.com https://imp2.ads.linkedin.com *.google.fr http://ck-wwwcorp.s3.amazonaws.com http://dly4mho8u118u.cloudfront.net https://learningwire.crossknowledge.com https://ssl.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crossknowledge.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com http://s7.addthis.com *.google.com *.google.fr *.googleapis.com www.google-analytics.com *.twitter.com https://cdn.syndication.twimg.com https://code.jquery.com http://maps.google.com https://maps.googleapis.com http://maps.googleapis.com https://static.hotjar.com https://app-lon02.marketo.com https://static.ads-twitter.com https://connect.facebook.net https://munchkin.marketo.net https://www.googleadservices.com https://snap.licdn.com https://v2.zopim.com https://cdn.jsdelivr.net https://www.geoplugin.net https://js-agent.newrelic.com https://script.hotjar.com https://googleads.g.doubleclick.net https://dc.ads.linkedin.com https://px.ads.linkedin.com https://bam.nr-data.net https://www.bizographics.com https://eu-west-1.dc.ads.linkedin.com https://secure.adnxs.com https://insights.hotjar.com *.marketo.com http://d3d8qnlcu0b7xk.cloudfront.net https://d3d8qnlcu0b7xk.cloudfront.net http://static.ads-twitter.com http://munchkin.marketo.net https://www.googletagmanager.com https://ssl.google-analytics.com https://cdn.polyfill.io https://dashboard.zopim.com https://djtflbt20bdde.cloudfront.net https://mastertag.effiliation.com https://track.effiliation.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.google.com *.jsdelivr.net https://app-lon02.marketo.com http://app-lon02.marketo.com; 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net http://tagmanager.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com www.googleadservices.com *.webtrends.com *.webtrendslive.com https://assets.contentstack.io http://51.140.158.21 *.bkrtx.com *.serving-sys.com https://secure.adnxs.com analytics.freespee.com https://fonts.googleapis.com d1q62gfb8siqnm.cloudfront.net/911839/wt_capi.js wtosc.s3.amazonaws.com connect.facebook.net mpp2.vindicosuite.com *.en25.com 'unsafe-inline' 'unsafe-eval';child-src 'none';img-src 'self' https://www.google-analytics.com *.webtrends.com *.webtrendslive.com *.oracleinfinity.io adservice.google.com *.eloqua.com https://secure.fastclick.net https://secure.adnxs.com https://www.google.com https://www.google.co.uk https://secure-media.msg.dotomi.com *.gstatic.com  insight.adsrvr.org aax-eu.amazon-adsystem.com ad.doubleclick.net www.facebook.com data:;font-src 'self' https://fonts.gstatic.com data:;connect-src 'self' *.digitalsse.cloud *.sse.co.uk https://fk-contentstack-watch.herokuapp.com/ wss://fk-contentstack-watch.herokuapp.com/ ws://localhost:5000/ *.webtrendslive.com *.oracleinfinity.io;frame-src https://www.youtube.com *.bkrtx.com *.bluekai.com player.vimeo.com secure.img-cdn.mediaplex.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/golfdigest 1
frame-ancestors 'self' *.virginmoney.com; 1
default-src 'self';
    style-src 'self' 'unsafe-inline' *.google-analytics.com *.crisp.chat;
    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google-analytics.com *.crisp.chat *.crisp.im;
    img-src * data:;
    font-src 'self' *.crisp.chat data:;
    connect-src *;
   1
default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com  yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' google.com google.com.ua *.google.com.ua maps.google.com *.doubleclick.net doubleclick.net *.googletagmanager.com googletagmanager.com *.google.com google-analytics.com *.google-analytics.com youtube.com *.youtube.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com *.globus-inter.com *.globus.today gravatar.com *.gravatar.com wp.com *.wp.com *.pluso.ru *.yadro.ru *.kitbit.net *.facetz.net code.jquery.com *.marketgid.com *.tovarro.com *.yadro.ru etcodes.com *.etcodes.com surfearner.com *.surfearner.com traffic-media.co *.traffic-media.co data: blob:; 1
frame-ancestors 'self' https://optimize.google.com  ; report-uri https://d2689ebe5e29efe933d4a847c25ddecd.report-uri.com/r/d/csp/enforce 1
default-src 'self'; child-src assets.braintreegateway.com tst.kaptcha.com ssl.kaptcha.com kaptcha.com; connect-src wss://notifier.bitskins.com:8443 wss://notifiter.bitskins.com:443 wss://notifier.bitskins.com 'self' google-analytics.com www.google-analytics.com api.sandbox.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src https: data:; media-src renders.bitskins.com dev.bitskins.com bitskins.com www.bitskins.com; object-src 'none'; script-src 'self' www.google-analytics.com cdnjs.cloudflare.com js.pusher.com cdn.transifex.com js.braintreegateway.com api.sandbox.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analystics.braintreegateway.com connect.facebook.net 'sha256-1IfELpzRHbXzx+sQ07Ue15t9ec1wdtiNv62r7zeYR8Y=' 'sha256-LKmlw3v4CFzgeN+XYEr7JfvAcrGC1rFraddkfcV2YJs=' 'sha256-Jk9zNLPj8BEWlgzZFMjK/cCBRQgC7MT18vpBeP2LLH4=' 'nonce-yyFiecQSTpoMCDDjptyLUDFl7SbZ5Di70DQCHuq7kas='; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=139d32aa-3a40-4af1-b1b7-aa149fac9779 1
child-src 'self'  data:  *.adaptec.com *.admin-magazin.de *.ekomi.de *.google.at *.google.ch *.google.com *.google.cz *.google.de *.google.es *.google.lu *.google.pt *.google.pl *.googlesyndication.com *.googleadservices.com *.it-administrator.de *.online-usv.de *.supermicro.com *.thomas-krenn.com *.thomas-krenn.ch *.vmware.com *.wikipedia.org *.xortex.com *.youtube.com *.doubleclick.net *.pingdom.net *.ups.com;default-src 'self' data:  *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.thomas-krenn.com *.thomas-krenn.ch *.xortex.com *.youtube.com *.doubleclick.net *.optimizely.com *.pingdom.net *.ups.com;img-src 'self' data: blob:  *.bing.com *.ekomi.de *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.ba *.google.be *.google.bg *.google.bj *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cn *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.uk *.google.co.ve *.google.co.za *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.sa *.google.com.sg *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gl *.google.gr *.google.hr *.google.hu *.google.ie *.google.iq *.google.is *.google.it *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.google.tg *.google.tm *.google.tn *.google.tt *.googleadservices.com *.googleapis.com *.googlesyndication.com *.olidata.com *.pingdom.net *.thomas-krenn.com *.thomas-krenn.ch *.xortex.com *.youtube.com bat.r.msn.com *.gstatic.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.bing.com *.ekomi.de *.google.at *.google.co.uk *.google.com *.google.de *.google.ie *.google.fr *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.pingdom.net *.salesforceliveagent.com *.thomas-krenn.com *.thomas-krenn.ch *.xortex.com *.google-analytics.com *.doubleclick.net *.optimizely.com;style-src 'self' 'unsafe-inline'  *.thomas-krenn.com *.thomas-krenn.ch *.xortex.com;report-uri /redx/ext/contentsecuritypolicy/report.php; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.afdb.org/?eID=error 1
frame-src 'self' https://*.gryps.ch https://*.googletagmanager.com https://*.gryps.ch https://disqus.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com https://*.twitter.com https://www.youtube.com; frame-ancestors 'self'; report-uri https://bexio.report-uri.io/r/default/csp/enforce; 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f392d74b-c2c0-4511-ae81-3390661cae78 1
default-src * data: blob: filesystem: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; script-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; style-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; object-src 'none'; img-src 'self' https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com data:; media-src https://cdn.myanonamouse.net https://www.myanonamouse.net https://myanonamouse.net https://webirc.myanonamouse.net https://www.gstatic.com; block-all-mixed-content; 1
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 1
script-src 'self' *.visual-paradigm.com *.google-analytics.com  *.recaptcha.net *.gstatic.cn *.google.com *.gstatic.com *.googleapis.com graph.facebook.com share.yandex.ru *.tawk.to *.addthis.com *.addthisedge.com *.linkedin.com cdn.jsdelivr.net *.cloudfront.net 'unsafe-inline' 'unsafe-eval' 1
default-src none; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com/iframe_api https://piwik.wu.ac.at https://ajax.googleapis.com https://maps.googleapis.com https://*.newrelic.com https://*.nr-data.net https://platform.twitter.com https://connect.facebook.net https://*.vo.msecnd.net/ https://newsletter.wu.ac.at/ https://analytics-eu.clickdimensions.com/; style-src 'self' 'unsafe-inline' https://piwik.wu.ac.at/ https://fonts.googleapis.com https://*.vo.msecnd.net/; frame-src https:; frame-ancestors 'self' http://*.coe.at https://piwik.wu.ac.at/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://bach.wu.ac.at https://apps.wu.ac.at; form-action 'self' https:; media-src 'self'; object-src 'self' 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d6440b96-f96e-458c-8a32-27192d1e0223 1
frame-ancestors 'self' *.transangels.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ytimg.com https://*.ytimg.com http://ytimg.com http://*.ytimg.com https://youtube.com https://*.youtube.com http://youtube.com http://*.youtube.com https://yandex.ru https://*.yandex.ru http://yandex.ru http://*.yandex.ru https://yandex.net https://*.yandex.net http://yandex.net http://*.yandex.net https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net http://*.yandexadexchange.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st liveinternet.ru *.liveinternet.ru mail.ru *.mail.ru imgsmail.ru *.imgsmail.ru *.top100.ru top100.ru *.uralweb.ru uralweb.ru ; object-src 'self' https://yandex.ru https://*.yandex.ru http://yandex.ru http://*.yandex.ru https://yandex.net https://*.yandex.net http://yandex.net http://*.yandex.net https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net http://*.yandexadexchange.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st ; style-src 'self' 'unsafe-inline' * data: https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st; img-src * data: https:; media-src 'self' blob: * https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandex.net https://*.yandex.net http://yandex.net http://*.yandex.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st ; child-src 'self' https://youtube.com https://*.youtube.com http://youtube.com http://*.youtube.com https://yandex.ru https://*.yandex.ru http://yandex.ru http://*.yandex.ru https://yandex.net https://*.yandex.net http://yandex.net http://*.yandex.net https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net http://*.yandexadexchange.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st mail.ru *.mail.ru ; font-src 'self' data: http://gstatic.com http://*.gstatic.com https://gstatic.com https://*.gstatic.com; connect-src 'self' https://yandex.ru https://*.yandex.ru http://yandex.ru http://*.yandex.ru https://yandex.net https://*.yandex.net http://yandex.net http://*.yandex.net https://yastatic.net https://*.yastatic.net http://yastatic.net http://*.yastatic.net https://yandexadexchange.net https://*.yandexadexchange.net http://yandexadexchange.net http://*.yandexadexchange.net https://yandex.st https://*.yandex.st http://yandex.st http://*.yandex.st mail.ru *.mail.ru *.rambler.ru rambler.ru ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' authentication.me  *.authentication.me https://*.softok.info https://installpack.net http://*.servtodown.ru https://*.servtodown.ru *.jquery.com jquery.com *.disqus.com https://*.disqus.com https://disqus.com disqus.com *.disquscdn.com https://*.disquscdn.com https://disquscdn.com disquscdn.com *.vk.com https://*.vk.com https://vk.com vk.com *.facebook.com https://*.facebook.com https://facebook.com facebook.com *.facebook.net https://*.facebook.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.addthis.com addthis.com *.doubleclick.net https://*.doubleclick.net https://doubleclick.net doubleclick.net *.yandex.ru https://*.yandex.ru https://yandex.ru yandex.ru https://ymetrica.com https://*.webvisor.org *.googlesyndication.com https://*.googlesyndication.com https://googlesyndication.com googlesyndication.com *.googletagservices.com https://*.googletagservices.com https://googletagservices.com googletagservices.com *.googleadservices.com https://*.googleadservices.com https://googleadservices.com googleadservices.com https://adservice.google.com.ua *.gstatic.com https://*.gstatic.com https://gstatic.com gstatic.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com google-analytics.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com publisherconsole.appspot.com *.google.com https://*.google.com https://google.com google.com http://*.google.ru https://fonts.googleapis.com  http://fonts.googleapis.com *.googletagmanager.com http://*.doubleclick.net https://*.doubleclick.net *.youtube.com https://*.youtube.com https://youtube.com youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com www.youtube-nocookie.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' softok.info *.softok.info https://secure.gravatar.com data: *; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.softok.info data: *;media-src 'self' 'unsafe-inline' 'unsafe-eval' softok.info *.softok.info mediastream: *; report-uri /csp 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cd814b63-38a5-4b6a-86a1-100454ac2c39 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=bb26f8c6-057c-470e-a75f-262b5e61d782 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.youtube.com s.ytimg.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com www.googletagmanager.com *.doubleclick.net flex.msn.com bat.bing.com dvrt.t101.com *.adtech.de *.adtech.advertising.com *.adtech.us.com *.adtech.jp.com *.inspectlet.com unpkg.com recon-static.t101cdn.net www.recon.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com recon-static.t101cdn.net www.recon.com;img-src 'self' data: blob: www.google-analytics.com *.adtech.de *.adtech.advertising.com *.adtech.us.com *.adtech.jp.com dvrt.t101.com *.g.doubleclick.net www.googleadservices.com www.google.com www.google.co.uk www.google.com.au www.google.com.fr www.google.ie www.google.com.ie www.google.com.nl www.google.com.ca www.google.com.es www.google.com.de www.gstatic.com *.r.msn.com bat.bing.com *.r.bat.bing.com recon-images.t101cdn.net recon-static.t101cdn.net images.email.recon.com *.inspectlet.com www.recon.com;media-src 'self' recon-static.t101cdn.net www.recon.com;frame-src www.youtube.com;font-src 'self' fonts.gstatic.com sxt.cdn.skype.com recon-static.t101cdn.net www.recon.com;connect-src 'self' tlsversiontest.t101api.com www.google-analytics.com stats.g.doubleclick.net *.inspectlet.com wss://*.inspectlet.com *.t101api.com recon-static.t101cdn.net www.recon.com;frame-ancestors 'none';report-uri https://t101.report-uri.com/r/d/csp/enforce 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; form-action 'self'; report-uri https://nightstand.io/i/csp.php?uid=LMvq6WU8E1k&key=BJrm4PowLkc 1
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=79bf9447-b9a1-4356-a728-adab4c7abb34 1
default-src 'self' https: blob:; child-src * blob:; connect-src 'self' https: wss: *.amap.com *.inspectlet.com; font-src 'self' data: *.muscache.com fonts.gstatic.com use.typekit.net; img-src 'self' https: data: *.inspectlet.com; media-src 'self' https:; script-src 'self' 'unsafe-eval' a0.muscache.com cdn.siftscience.com ss.musthird.com t1.musthird.com bat.bing.com connect.facebook.net www.google-analytics.com www.googleadservices.com tpc.googlesyndication.com www.googletagmanager.com a.cdn.intentmedia.net maps.googleapis.com ajax.googleapis.com *.g.doubleclick.net www.google.com www.gstatic.com smartlock.google.com accounts.google.com app.link cdn.branch.io api.branch.io bam.nr-data.net js-agent.newrelic.com sslwidget.criteo.com static.criteo.net dis.criteo.com widget.us.criteo.com *.gbc.criteo.net ethn.io s.yimg.jp api.geetest.com blob: webapi.amap.com restapi.amap.com *.inspectlet.com 'nonce-f581e5845729fed1a7f376172911a9' 'sha256-URqFTNitDSE01K1xklErUlKT93/P4FXStf52o8BhcLY=' 'unsafe-inline' 'sha256-MpazfMshcY6jCzxk0aJDh9l3iXoBw8r+eMO58JLTkRQ=' 'sha256-D9Mz5Ys1Opv52C2fjJU4eS9qDZpG9+Ywz5rQPUyxngQ='; style-src 'self' https: 'unsafe-inline'; report-uri /tracking/csp?action=show&controller=homepages&report_only=false&req_uuid=f52348d9-353a-44f4-89f3-55bc7cc681c3&version=df507506fab90b586a0c098cfae7b9995f2450e7 1
frame-ancestors  aplikace.rozhlas.cz 'self'; 1
connect-src 'self' *.novoresume.com connect.facebook.net https://widget.trustpilot.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: *.novoresume.com fonts.gstatic.com *.googleapis.com; frame-src 'self' *.novoresume.com *.googleapis.com *.google.com https://widget.trustpilot.com https://player.vimeo.com; img-src 'self' data: *.novoresume.com csi.gstatic.com *.doubleclick.net *.google.com *.google-analytics.com connect.facebook.net *.googleadservices.com www.facebook.com t.co; media-src 'self' *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' trackcmp.net *.novoresume.com *.google.com *.google-analytics.com *.googleadservices.com connect.facebook.net www.googletagmanager.com *.doubleclick.net www.facebook.com static.ads-twitter.com analytics.twitter.com https://widget.trustpilot.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' *.novoresume.com *.googleapis.com 1
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' http://banalyze.net  https://banalyze.net http://bodyclick.net https://bodyclick.net https://clcktms.ru http://xxx-hunt-m.com https://xxx-hunt-m.com http://ejywtxa2agahkqt.ru https://ejywtxa2agahkqt.ru https://efbvrlg6dnjyllx.ru http://fbbamvq2fdinvtx.ru https://fbbamvq2fdinvtx.ru https://hmqzhs0csdealn.ru https://ekkhgwp5atpuxdq.ru https://adultadv.ru/ http://pftfk.com https://pftfk.com https://xxx-hunt-er.xyz https://tools.bongacams.com http://tools.bongacams.com http://bongacams.com http://xxx-hunt-er.xyz http://twoadv.ru https://twoadv.ru  https://bongacams.com https://*.bongacams.com http://*.twitter.com http://twitter.com https://*.twitter.com https://twitter.com  https://*.facebook.net http://*.facebook.net https://*.facebook.com http://*.facebook.com http://*.googleapis.com https://*.googleapis.com https://google.com http://google.com https://*.google.com http://*.google.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.google-analytics.com https://*.google-analytics.com http://vk.com https://vk.com https://*.vk.com http://*.vk.com https://*.ok.ru http://*.ok.ru http://*.mail.ru https://*.mail.ru http://www.odnoklassniki.ru https://www.odnoklassniki.ru;img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:;media-src *;font-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ok.ru http://*.ok.ru http://*.mail.ru https://*.mail.ru http://www.odnoklassniki.ru https://www.odnoklassniki.ru http://vk.com https://vk.com https://*.vk.com http://*.vk.com http://*.googleapis.com https://*.googleapis.com https://google.com http://google.com https://*.google.com http://*.google.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.google-analytics.com https://*.google-analytics.com https://*.facebook.net http://*.facebook.net https://*.facebook.com http://*.facebook.com http://*.twitter.com http://twitter.com https://*.twitter.com https://twitter.com https://mp-https.info http://MPAY69.COM http://mpay69.biz https://xxx-hunt-m.com http://xxx-hunt-m.com http://plusadv.ru https://clcktms.ru https://adultadv.ru/ http://pftfk.com https://pftfk.com https://bongacams.com https://*.bongacams.com https://efbvrlg6dnjyllx.ru http://ejywtxa2agahkqt.ru https://ejywtxa2agahkqt.ru https://plusadv.ru https://hmqzhs0csdealn.ru https://ekkhgwp5atpuxdq.ru http://goldadv2.ru https://goldadv2.ru http://bongacams.com https://tools.bongacams.com http://tools.bongacams.com https://xxx-hunt-er.xyz http://xxx-hunt-er.xyz http://twoadv.ru https://twoadv.ru https://fbbamvq2fdinvtx.ru http://fbbamvq2fdinvtx.ru https://golayazv.com http://*.golayazv.com https://bodyclick.net http://bodyclick.net http://banalyze.net  https://banalyze.net   ; connect-src *; object-src *;report-uri /csp.php 1
default-src 'self' http://www.googletagmanager.com https://www.clicktochat.cl https://www.googleadservices.com/ https://clickserv.sitescout.com/ https://pixel.sitescout.com/ https://ds-aksb-a.akamaihd.net https://ajax.aspnetcdn.com https://geoportalclaro.maps.arcgis.com https://ds-aksb-a.akamaihd.net/aksb.min.js https://www.google.cl/ https://uscollector.tealeaf.ibmcloud.com/ http://servicios.fidelis.cl/ https://clarochile.custhelp.com/ https://www.clarochile.cl/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://www.youtube.com/ https://maxcdn.bootstrapcdn.com https://www.google.com/ https://googleads.g.doubleclick.net/ http://ajax.aspnetcdn.com/ http://geoportalclaro.maps.arcgis.com https://www.portateahora.cl/ http://*.google.com http://*.doubleclick.net http://*.hotjar.com http://*.gstatic.com http://*.googleapis.com http://*.clarovideo.net http://*.claromusica.com http://*.facebook.com http://*.facebook.net http://www.claromusica.com http://*.clarochile.cl http://www.google-analytics.com data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' https://www.homebank.kz https://homebank.kz https://cdn.homebank.kz *.zopim.com https://static.zdassets.com *.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googletagmanager.com api-maps.yandex.ru *.yandex.net 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data:; 1
frame-ancestors https://www.relianceetf.com/ 1
default-src 'self' https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net; 1
frame-ancestors 'self' http://www.galaxyclub.cn https://www.galaxyclub.cn 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 1
frame-ancestors 4over.com *.4over.com *.authorize.net;” 1
frame-ancestors https://www.stellamccartney.com/ https://www.stellamccartney.com/ ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.social; img-src 'self' https: data: blob: https://mastodon.social; style-src 'self' 'unsafe-inline' https://mastodon.social; media-src 'self' https: data: https://mastodon.social; frame-src 'self' https:; manifest-src 'self' https://mastodon.social; connect-src 'self' blob: https://mastodon.social wss://mastodon.social; script-src 'self' https://mastodon.social 1
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ae  ; frame-src 'self' *.indeed.com *.indeed.ae https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ae d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log; 1
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com 'self'; style-src https://*.hushmail.com https://hushforms.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://frstre.com https://tapfiliate.com https://hushforms.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://j